# softlan-vpn Monorepo for a Layer 2 over QUIC LAN party bridge. ## Workspace crates - `lanparty-proto`: shared frame format, MAC validation, MTU helpers. - `lanparty-ctrl`: control-plane messages (join/hello/role/version). - `lanparty-obs`: shared diagnostics/logging event models. - `lanparty-client-core`: platform-agnostic client session state. - `lanparty-client-win`: Windows TAP + route/metric handling binary. - `lanparty-gateway`: Linux AF_PACKET gateway binary. - `lanparty-relay`: public QUIC relay binary. ### `lanparty-proto` Transport-agnostic tunnel contract shared by all binaries: - overlay datagram header encoding and decoding - Ethernet frame header parsing - MAC address parsing and identity validation - QUIC datagram to TAP MTU budget helpers ### `lanparty-ctrl` Reliable control-plane schema shared by the QUIC stream handlers: - endpoint hello messages with role, room, MAC, and datagram budget - server welcome, reject, peer lifecycle, stats, and disconnect messages - room-code, role/MAC, peer-id, and effective-MTU validation - length-prefixed JSON control frames for reliable QUIC streams ### `lanparty-obs` Shared diagnostics and structured logging vocabulary: - gateway/relay frame logs with MACs, ethertype, length, peer, and action - tunnel counters shared by control messages and runtime diagnostics - client connectivity/TAP diagnostics and user-facing status messages ### `lanparty-relay` Public relay binary and relay-owned room state: - QUIC endpoint binding and first-stream hello/welcome admission - room admission for clients and gateways - one gateway per room, duplicate client MAC rejection, and room limits - stable effective room MTU chosen before Ethernet datagrams flow - live Ethernet datagram forwarding with no ingress reflection - L2 safety filters for jumbo, switch-control, DHCP-server, and IPv6-RA frames - peer leave cleanup for room membership and MAC indexes ## Build ```bash cargo check --workspace ``` ## Relay ```bash cargo run -p lanparty-relay -- --listen 443/udp ``` `--listen` accepts either a socket address or a UDP port shorthand such as `443/udp`. The relay binds a QUIC endpoint, accepts a control-stream `hello`, replies with `welcome` or `reject`, and forwards live Ethernet QUIC datagrams between accepted peers in the same room. It currently uses a generated self-signed development certificate; production certificate and client trust handling remain future work. ## Gateway ```bash cargo run -p lanparty-gateway -- \ --relay 203.0.113.10:443 \ --server-name lanparty-relay.local \ --relay-ca-cert relay-cert.der \ --room ROOM1 \ --interface eth0 ``` The gateway currently connects to the relay as `role = gateway`, completes the control-stream hello/welcome handshake, opens an AF_PACKET socket on the LAN interface, and then waits for shutdown. The frame bridge loop is not wired yet.