Tweak certificate of membership revision/time tolerance to eliminate boundary packet loss issues occasionally seen in the wild.

author: Adam Ierymenko <adam.ierymenko@gmail.com> 2016-02-10 09:32:42 -0800
committer: Adam Ierymenko <adam.ierymenko@gmail.com> 2016-02-10 09:32:42 -0800
commit: 10bb9919f15a7777905f3d43ca01325a229203c7 (patch)
tree: 43f4586514991176560cd4b65c25e4cc06e4fe85 /node
parent: 4769dacf6102342ddd4519cfe8227bf6fc49fbcc (diff)
download: infinitytier-10bb9919f15a7777905f3d43ca01325a229203c7.tar.gz
infinitytier-10bb9919f15a7777905f3d43ca01325a229203c7.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/node/CertificateOfMembership.hpp b/node/CertificateOfMembership.hpp
index c6d59397..44d892e7 100644
--- a/node/CertificateOfMembership.hpp
+++ b/node/CertificateOfMembership.hpp
@@ -33,6 +33,16 @@
 #include "Identity.hpp"
 #include "Utils.hpp"
 
+/**
+ * Default window of time for certificate agreement
+ *
+ * Right now we use time for 'revision' so this is the maximum time divergence
+ * between two certs for them to agree. It comes out to three minutes, which
+ * gives a lot of margin for error if the controller hiccups or its clock
+ * drifts but causes de-authorized peers to fall off fast enough.
+ */
+#define ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA (ZT_NETWORK_AUTOCONF_DELAY * 3)
+
 namespace ZeroTier {
 
 /**
author	Adam Ierymenko <adam.ierymenko@gmail.com>	2016-02-10 09:32:42 -0800
committer	Adam Ierymenko <adam.ierymenko@gmail.com>	2016-02-10 09:32:42 -0800
commit	10bb9919f15a7777905f3d43ca01325a229203c7 (patch)
tree	43f4586514991176560cd4b65c25e4cc06e4fe85 /node
parent	4769dacf6102342ddd4519cfe8227bf6fc49fbcc (diff)
download	infinitytier-10bb9919f15a7777905f3d43ca01325a229203c7.tar.gz infinitytier-10bb9919f15a7777905f3d43ca01325a229203c7.zip