1 files changed, 35 insertions, 0 deletions

diff --git a/node/Constants.hpp b/node/Constants.hpp
index a625b480..b3c3dec0 100644
--- a/node/Constants.hpp
+++ b/node/Constants.hpp
@@ -237,6 +237,11 @@
 #define ZT_MULTICAST_EXPLICIT_GATHER_DELAY (ZT_MULTICAST_LIKE_EXPIRE / 10)
 
 /**
+ * Expiration for credentials presented for MULTICAST_LIKE or MULTICAST_GATHER (for non-network-members)
+ */
+#define ZT_MULTICAST_CREDENTIAL_EXPIRATON ZT_MULTICAST_LIKE_EXPIRE
+
+/**
  * Timeout for outgoing multicasts
  *
  * This is how long we wait for explicit or implicit gather results.
@@ -264,6 +269,11 @@
 #define ZT_PATH_MIN_REACTIVATE_INTERVAL 2500
 
 /**
+ * Do not accept HELLOs over a given path more often than this
+ */
+#define ZT_PATH_HELLO_RATE_LIMIT 1000
+
+/**
  * Delay between full-fledge pings of directly connected peers
  */
 #define ZT_PEER_PING_PERIOD 60000
@@ -284,6 +294,11 @@
 #define ZT_PEER_ACTIVITY_TIMEOUT 500000
 
 /**
+ * General rate limit timeout for multiple packet types (HELLO, etc.)
+ */
+#define ZT_PEER_GENERAL_INBOUND_RATE_LIMIT 1000
+
+/**
  * Delay between requests for updated network autoconf information
  *
  * Don't lengthen this as it affects things like QoS / uptime monitoring
@@ -341,6 +356,26 @@
 #define ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY 4
 
 /**
+ * Time horizon for VERB_NETWORK_CREDENTIALS cutoff
+ */
+#define ZT_PEER_CREDENTIALS_CUTOFF_TIME 60000
+
+/**
+ * Maximum number of VERB_NETWORK_CREDENTIALS within cutoff time
+ */
+#define ZT_PEER_CREDEITIALS_CUTOFF_LIMIT 15
+
+/**
+ * General rate limit for other kinds of rate-limited packets (HELLO, credential request, etc.) both inbound and outbound
+ */
+#define ZT_PEER_GENERAL_RATE_LIMIT 1000
+
+/**
+ * How long is a path or peer considered to have a trust relationship with us (for e.g. relay policy) since last trusted established packet?
+ */
+#define ZT_TRUST_EXPIRATION 600000
+
+/**
  * Enable support for older network configurations from older (pre-1.1.6) controllers
  */
 #define ZT_SUPPORT_OLD_STYLE_NETCONF 1