diff options
| author | Grant Limberg <glimberg@gmail.com> | 2015-11-02 18:32:21 -0800 |
|---|---|---|
| committer | Grant Limberg <glimberg@gmail.com> | 2015-11-02 18:32:21 -0800 |
| commit | 179b064b05460b706526a3249a25cd07232a42f5 (patch) | |
| tree | d26dfeb2c02ce59c4a531142684695e45bb515ad /node/Constants.hpp | |
| parent | 75a191a8564030f4d5e99aca76b980e2d69abd20 (diff) | |
| parent | 4e9d4304761f93a1764d3ec2d2b0c38140decad8 (diff) | |
| download | infinitytier-179b064b05460b706526a3249a25cd07232a42f5.tar.gz infinitytier-179b064b05460b706526a3249a25cd07232a42f5.zip | |
Merge branch 'edge' into android-jni-dev
Diffstat (limited to 'node/Constants.hpp')
| -rw-r--r-- | node/Constants.hpp | 71 |
1 files changed, 38 insertions, 33 deletions
diff --git a/node/Constants.hpp b/node/Constants.hpp index 4f783550..552688a6 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -173,16 +173,11 @@ /** * Timeout for receipt of fragmented packets in ms - * - * Since there's no retransmits, this is just a really bad case scenario for - * transit time. It's short enough that a DOS attack from exhausing buffers is - * very unlikely, as the transfer rate would have to be fast enough to fill - * system memory in this time. */ -#define ZT_FRAGMENTED_PACKET_RECEIVE_TIMEOUT 1000 +#define ZT_FRAGMENTED_PACKET_RECEIVE_TIMEOUT 500 /** - * Length of secret key in bytes -- 256-bit for Salsa20 + * Length of secret key in bytes -- 256-bit -- do not change */ #define ZT_PEER_SECRET_KEY_LENGTH 32 @@ -194,7 +189,7 @@ /** * Overriding granularity for timer tasks to prevent CPU-intensive thrashing on every packet */ -#define ZT_CORE_TIMER_TASK_GRANULARITY 1000 +#define ZT_CORE_TIMER_TASK_GRANULARITY 500 /** * How long to remember peer records in RAM if they haven't been used @@ -264,33 +259,22 @@ * This is also how often pings will be retried to upstream peers (relays, roots) * constantly until something is heard. */ -#define ZT_PING_CHECK_INVERVAL 6250 +#define ZT_PING_CHECK_INVERVAL 9500 /** * Delay between ordinary case pings of direct links */ -#define ZT_PEER_DIRECT_PING_DELAY 120000 - -/** - * Delay between requests for updated network autoconf information - */ -#define ZT_NETWORK_AUTOCONF_DELAY 60000 +#define ZT_PEER_DIRECT_PING_DELAY 60000 /** * Timeout for overall peer activity (measured from last receive) */ -#define ZT_PEER_ACTIVITY_TIMEOUT (ZT_PEER_DIRECT_PING_DELAY + (ZT_PING_CHECK_INVERVAL * 3)) +#define ZT_PEER_ACTIVITY_TIMEOUT ((ZT_PEER_DIRECT_PING_DELAY * 4) + ZT_PING_CHECK_INVERVAL) /** - * Stop relaying via peers that have not responded to direct sends - * - * When we send something (including frames), we generally expect a response. - * Switching relays if no response in a short period of time causes more - * rapid failover if a root server goes down or becomes unreachable. In the - * mistaken case, little harm is done as it'll pick the next-fastest - * root server and will switch back eventually. + * Delay between requests for updated network autoconf information */ -#define ZT_PEER_RELAY_CONVERSATION_LATENCY_THRESHOLD 10000 +#define ZT_NETWORK_AUTOCONF_DELAY 60000 /** * Minimum interval between attempts by relays to unite peers @@ -299,7 +283,7 @@ * a RENDEZVOUS message no more than this often. This instructs the peers * to attempt NAT-t and gives each the other's corresponding IP:port pair. */ -#define ZT_MIN_UNITE_INTERVAL 60000 +#define ZT_MIN_UNITE_INTERVAL 30000 /** * Delay between initial direct NAT-t packet and more aggressive techniques @@ -310,19 +294,16 @@ #define ZT_NAT_T_TACTICAL_ESCALATION_DELAY 1000 /** - * Size of anti-recursion history (see AntiRecursion.hpp) - */ -#define ZT_ANTIRECURSION_HISTORY_SIZE 16 - -/** * Minimum delay between attempts to confirm new paths to peers (to avoid HELLO flooding) */ -#define ZT_MIN_PATH_CONFIRMATION_INTERVAL 5000 +#define ZT_MIN_PATH_CONFIRMATION_INTERVAL 1000 /** - * Interval between direct path pushes in milliseconds + * How long (max) to remember network certificates of membership? + * + * This only applies to networks we don't belong to. */ -#define ZT_DIRECT_PATH_PUSH_INTERVAL 300000 +#define ZT_PEER_NETWORK_COM_EXPIRATION 3600000 /** * Sanity limit on maximum bridge routes @@ -341,6 +322,30 @@ #define ZT_MAX_BRIDGE_SPAM 16 /** + * Interval between direct path pushes in milliseconds + */ +#define ZT_DIRECT_PATH_PUSH_INTERVAL 120000 + +/** + * Time horizon for push direct paths cutoff + */ +#define ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME 60000 + +/** + * Maximum number of direct path pushes within cutoff time + * + * This limits response to PUSH_DIRECT_PATHS to CUTOFF_LIMIT responses + * per CUTOFF_TIME milliseconds per peer to prevent this from being + * useful for DOS amplification attacks. + */ +#define ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT 5 + +/** + * Maximum number of paths per IP scope (e.g. global, link-local) and family (e.g. v4/v6) + */ +#define ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY 1 + +/** * A test pseudo-network-ID that can be joined * * Joining this network ID will result in a network with no IP addressing |