ddidderr/softlan-vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3e2648abc18ba69fff917e6d7aba8d71b94044e1
softlan-vpn/README.md
T
ddidderr 3e2648abc1 feat(client): scope TAP interface MTU while running 
The Windows client now sets the TAP IP-interface MTU to the relay-selected MTU
before it starts bridging frames. The override is scoped like the existing
metric and default-route guards, so the previous MTU is restored when the
client exits.

The route crate now exposes `InterfaceMtuSnapshot` and `ScopedInterfaceMtu`
around `MIB_IPINTERFACE_ROW.NlMtu`, reusing the same `GetIpInterfaceEntry` and
`SetIpInterfaceEntry` path already used for metrics and default-route policy.
IPv4 MTU setup is required for startup, while IPv6 MTU setup is best-effort to
match the existing IPv6 route-protection behavior.

This intentionally leaves TAP MAC configuration as fail-fast. TAP-Windows6 does
not expose a matching set-MAC IOCTL in the driver header, so that should remain
a separate design decision.

Test Plan:
- cargo fmt --check
- cargo test -p lanparty-client-route
- cargo test -p lanparty-client-win
- cargo clippy -p lanparty-client-route -p lanparty-client-win --all-targets
  -- -D warnings
- cargo check -p lanparty-client-route --target x86_64-pc-windows-gnu
- cargo test --workspace
- cargo clippy --workspace --all-targets -- -D warnings
- git diff --check
- cargo check -p lanparty-client-win --target x86_64-pc-windows-gnu
  (fails before this crate in ring: missing x86_64-w64-mingw32-gcc)

Refs: PLAN.md
2026-05-21 20:00:58 +02:00

6.0 KiB
Raw Blame History

softlan-vpn

Monorepo for a Layer 2 over QUIC LAN party bridge.

Workspace crates

  • lanparty-proto: shared frame format, MAC validation, MTU helpers.
  • lanparty-ctrl: control-plane messages (join/hello/role/version).
  • lanparty-obs: shared diagnostics/logging event models.
  • lanparty-client-core: platform-agnostic client session state.
  • lanparty-client-route: Windows relay-route inspection.
  • lanparty-client-tap: TAP-Windows6 adapter discovery and frame I/O.
  • lanparty-client-win: Windows TAP + route/metric handling binary.
  • lanparty-gateway: Linux AF_PACKET gateway binary.
  • lanparty-relay: public QUIC relay binary.

lanparty-proto

Transport-agnostic tunnel contract shared by all binaries:

  • overlay datagram header encoding and decoding
  • Ethernet frame header parsing
  • MAC address parsing and identity validation
  • QUIC datagram to TAP MTU budget helpers

lanparty-ctrl

Reliable control-plane schema shared by the QUIC stream handlers:

  • endpoint hello messages with role, room, MAC, and datagram budget
  • server welcome, reject, peer lifecycle, stats, and disconnect messages
  • room-code, role/MAC, peer-id, and effective-MTU validation
  • length-prefixed JSON control frames for reliable QUIC streams

lanparty-obs

Shared diagnostics and structured logging vocabulary:

  • gateway/relay frame logs with MACs, ethertype, length, peer, and action
  • tunnel counters shared by control messages and runtime diagnostics
  • client connectivity/TAP diagnostics and user-facing status messages

lanparty-client-core

Platform-neutral remote client relay session:

  • relay QUIC connection with pinned relay certificate trust
  • client hello with room, virtual MAC, and datagram budget
  • welcome/reject handling with assigned peer id and effective TAP MTU
  • Ethernet frame send/receive helpers over QUIC DATAGRAM

lanparty-client-route

Windows route-table boundary:

  • read-only best-route lookup for a relay destination IP
  • selected source address, next hop, interface index/LUID, prefix, and metric
  • interface index/LUID lookup from Windows network adapter GUIDs
  • scoped IP interface MTU overrides with restore-on-drop behavior
  • scoped IP interface metric overrides with restore-on-drop behavior
  • scoped default-route suppression with restore-on-drop behavior
  • scoped host-route pinning for the relay IP on the pre-TAP interface
  • non-Windows builds return a clear unsupported-platform error

lanparty-client-tap

Windows TAP adapter boundary:

  • TAP-Windows6 adapter discovery from the Windows network adapter registry
  • \\.\Global\{NetCfgInstanceId}.tap device path construction
  • blocking Ethernet frame reads/writes through the TAP device handle
  • TAP driver IOCTL helpers for media status, adapter MAC, and MTU

lanparty-relay

Public relay binary and relay-owned room state:

  • QUIC endpoint binding and first-stream hello/welcome admission
  • room admission for clients and gateways
  • one gateway per room, duplicate client MAC rejection, and room limits
  • stable effective room MTU chosen before Ethernet datagrams flow
  • live Ethernet datagram forwarding with no ingress reflection
  • L2 safety filters for jumbo, switch-control, DHCP-server, and IPv6-RA frames
  • client broadcast/multicast, unknown-unicast, and total bandwidth limiting
  • malformed peer datagram disconnect threshold
  • peer leave cleanup for room membership and MAC indexes

Build

cargo check --workspace

Relay

cargo run -p lanparty-relay -- --listen 443/udp --dev-cert-der-out relay-cert.der

--listen accepts either a socket address or a UDP port shorthand such as 443/udp. The relay binds a QUIC endpoint, accepts a control-stream hello, replies with welcome or reject, and forwards live Ethernet QUIC datagrams between accepted peers in the same room. It currently uses a generated self-signed development certificate; --dev-cert-der-out writes that certificate so the gateway and client can pin it in development. Production certificate handling remains future work. Ethernet forwarding decisions are logged with room, peer, MAC, ethertype, action, drop reason, and target count.

Gateway

cargo run -p lanparty-gateway -- \
  --relay 203.0.113.10:443 \
  --server-name lanparty-relay.local \
  --relay-ca-cert relay-cert.der \
  --room ROOM1 \
  --interface eth0

The gateway connects to the relay as role = gateway, completes the control-stream hello/welcome handshake, opens an AF_PACKET socket on the LAN interface with promiscuous packet membership, and bridges Ethernet frames between the relay and wired LAN until shutdown. It tracks remote-client source MACs seen from relay traffic and periodically emits small CAM refresh frames so the physical switch keeps those MACs associated with the gateway port.

Windows Client

cargo run -p lanparty-client-win -- \
  --relay 203.0.113.10:443 \
  --server-name lanparty-relay.local \
  --relay-ca-cert relay-cert.der \
  --room ROOM1

The Windows client binary currently connects to the relay as role = client with a generated locally administered virtual MAC persisted in lanparty-client-identity.json, completes the control-stream hello/welcome handshake, pins a host route for the relay IP on the current pre-TAP interface, verifies that the relay route still uses that pinned host route after TAP activation, and then bridges Ethernet frames between the relay and the first TAP-Windows6 adapter until shutdown. --virtual-mac can still override the stored identity for manual testing. On Windows it sets the TAP IP interface MTU to the relay-selected MTU, marks the TAP media connected, and reports the driver MAC/MTU before forwarding frames, along with the TAP interface index/LUID. The client applies a scoped TAP interface metric and disables TAP default routes while it runs, periodically rechecks that the relay route remains pinned, then restores the previous route policy on exit. Until automatic TAP MAC configuration is wired, startup fails before bridging if the driver-reported MAC does not match the tunnel identity.

Reference in New Issue View Git Blame Copy Permalink