mirror
/
devilutionX-ZeroTierOne
mirror of https://github.com/diasurgical/ZeroTierOne.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP.

pull/1/head
Adam Ierymenko 10 years ago
parent
0da9a9a3e0
commit
8ef0e4bbaf
2 changed files with 4 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      node/IncomingPacket.cpp
  2. 15
      node/Path.hpp

13
node/IncomingPacket.cpp
Unescape View File

@ -211,11 +211,6 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
try {
const uint64_t now = RR->node->now();
if (!_path->rateGateHello(now)) {
TRACE("dropped HELLO from %s(%s): rate limiting circuit breaker for HELLO on this path tripped",source().toString().c_str(),_path->address().toString().c_str());
return true;
}
const uint64_t pid = packetId();
const Address fromAddress(source());
const unsigned int protoVersion = (*this)[ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION];
@ -258,14 +253,14 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
if (peer->identity() != id) {
// Identity is different from the one we already have -- address collision
unsigned char key[ZT_PEER_SECRET_KEY_LENGTH];
uint8_t key[ZT_PEER_SECRET_KEY_LENGTH];
if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) {
if (dearmor(key)) { // ensure packet is authentic, otherwise drop
TRACE("rejected HELLO from %s(%s): address already claimed",id.address().toString().c_str(),_path->address().toString().c_str());
Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append((uint8_t)Packet::VERB_HELLO);
outp.append((uint64_t)pid);
outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION);
outp.append((uint8_t)Packet::ERROR_IDENTITY_COLLISION);
outp.armor(key,true);
_path->send(RR,outp.data(),outp.size(),RR->node->now());
} else {
@ -296,7 +291,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
return true;
}
// Check identity proof of work
// Check that identity's address is valid as per the derivation function
if (!id.locallyValidate()) {
TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str());
return true;

15
node/Path.hpp
Unescape View File

@ -104,7 +104,6 @@ public:
Path() :
_lastOut(0),
_lastIn(0),
_lastHello(0),
_addr(),
_localAddress(),
_ipScope(InetAddress::IP_SCOPE_NONE)
@ -114,7 +113,6 @@ public:
Path(const InetAddress &localAddress,const InetAddress &addr) :
_lastOut(0),
_lastIn(0),
_lastHello(0),
_addr(addr),
_localAddress(localAddress),
_ipScope(addr.ipScope())
@ -231,22 +229,9 @@ public:
*/
inline uint64_t lastIn() const { return _lastIn; }
/**
* @return True if we should allow HELLO via this path
*/
inline bool rateGateHello(const uint64_t now)
{
if ((now - _lastHello) >= ZT_PATH_HELLO_RATE_LIMIT) {
_lastHello = now;
return true;
}
return false;
}
private:
uint64_t _lastOut;
uint64_t _lastIn;
uint64_t _lastHello;
InetAddress _addr;
InetAddress _localAddress;
InetAddress::IpScope _ipScope; // memoize this since it's a computed value checked often

Write Preview
Loading…
Cancel
Save