mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 09:21:57 +00:00
Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP.
This commit is contained in:
Adam Ierymenko
parent
0da9a9a3e0
commit
8ef0e4bbaf
@ -211,11 +211,6 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
|
|||||||
try {
|
try {
|
||||||
const uint64_t now = RR->node->now();
|
const uint64_t now = RR->node->now();
|
||||||
|
|
||||||
if (!_path->rateGateHello(now)) {
|
|
||||||
TRACE("dropped HELLO from %s(%s): rate limiting circuit breaker for HELLO on this path tripped",source().toString().c_str(),_path->address().toString().c_str());
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
const uint64_t pid = packetId();
|
const uint64_t pid = packetId();
|
||||||
const Address fromAddress(source());
|
const Address fromAddress(source());
|
||||||
const unsigned int protoVersion = (*this)[ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION];
|
const unsigned int protoVersion = (*this)[ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION];
|
||||||
@ -258,14 +253,14 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
|
|||||||
if (peer->identity() != id) {
|
if (peer->identity() != id) {
|
||||||
// Identity is different from the one we already have -- address collision
|
// Identity is different from the one we already have -- address collision
|
||||||
|
|
||||||
unsigned char key[ZT_PEER_SECRET_KEY_LENGTH];
|
uint8_t key[ZT_PEER_SECRET_KEY_LENGTH];
|
||||||
if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) {
|
if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) {
|
||||||
if (dearmor(key)) { // ensure packet is authentic, otherwise drop
|
if (dearmor(key)) { // ensure packet is authentic, otherwise drop
|
||||||
TRACE("rejected HELLO from %s(%s): address already claimed",id.address().toString().c_str(),_path->address().toString().c_str());
|
TRACE("rejected HELLO from %s(%s): address already claimed",id.address().toString().c_str(),_path->address().toString().c_str());
|
||||||
Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR);
|
Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR);
|
||||||
outp.append((unsigned char)Packet::VERB_HELLO);
|
outp.append((uint8_t)Packet::VERB_HELLO);
|
||||||
outp.append((uint64_t)pid);
|
outp.append((uint64_t)pid);
|
||||||
outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION);
|
outp.append((uint8_t)Packet::ERROR_IDENTITY_COLLISION);
|
||||||
outp.armor(key,true);
|
outp.armor(key,true);
|
||||||
_path->send(RR,outp.data(),outp.size(),RR->node->now());
|
_path->send(RR,outp.data(),outp.size(),RR->node->now());
|
||||||
} else {
|
} else {
|
||||||
@ -296,7 +291,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check identity proof of work
|
// Check that identity's address is valid as per the derivation function
|
||||||
if (!id.locallyValidate()) {
|
if (!id.locallyValidate()) {
|
||||||
TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str());
|
TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str());
|
||||||
return true;
|
return true;
|
||||||
|
|||||||
@ -104,7 +104,6 @@ public:
|
|||||||
Path() :
|
Path() :
|
||||||
_lastOut(0),
|
_lastOut(0),
|
||||||
_lastIn(0),
|
_lastIn(0),
|
||||||
_lastHello(0),
|
|
||||||
_addr(),
|
_addr(),
|
||||||
_localAddress(),
|
_localAddress(),
|
||||||
_ipScope(InetAddress::IP_SCOPE_NONE)
|
_ipScope(InetAddress::IP_SCOPE_NONE)
|
||||||
@ -114,7 +113,6 @@ public:
|
|||||||
Path(const InetAddress &localAddress,const InetAddress &addr) :
|
Path(const InetAddress &localAddress,const InetAddress &addr) :
|
||||||
_lastOut(0),
|
_lastOut(0),
|
||||||
_lastIn(0),
|
_lastIn(0),
|
||||||
_lastHello(0),
|
|
||||||
_addr(addr),
|
_addr(addr),
|
||||||
_localAddress(localAddress),
|
_localAddress(localAddress),
|
||||||
_ipScope(addr.ipScope())
|
_ipScope(addr.ipScope())
|
||||||
@ -231,22 +229,9 @@ public:
|
|||||||
*/
|
*/
|
||||||
inline uint64_t lastIn() const { return _lastIn; }
|
inline uint64_t lastIn() const { return _lastIn; }
|
||||||
|
|
||||||
/**
|
|
||||||
* @return True if we should allow HELLO via this path
|
|
||||||
*/
|
|
||||||
inline bool rateGateHello(const uint64_t now)
|
|
||||||
{
|
|
||||||
if ((now - _lastHello) >= ZT_PATH_HELLO_RATE_LIMIT) {
|
|
||||||
_lastHello = now;
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
private:
|
private:
|
||||||
uint64_t _lastOut;
|
uint64_t _lastOut;
|
||||||
uint64_t _lastIn;
|
uint64_t _lastIn;
|
||||||
uint64_t _lastHello;
|
|
||||||
InetAddress _addr;
|
InetAddress _addr;
|
||||||
InetAddress _localAddress;
|
InetAddress _localAddress;
|
||||||
InetAddress::IpScope _ipScope; // memoize this since it's a computed value checked often
|
InetAddress::IpScope _ipScope; // memoize this since it's a computed value checked often
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user