ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-18 15:18:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add a few more rate limit gates for anti-DOS hardening.

Browse Source
This commit is contained in:
Adam Ierymenko
2016-09-13 10:13:23 -07:00
parent ea1da3321a
commit cba37c6107
4 changed files with 77 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
node/Constants.hpp
View File

@ -341,11 +341,6 @@
*/
#define ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME 60000
/**
* General rate limit for other kinds of rate-limited packets (HELLO, credential request, etc.) both inbound and outbound
*/
#define ZT_PEER_GENERAL_RATE_LIMIT 1000
/**
* Maximum number of direct path pushes within cutoff time
*
@ -355,6 +350,21 @@
*/
#define ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT 5
/**
* Time horizon for VERB_NETWORK_CREDENTIALS cutoff
*/
#define ZT_PEER_CREDENTIALS_CUTOFF_TIME 60000
/**
* Maximum number of VERB_NETWORK_CREDENTIALS within cutoff time
*/
#define ZT_PEER_CREDEITIALS_CUTOFF_LIMIT 15
/**
* General rate limit for other kinds of rate-limited packets (HELLO, credential request, etc.) both inbound and outbound
*/
#define ZT_PEER_GENERAL_RATE_LIMIT 1000
/**
* Maximum number of paths per IP scope (e.g. global, link-local) and family (e.g. v4/v6)
*/