From 3e630ee0ad616d4226ce8aefcc23f26dd7787dd7 Mon Sep 17 00:00:00 2001
From: jdl <jdl@private.local>
Date: Sun, 14 Jun 2026 09:04:41 +0200
Subject: [PATCH] Audit changes

---
 hub/errs/db.go             |  2 ++
 hub/errs/types.go          |  1 +
 peer/multicast/receiver.go | 25 ++++++++++++++-----------
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/hub/errs/db.go b/hub/errs/db.go
index 5c12cee..9ea8f70 100644
--- a/hub/errs/db.go
+++ b/hub/errs/db.go
@@ -27,6 +27,8 @@ func DB(err error) error {
 		switch se.ExtendedCode {
 		case sqlite3.ErrConstraintUnique, sqlite3.ErrConstraintPrimaryKey:
 			return ErrAlreadyExists
+		case sqlite3.ErrConstraintForeignKey, sqlite3.ErrConstraintCheck:
+			return ErrConstraint
 		}
 	}
 
diff --git a/hub/errs/types.go b/hub/errs/types.go
index 6ba9b1f..07d6fba 100644
--- a/hub/errs/types.go
+++ b/hub/errs/types.go
@@ -30,6 +30,7 @@ var (
 	ErrInvalidNetName  = BadRequest.WithMsg("Invalid network name.")
 	ErrNetNameNotLocal = BadRequest.WithMsg("Network name must end with .local.")
 	ErrInvalidPeerName = BadRequest.WithMsg("Invalid peer name.")
+	ErrConstraint      = BadRequest.WithMsg("Constraint error.")
 )
 
 // ----------------------------------------------------------------------------
diff --git a/peer/multicast/receiver.go b/peer/multicast/receiver.go
index 0ceae23..b5027be 100644
--- a/peer/multicast/receiver.go
+++ b/peer/multicast/receiver.go
@@ -12,15 +12,7 @@ import (
 )
 
 func Receiver(selfVPNIP netip.Addr, ch chan<- Packet) {
-	limiters := make([]*ratelimiter.Limiter, 256)
-	for i := range limiters {
-		limiters[i] = ratelimiter.New(ratelimiter.Config{
-			BurstLimit:   1,
-			FillPeriod:   broadcastInterval / 2,
-			MaxWaitCount: 0,
-		})
-	}
-
+	limiters := map[netip.Addr]*ratelimiter.Limiter{}
 	for {
 		if err := receiver(selfVPNIP, limiters, ch); err != nil {
 			log.Printf("[MCReader] %v", err)
@@ -29,7 +21,7 @@ func Receiver(selfVPNIP netip.Addr, ch chan<- Packet) {
 	}
 }
 
-func receiver(selfVPNIP netip.Addr, limiters []*ratelimiter.Limiter, ch chan<- Packet) error {
+func receiver(selfVPNIP netip.Addr, limiters map[netip.Addr]*ratelimiter.Limiter, ch chan<- Packet) error {
 	selfIP := selfVPNIP.As4()[3]
 
 	addr := multicastAddr(selfVPNIP)
@@ -69,7 +61,18 @@ func receiver(selfVPNIP netip.Addr, limiters []*ratelimiter.Limiter, ch chan<- P
 			continue
 		}
 
-		if err := limiters[packet.PeerIP].Limit(); err != nil {
+		srcAddr := src.Addr().Unmap()
+		lim, ok := limiters[srcAddr]
+		if !ok {
+			lim = ratelimiter.New(ratelimiter.Config{
+				BurstLimit:   1,
+				FillPeriod:   broadcastInterval / 2,
+				MaxWaitCount: 0,
+			})
+			limiters[srcAddr] = lim
+		}
+
+		if err := lim.Limit(); err != nil {
 			log.Printf("Rate limited packet from peer IP %d.", packet.PeerIP)
 			continue
 		}