ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-19 13:07:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

... and another one!

Browse Source
This commit is contained in:
Adam Ierymenko 2015-09-04 13:53:48 -07:00
parent 7b8ce16057
commit d1341578d8
2 changed files with 30 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
node/Network.cpp
View File

@ -389,22 +389,34 @@ void Network::learnBridgeRoute(const MAC &mac,const Address &addr)
Mutex::Lock _l(_lock); Mutex::Lock _l(_lock);
_remoteBridgeRoutes[mac] = addr; _remoteBridgeRoutes[mac] = addr;
// If _remoteBridgeRoutes exceeds sanity limit, trim worst offenders until below -- denial of service circuit breaker // Anti-DOS circuit breaker to prevent nodes from spamming us with absurd numbers of bridge routes
while (_remoteBridgeRoutes.size() > ZT_MAX_BRIDGE_ROUTES) { while (_remoteBridgeRoutes.size() > ZT_MAX_BRIDGE_ROUTES) {
std::map<Address,unsigned long> counts; Hashtable< Address,unsigned long > counts;
Address maxAddr; Address maxAddr;
unsigned long maxCount = 0; unsigned long maxCount = 0;
for(std::map<MAC,Address>::iterator br(_remoteBridgeRoutes.begin());br!=_remoteBridgeRoutes.end();++br) {
unsigned long c = ++counts[br->second]; MAC *m = (MAC *)0;
if (c > maxCount) { Address *a = (Address *)0;
maxCount = c;
maxAddr = br->second; // Find the address responsible for the most entries
{
Hashtable<MAC,Address>::Iterator i(_remoteBridgeRoutes);
while (i.next(m,a)) {
const unsigned long c = ++counts[*a];
if (c > maxCount) {
maxCount = c;
maxAddr = *a;
}
} }
} }
for(std::map<MAC,Address>::iterator br(_remoteBridgeRoutes.begin());br!=_remoteBridgeRoutes.end();) {
if (br->second == maxAddr) // Kill this address from our table, since it's most likely spamming us
_remoteBridgeRoutes.erase(br++); {
else ++br; Hashtable<MAC,Address>::Iterator i(_remoteBridgeRoutes);
while (i.next(m,a)) {
if (*a == maxAddr)
_remoteBridgeRoutes.erase(*m);
}
} }
} }
} }

14
node/Network.hpp
View File

@ -298,10 +298,10 @@ public:
inline Address findBridgeTo(const MAC &mac) const inline Address findBridgeTo(const MAC &mac) const
{ {
Mutex::Lock _l(_lock); Mutex::Lock _l(_lock);
std::map<MAC,Address>::const_iterator br(_remoteBridgeRoutes.find(mac)); const Address *const br = _remoteBridgeRoutes.get(mac);
if (br == _remoteBridgeRoutes.end()) if (br)
return Address(); return *br;
return br->second; return Address();
} }
/** /**
@ -359,10 +359,10 @@ private:
volatile bool _enabled; volatile bool _enabled;
volatile bool _portInitialized; volatile bool _portInitialized;
std::vector< MulticastGroup > _myMulticastGroups; // multicast groups that we belong to including those behind us (updated periodically) std::vector< MulticastGroup > _myMulticastGroups; // multicast groups that we belong to (according to tap)
Hashtable< MulticastGroup,uint64_t > _multicastGroupsBehindMe; // multicast groups bridged to us and when we last saw activity on each Hashtable< MulticastGroup,uint64_t > _multicastGroupsBehindMe; // multicast groups that seem to be behind us and when we last saw them (if we are a bridge)
std::map<MAC,Address> _remoteBridgeRoutes; // remote addresses where given MACs are reachable Hashtable< MAC,Address > _remoteBridgeRoutes; // remote addresses where given MACs are reachable (for remote bridges)
std::map<Address,CertificateOfMembership> _membershipCertificates; // Other members' certificates of membership std::map<Address,CertificateOfMembership> _membershipCertificates; // Other members' certificates of membership
std::map<Address,uint64_t> _lastPushedMembershipCertificate; // When did we last push our certificate to each remote member? std::map<Address,uint64_t> _lastPushedMembershipCertificate; // When did we last push our certificate to each remote member?