ddidderr/softlan-vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
756ba5f0946872627b75457b05442ec78d5b2370
softlan-vpn/crates
T
History
ddidderr 756ba5f094 fix(relay): filter remote DHCPv6 server replies 
The MVP safety policy says remote clients must not inject DHCP server replies
onto the LAN. The relay enforced that for IPv4 DHCP, but DHCPv6 uses UDP
547 -> 546 over IPv6 and was not covered by the existing check.

Split the DHCP server-reply predicate into IPv4 and IPv6 paths. The IPv6 path
reuses the extension-header walker so server replies hidden behind ordinary IPv6
extension headers are still treated as unsafe. Keep client DHCPv6 requests
allowed, and continue allowing LAN-origin DHCPv6 replies to flow back to remote
clients.

Test Plan:
- cargo fmt --check
- cargo test -p lanparty-relay
- cargo test --workspace
- cargo clippy --workspace --all-targets -- -D warnings
- git diff --check

Refs: MVP relay L2 safety filters
2026-05-21 23:30:52 +02:00
..
lanparty-client-core
feat(client): report relay RTT diagnostics
2026-05-21 23:00:18 +02:00
lanparty-client-route
feat(client): report TAP IP in diagnostics
2026-05-21 20:20:55 +02:00
lanparty-client-tap
feat(client): persist TAP MAC identity
2026-05-21 21:21:47 +02:00
lanparty-client-win
feat(client): list TAP adapters before connecting
2026-05-21 23:14:50 +02:00
lanparty-ctrl
feat(ctrl): report connection mode in welcome
2026-05-21 21:43:44 +02:00
lanparty-gateway
fix(gateway): validate LAN interface before relay join
2026-05-21 23:19:26 +02:00
lanparty-net
feat(net): accept relay hostnames
2026-05-21 21:40:00 +02:00
lanparty-obs
feat(client): report relay RTT diagnostics
2026-05-21 23:00:18 +02:00
lanparty-proto
feat(proto): validate negotiated datagram budgets
2026-05-21 22:03:15 +02:00
lanparty-relay
fix(relay): filter remote DHCPv6 server replies
2026-05-21 23:30:52 +02:00