(1) Public networks now get COMs even though they do not gate with them since they will need them to push auth for multicast stuff, (2) added a bunch of rate limit circuit breakers for anti-DOS, (3) cleanup.

This commit is contained in:
Adam Ierymenko 2016-09-09 11:36:10 -07:00
parent ef87069957
commit ab9afbc749
13 changed files with 395 additions and 229 deletions

View file

@ -236,6 +236,11 @@
*/
#define ZT_MULTICAST_EXPLICIT_GATHER_DELAY (ZT_MULTICAST_LIKE_EXPIRE / 10)
/**
* Expiration for credentials presented for MULTICAST_LIKE or MULTICAST_GATHER (for non-network-members)
*/
#define ZT_MULTICAST_CREDENTIAL_EXPIRATON ZT_MULTICAST_LIKE_EXPIRE
/**
* Timeout for outgoing multicasts
*
@ -263,6 +268,11 @@
*/
#define ZT_PATH_MIN_REACTIVATE_INTERVAL 2500
/**
* Do not accept HELLOs over a given path more often than this
*/
#define ZT_PATH_HELLO_RATE_LIMIT 1000
/**
* Delay between full-fledge pings of directly connected peers
*/
@ -283,6 +293,11 @@
*/
#define ZT_PEER_ACTIVITY_TIMEOUT 500000
/**
* General rate limit timeout for multiple packet types (HELLO, etc.)
*/
#define ZT_PEER_GENERAL_INBOUND_RATE_LIMIT 1000
/**
* Delay between requests for updated network autoconf information
*
@ -326,6 +341,11 @@
*/
#define ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME 60000
/**
* General rate limit for other kinds of rate-limited packets (HELLO, credential request, etc.) both inbound and outbound
*/
#define ZT_PEER_GENERAL_RATE_LIMIT 1000
/**
* Maximum number of direct path pushes within cutoff time
*