From f288d3a1a99b4ec4314bdb11682ff7ba8902af77 Mon Sep 17 00:00:00 2001 From: ddidderr Date: Fri, 22 May 2026 08:10:49 +0200 Subject: [PATCH] fix(tap): read oversized frames for local drop accounting The Windows client reads TAP frames and then applies the same local safety path used for malformed, jumbo, over-MTU, and forbidden remote-client traffic. The read buffer was only one standard Ethernet frame long, which made an oversized TAP frame more likely to fail at the device-read boundary before the client could count and log the drop. Keep the accepted Ethernet-frame limit unchanged, but make the TAP read buffer large enough to receive oversized frames and let the existing safety checks reject them in the normal path. Document the distinction in the TAP crate summary. Test Plan: - cargo fmt --check - cargo test -p lanparty-client-tap -p lanparty-client-win - cargo check -p lanparty-client-tap --target x86_64-pc-windows-msvc - cargo clippy -p lanparty-client-tap -p lanparty-client-win \ --all-targets -- -D warnings - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check - git diff --cached --check Refs: MVP TAP drop diagnostics --- README.md | 1 + crates/lanparty-client-tap/src/lib.rs | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 309385f..72f7379 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,7 @@ Windows TAP adapter boundary: - TAP `NetworkAddress` registry configuration for the tunnel MAC identity - `\\.\Global\{NetCfgInstanceId}.tap` device path construction - blocking Ethernet frame reads/writes through the TAP device handle +- oversized TAP read buffering so jumbo frames can be counted and dropped - TAP driver IOCTL helpers for media status, adapter MAC, and MTU ### `lanparty-relay` diff --git a/crates/lanparty-client-tap/src/lib.rs b/crates/lanparty-client-tap/src/lib.rs index 60db060..403e1f4 100644 --- a/crates/lanparty-client-tap/src/lib.rs +++ b/crates/lanparty-client-tap/src/lib.rs @@ -12,7 +12,10 @@ pub const TAP_ADAPTER_KEY: &str = r"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}"; pub const TAP_DEVICE_PREFIX: &str = r"\\.\Global\"; pub const TAP_DEVICE_SUFFIX: &str = ".tap"; -pub const TAP_FRAME_BUFFER_LEN: usize = MAX_STANDARD_ETHERNET_FRAME_LEN; +/// Large enough to read oversized TAP frames so the client can account and drop +/// them in the normal frame-safety path instead of failing the device read. +pub const TAP_FRAME_BUFFER_LEN: usize = u16::MAX as usize; +const _: () = assert!(TAP_FRAME_BUFFER_LEN > MAX_STANDARD_ETHERNET_FRAME_LEN); const FILE_DEVICE_UNKNOWN: u32 = 0x0000_0022; const METHOD_BUFFERED: u32 = 0; const FILE_ANY_ACCESS: u32 = 0; @@ -189,7 +192,7 @@ mod tests { assert!(validate_tap_ethernet_frame(&valid).is_ok()); assert!(validate_tap_ethernet_frame(&valid[..13]).is_err()); - valid.resize(TAP_FRAME_BUFFER_LEN + 1, 0); + valid.resize(MAX_STANDARD_ETHERNET_FRAME_LEN + 1, 0); assert!(validate_tap_ethernet_frame(&valid).is_err()); }