Rate gate expensive validation of new identities in HELLO.
This commit is contained in:
parent
ab4021dd0e
commit
2ea9f516e1
6 changed files with 87 additions and 1 deletions
|
@ -283,6 +283,24 @@ public:
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether we should do potentially expensive identity verification (rate limit)
|
||||
*
|
||||
* @param now Current time
|
||||
* @param from Source address of packet
|
||||
* @return True if within rate limits
|
||||
*/
|
||||
inline bool rateGateIdentityVerification(const uint64_t now,const InetAddress &from)
|
||||
{
|
||||
unsigned long iph = from.rateGateHash();
|
||||
printf("%s %.4lx\n",from.toString().c_str(),iph);
|
||||
if ((now - _lastIdentityVerification[iph]) >= ZT_IDENTITY_VALIDATION_SOURCE_RATE_LIMIT) {
|
||||
_lastIdentityVerification[iph] = now;
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
virtual void ncSendConfig(uint64_t nwid,uint64_t requestPacketId,const Address &destination,const NetworkConfig &nc,bool sendLegacyFormatConfig);
|
||||
virtual void ncSendError(uint64_t nwid,uint64_t requestPacketId,const Address &destination,NetworkController::ErrorCode errorCode);
|
||||
|
||||
|
@ -302,9 +320,13 @@ private:
|
|||
|
||||
void *_uPtr; // _uptr (lower case) is reserved in Visual Studio :P
|
||||
|
||||
// For tracking packet IDs to filter out OK/ERROR replies to packets we did not send
|
||||
uint8_t _expectingRepliesToBucketPtr[ZT_EXPECTING_REPLIES_BUCKET_MASK1 + 1];
|
||||
uint64_t _expectingRepliesTo[ZT_EXPECTING_REPLIES_BUCKET_MASK1 + 1][ZT_EXPECTING_REPLIES_BUCKET_MASK2 + 1];
|
||||
|
||||
// Time of last identity verification indexed by InetAddress.rateGateHash()
|
||||
uint64_t _lastIdentityVerification[16384];
|
||||
|
||||
ZT_DataStoreGetFunction _dataStoreGetFunction;
|
||||
ZT_DataStorePutFunction _dataStorePutFunction;
|
||||
ZT_WirePacketSendFunction _wirePacketSendFunction;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue