fix: address Copilot review comments and Windows build failure

TrentHouliston · TrentHouliston · commit 88933ed736e5 · 2026-06-03T16:06:45.000+10:00
- iovec/WSABUF: on Windows iov_base is CHAR* (not void*) and field
  order in WSABUF is reversed vs POSIX iovec, so replace void* casts
  with char* casts and switch aggregate-init to named-field assignment
- Discovery: update peer name and subscriptions before copying join_info
  so the NetworkJoin callback receives complete peer data in the
  handshake-before-announce path
- Discovery: set response_flags = SYN for newly discovered peers so the
  connection handshake starts immediately on first announce rather than
  waiting for a subsequent announce
- Reliability: validate packet_count before measuring RTT so malformed
  or stale ACKs cannot poison the retransmission timeout estimator
- NUClearNet: zero source before each recvfrom so stale bytes from a
  previous datagram of a different address family cannot corrupt the
  fragmentation assembly key
diff --git a/src/nuclearnet/Discovery.cpp b/src/nuclearnet/Discovery.cpp
@@ -165,8 +165,9 @@
 
                 auto it = peers.find(source);
                 if (it == peers.end()) {
-                    // New peer — record with announce_heard = true
-                    announce_result.is_new = true;
+                    // New peer — record with announce_heard = true and initiate handshake
+                    announce_result.is_new          = true;
+                    announce_result.response_flags  = SYN;
                     PeerInfo info;
                     info.name            = name;
                     info.address         = source;
@@ -180,15 +181,6 @@
                     auto& peer = it->second;
                     peer.last_seen = now;
 
-                    // Mark announce as heard (may trigger connection if data was already confirmed)
-                    if (!peer.announce_heard) {
-                        peer.announce_heard = true;
-                        if (peer.handshake == HandshakeState::CONFIRMED) {
-                            fire_join = true;
-                            join_info = peer;
-                        }
-                    }
-
                     // Update name if it was unknown (peer added via CONNECT before announce)
                     if (peer.name.empty()) {
                         peer.name = name;
@@ -200,6 +192,16 @@
                         subs_changed       = true;
                     }
 
+                    // Mark announce as heard (may trigger connection if data was already confirmed)
+                    // Name and subscriptions are updated first so join_info carries complete data
+                    if (!peer.announce_heard) {
+                        peer.announce_heard = true;
+                        if (peer.handshake == HandshakeState::CONFIRMED) {
+                            fire_join = true;
+                            join_info = peer;
+                        }
+                    }
+
                     // Determine retransmit flags based on handshake state
                     switch (peer.handshake) {
                         case HandshakeState::IDLE:
diff --git a/src/nuclearnet/NUClearNet.cpp b/src/nuclearnet/NUClearNet.cpp
@@ -268,10 +268,11 @@ namespace network {
             header.flags        = req.flags;
             header.hash         = req.hash;
 
-            std::array<iovec, 2> iov{{
-                {reinterpret_cast<void*>(&header), sizeof(DataPacket) - 1},                              // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
-                {const_cast<void*>(static_cast<const void*>(req.data.data())), req.data.size()},  // NOLINT(cppcoreguidelines-pro-type-const-cast)
-            }};
+            std::array<iovec, 2> iov{};
+            iov[0].iov_base = reinterpret_cast<char*>(&header);  // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
+            iov[0].iov_len  = static_cast<decltype(iov[0].iov_len)>(sizeof(DataPacket) - 1);
+            iov[1].iov_base = const_cast<char*>(reinterpret_cast<const char*>(req.data.data()));  // NOLINT(cppcoreguidelines-pro-type-const-cast,cppcoreguidelines-pro-type-reinterpret-cast)
+            iov[1].iov_len  = static_cast<decltype(iov[1].iov_len)>(req.data.size());
 
             send_iov(data_fd, req.target, iov.data(), static_cast<int>(iov.size()));
         }
@@ -320,10 +321,11 @@ namespace network {
                 const std::size_t offset   = static_cast<std::size_t>(i) * packet_mtu;
                 const std::size_t frag_len = std::min(static_cast<std::size_t>(packet_mtu), length - offset);
 
-                std::array<iovec, 2> iov{{
-                    {reinterpret_cast<void*>(&header), sizeof(DataPacket) - 1},                            // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
-                    {const_cast<void*>(static_cast<const void*>(payload + offset)), frag_len},  // NOLINT(cppcoreguidelines-pro-type-const-cast)
-                }};
+                std::array<iovec, 2> iov{};
+                iov[0].iov_base = reinterpret_cast<char*>(&header);  // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
+                iov[0].iov_len  = static_cast<decltype(iov[0].iov_len)>(sizeof(DataPacket) - 1);
+                iov[1].iov_base = const_cast<char*>(reinterpret_cast<const char*>(payload + offset));  // NOLINT(cppcoreguidelines-pro-type-const-cast,cppcoreguidelines-pro-type-reinterpret-cast)
+                iov[1].iov_len  = static_cast<decltype(iov[1].iov_len)>(frag_len);
 
                 send_iov(data_fd, dest, iov.data(), static_cast<int>(iov.size()));
             }
@@ -440,6 +442,7 @@ namespace network {
         // For the announce socket, MSG_DONTWAIT provides the same behavior on POSIX
         socklen_t source_len = 0;
         auto recv = [&]() {
+            source     = {};  // Clear stale bytes so different address families don't corrupt the assembly key
             source_len = sizeof(source.storage);
             return ::recvfrom(fd,
                               reinterpret_cast<char*>(buffer.data()),
diff --git a/src/nuclearnet/NUClearNet.hpp b/src/nuclearnet/NUClearNet.hpp
@@ -198,8 +198,8 @@ namespace network {
         /// Send a single contiguous buffer to a target
         void send_buf(fd_t fd, const sock_t& target, const uint8_t* data, std::size_t length) {
             std::array<iovec, 1> iov{};
-            iov[0].iov_base = const_cast<void*>(static_cast<const void*>(data));  // NOLINT(cppcoreguidelines-pro-type-const-cast)
-            iov[0].iov_len  = length;
+            iov[0].iov_base = const_cast<char*>(reinterpret_cast<const char*>(data));  // NOLINT(cppcoreguidelines-pro-type-const-cast,cppcoreguidelines-pro-type-reinterpret-cast)
+            iov[0].iov_len  = static_cast<decltype(iov[0].iov_len)>(length);
             send_iov(fd, target, iov.data(), 1);
         }
 
diff --git a/src/nuclearnet/Reliability.cpp b/src/nuclearnet/Reliability.cpp
@@ -74,18 +74,19 @@
 
             auto& tp = it->second;
 
+            // Validate that the ACK's packet_count matches our tracked packet before measuring RTT
+            // to prevent malformed/stale ACKs from poisoning the estimator
+            if (packet_count != tp.packet_count) {
+                return;
+            }
+
             // Update RTT estimate based on time since last send
             auto rtt = now - tp.last_send;
             {
                 const std::lock_guard<std::mutex> rtt_lock(rtt_mutex);
                 rtt_estimators[source].measure(rtt);
             }
 
-            // Validate that the ACK's packet_count matches our tracked packet
-            if (packet_count != tp.packet_count) {
-                return;
-            }
-
             // Update acked bitset
             bool all_acked = true;
             for (uint16_t i = 0; i < packet_count && i < tp.acked.size(); ++i) {
