ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-04-08 03:34:14 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP.

Browse Source
This commit is contained in:
Adam Ierymenko 2016-09-13 10:46:36 -07:00
parent 0da9a9a3e0
commit 8ef0e4bbaf
2 changed files with 4 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
node/IncomingPacket.cpp
View File

@ -211,11 +211,6 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
try {
const uint64_t now = RR->node->now();
if (!_path->rateGateHello(now)) {
TRACE("dropped HELLO from %s(%s): rate limiting circuit breaker for HELLO on this path tripped",source().toString().c_str(),_path->address().toString().c_str());
return true;
}
const uint64_t pid = packetId();
const Address fromAddress(source());
const unsigned int protoVersion = (*this)[ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION];
@ -258,14 +253,14 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
if (peer->identity() != id) {
// Identity is different from the one we already have -- address collision
unsigned char key[ZT_PEER_SECRET_KEY_LENGTH];
uint8_t key[ZT_PEER_SECRET_KEY_LENGTH];
if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) {
if (dearmor(key)) { // ensure packet is authentic, otherwise drop
TRACE("rejected HELLO from %s(%s): address already claimed",id.address().toString().c_str(),_path->address().toString().c_str());
Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR);
outp.append((unsigned char)Packet::VERB_HELLO);
outp.append((uint8_t)Packet::VERB_HELLO);
outp.append((uint64_t)pid);
outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION);
outp.append((uint8_t)Packet::ERROR_IDENTITY_COLLISION);
outp.armor(key,true);
_path->send(RR,outp.data(),outp.size(),RR->node->now());
} else {
@ -296,7 +291,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
return true;
}
// Check identity proof of work
// Check that identity's address is valid as per the derivation function
if (!id.locallyValidate()) {
TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str());
return true;

15
node/Path.hpp
View File

@ -104,7 +104,6 @@ public:
Path() :
_lastOut(0),
_lastIn(0),
_lastHello(0),
_addr(),
_localAddress(),
_ipScope(InetAddress::IP_SCOPE_NONE)
@ -114,7 +113,6 @@ public:
Path(const InetAddress &localAddress,const InetAddress &addr) :
_lastOut(0),
_lastIn(0),
_lastHello(0),
_addr(addr),
_localAddress(localAddress),
_ipScope(addr.ipScope())
@ -231,22 +229,9 @@ public:
*/
inline uint64_t lastIn() const { return _lastIn; }
/**
* @return True if we should allow HELLO via this path
*/
inline bool rateGateHello(const uint64_t now)
{
if ((now - _lastHello) >= ZT_PATH_HELLO_RATE_LIMIT) {
_lastHello = now;
return true;
}
return false;
}
private:
uint64_t _lastOut;
uint64_t _lastIn;
uint64_t _lastHello;
InetAddress _addr;
InetAddress _localAddress;
InetAddress::IpScope _ipScope; // memoize this since it's a computed value checked often