Rate gate expensive validation of new identities in HELLO.

This commit is contained in:
Adam Ierymenko 2016-11-18 12:59:04 -08:00
parent ab4021dd0e
commit 2ea9f516e1
6 changed files with 87 additions and 1 deletions

View file

@ -283,6 +283,24 @@ public:
return false;
}
/**
* Check whether we should do potentially expensive identity verification (rate limit)
*
* @param now Current time
* @param from Source address of packet
* @return True if within rate limits
*/
inline bool rateGateIdentityVerification(const uint64_t now,const InetAddress &from)
{
unsigned long iph = from.rateGateHash();
printf("%s %.4lx\n",from.toString().c_str(),iph);
if ((now - _lastIdentityVerification[iph]) >= ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT) {
_lastIdentityVerification[iph] = now;
return true;
}
return false;
}
virtual void ncSendConfig(uint64_t nwid,uint64_t requestPacketId,const Address &destination,const NetworkConfig &nc,bool sendLegacyFormatConfig);
virtual void ncSendError(uint64_t nwid,uint64_t requestPacketId,const Address &destination,NetworkController::ErrorCode errorCode);
@ -302,9 +320,13 @@ private:
void *_uPtr; // _uptr (lower case) is reserved in Visual Studio :P
// For tracking packet IDs to filter out OK/ERROR replies to packets we did not send
uint8_t _expectingRepliesToBucketPtr[ZT_EXPECTING_REPLIES_BUCKET_MASK1 + 1];
uint64_t _expectingRepliesTo[ZT_EXPECTING_REPLIES_BUCKET_MASK1 + 1][ZT_EXPECTING_REPLIES_BUCKET_MASK2 + 1];
// Time of last identity verification indexed by InetAddress.rateGateHash()
uint64_t _lastIdentityVerification[16384];
ZT_DataStoreGetFunction _dataStoreGetFunction;
ZT_DataStorePutFunction _dataStorePutFunction;
ZT_WirePacketSendFunction _wirePacketSendFunction;