Clarify tree protocol runtime and routing

Document the hook lifecycle, ingress rules, and longest-prefix routing behavior so the tree endpoint code is easier to follow. Keep the pass behavior-neutral while tightening local names and comments around non-obvious protocol paths.
2026-06-09 06:47:59 -06:00 · 2026-04-25 13:34:18 -06:00
parent d7a5a5d0e5
commit 9895248bbf
9 changed files with 152 additions and 35 deletions
@@ -61,6 +61,8 @@ impl ProtocolEndpoint {
        };

        if active.peer_path != header.src_path {
+            // A reused hook id from the wrong peer is treated as terminal for this hook,
+            // because the endpoint can no longer trust future traffic on it.
            self.hooks.remove_active(&key);
            return Ok(EndpointOutcome::event(LocalEvent::Fault {
                header: PacketHeader {
@@ -77,6 +79,7 @@ impl ProtocolEndpoint {
        }

        if active.procedure_id != message.procedure_id {
+            // Data frames stay bound to the procedure chosen by the original call.
            return Ok(EndpointOutcome::dropped());
        }

@@ -127,6 +130,8 @@ impl ProtocolEndpoint {
    pub(crate) fn valid_source_for_ingress(&self, ingress: &Ingress, src_path: &[String]) -> bool {
        match ingress {
            Ingress::Parent => {
+                // Parent ingress may carry packets from ancestors, siblings, or the endpoint
+                // itself, but not from descendants pretending to be upstream.
                if src_path.len() < self.path.len() {
                    return true;
                }