ddidderr/softlan-vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(tap): read oversized frames for local drop accounting

Browse Source 
The Windows client reads TAP frames and then applies the same local safety path
used for malformed, jumbo, over-MTU, and forbidden remote-client traffic. The
read buffer was only one standard Ethernet frame long, which made an oversized
TAP frame more likely to fail at the device-read boundary before the client
could count and log the drop.

Keep the accepted Ethernet-frame limit unchanged, but make the TAP read buffer
large enough to receive oversized frames and let the existing safety checks
reject them in the normal path. Document the distinction in the TAP crate
summary.

Test Plan:
- cargo fmt --check
- cargo test -p lanparty-client-tap -p lanparty-client-win
- cargo check -p lanparty-client-tap --target x86_64-pc-windows-msvc
- cargo clippy -p lanparty-client-tap -p lanparty-client-win \
  --all-targets -- -D warnings
- cargo test --workspace
- cargo clippy --workspace --all-targets -- -D warnings
- git diff --check
- git diff --cached --check

Refs: MVP TAP drop diagnostics
This commit is contained in:
ddidderr
2026-05-22 08:10:49 +02:00
parent bee6e468bb
commit f288d3a1a9
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1
View File
@@ -93,6 +93,7 @@ Windows TAP adapter boundary:
- TAP `NetworkAddress` registry configuration for the tunnel MAC identity - TAP `NetworkAddress` registry configuration for the tunnel MAC identity
- `\\.\Global\{NetCfgInstanceId}.tap` device path construction - `\\.\Global\{NetCfgInstanceId}.tap` device path construction
- blocking Ethernet frame reads/writes through the TAP device handle - blocking Ethernet frame reads/writes through the TAP device handle
- oversized TAP read buffering so jumbo frames can be counted and dropped
- TAP driver IOCTL helpers for media status, adapter MAC, and MTU - TAP driver IOCTL helpers for media status, adapter MAC, and MTU
### `lanparty-relay` ### `lanparty-relay`
crates/lanparty-client-tap/src/lib.rs
+5 -2
View File
@@ -12,7 +12,10 @@ pub const TAP_ADAPTER_KEY: &str =
r"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}"; r"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}";
pub const TAP_DEVICE_PREFIX: &str = r"\\.\Global\"; pub const TAP_DEVICE_PREFIX: &str = r"\\.\Global\";
pub const TAP_DEVICE_SUFFIX: &str = ".tap"; pub const TAP_DEVICE_SUFFIX: &str = ".tap";
pub const TAP_FRAME_BUFFER_LEN: usize = MAX_STANDARD_ETHERNET_FRAME_LEN; /// Large enough to read oversized TAP frames so the client can account and drop
/// them in the normal frame-safety path instead of failing the device read.
pub const TAP_FRAME_BUFFER_LEN: usize = u16::MAX as usize;
const _: () = assert!(TAP_FRAME_BUFFER_LEN > MAX_STANDARD_ETHERNET_FRAME_LEN);
const FILE_DEVICE_UNKNOWN: u32 = 0x0000_0022; const FILE_DEVICE_UNKNOWN: u32 = 0x0000_0022;
const METHOD_BUFFERED: u32 = 0; const METHOD_BUFFERED: u32 = 0;
const FILE_ANY_ACCESS: u32 = 0; const FILE_ANY_ACCESS: u32 = 0;
@@ -189,7 +192,7 @@ mod tests {
assert!(validate_tap_ethernet_frame(&valid).is_ok()); assert!(validate_tap_ethernet_frame(&valid).is_ok());
assert!(validate_tap_ethernet_frame(&valid[..13]).is_err()); assert!(validate_tap_ethernet_frame(&valid[..13]).is_err());
valid.resize(TAP_FRAME_BUFFER_LEN + 1, 0); valid.resize(MAX_STANDARD_ETHERNET_FRAME_LEN + 1, 0);
assert!(validate_tap_ethernet_frame(&valid).is_err()); assert!(validate_tap_ethernet_frame(&valid).is_err());
} }