feat(relay): disconnect peers after malformed datagrams
The relay now tracks malformed datagrams per accepted peer and closes the QUIC connection after a small threshold. Malformed overlay bytes, datagrams with the wrong room/peer/type header, and malformed Ethernet payloads all count toward that threshold. This implements the malformed-packet disconnect part of PLAN.md without mixing in broader bandwidth or broadcast rate limiting. Ordinary safety-filter drops still remain non-fatal; this only targets peers that repeatedly send packets the relay cannot treat as valid tunnel Ethernet traffic. The threshold state lives in the relay server loop, while the forwarding helper returns a small outcome enum so malformed classification stays testable without running a full QUIC server. The room registry remains responsible for Ethernet policy decisions such as unauthorized source MACs, jumbo frames, and control plane filters. Test Plan: - cargo fmt --check - cargo test -p lanparty-relay - cargo clippy -p lanparty-relay --all-targets -- -D warnings - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md
This commit is contained in:
@@ -80,6 +80,7 @@ Public relay binary and relay-owned room state:
|
||||
- stable effective room MTU chosen before Ethernet datagrams flow
|
||||
- live Ethernet datagram forwarding with no ingress reflection
|
||||
- L2 safety filters for jumbo, switch-control, DHCP-server, and IPv6-RA frames
|
||||
- malformed peer datagram disconnect threshold
|
||||
- peer leave cleanup for room membership and MAC indexes
|
||||
|
||||
## Build
|
||||
|
||||
Reference in New Issue
Block a user