summaryrefslogtreecommitdiff
path: root/node/Peer.hpp
diff options
context:
space:
mode:
Diffstat (limited to 'node/Peer.hpp')
-rw-r--r--node/Peer.hpp98
1 files changed, 80 insertions, 18 deletions
diff --git a/node/Peer.hpp b/node/Peer.hpp
index 2e64fb4d..1ae239bc 100644
--- a/node/Peer.hpp
+++ b/node/Peer.hpp
@@ -312,7 +312,7 @@ public:
/**
* @return 256-bit secret symmetric encryption key
*/
- inline const unsigned char *key() const throw() { return _key; }
+ inline const unsigned char *key() const { return _key; }
/**
* Set the currently known remote version of this peer's client
@@ -330,25 +330,22 @@ public:
_vRevision = (uint16_t)vrev;
}
- inline unsigned int remoteVersionProtocol() const throw() { return _vProto; }
- inline unsigned int remoteVersionMajor() const throw() { return _vMajor; }
- inline unsigned int remoteVersionMinor() const throw() { return _vMinor; }
- inline unsigned int remoteVersionRevision() const throw() { return _vRevision; }
+ inline unsigned int remoteVersionProtocol() const { return _vProto; }
+ inline unsigned int remoteVersionMajor() const { return _vMajor; }
+ inline unsigned int remoteVersionMinor() const { return _vMinor; }
+ inline unsigned int remoteVersionRevision() const { return _vRevision; }
- inline bool remoteVersionKnown() const throw() { return ((_vMajor > 0)||(_vMinor > 0)||(_vRevision > 0)); }
+ inline bool remoteVersionKnown() const { return ((_vMajor > 0)||(_vMinor > 0)||(_vRevision > 0)); }
/**
- * Update direct path push stats and return true if we should respond
- *
- * This is a circuit breaker to make VERB_PUSH_DIRECT_PATHS not particularly
- * useful as a DDOS amplification attack vector. Otherwise a malicious peer
- * could send loads of these and cause others to bombard arbitrary IPs with
- * traffic.
- *
- * @param now Current time
- * @return True if we should respond
+ * @return True if peer has received a trust established packet (e.g. common network membership) in the past ZT_TRUST_EXPIRATION ms
+ */
+ inline bool trustEstablished(const uint64_t now) const { return ((now - _lastTrustEstablishedPacketReceived) < ZT_TRUST_EXPIRATION); }
+
+ /**
+ * Rate limit gate for VERB_PUSH_DIRECT_PATHS
*/
- inline bool shouldRespondToDirectPathPush(const uint64_t now)
+ inline bool rateGatePushDirectPaths(const uint64_t now)
{
if ((now - _lastDirectPathPushReceive) <= ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME)
++_directPathPushCutoffCount;
@@ -358,6 +355,66 @@ public:
}
/**
+ * Rate limit gate for VERB_NETWORK_CREDENTIALS
+ */
+ inline bool rateGateCredentialsReceived(const uint64_t now)
+ {
+ if ((now - _lastCredentialsReceived) <= ZT_PEER_CREDENTIALS_CUTOFF_TIME)
+ ++_credentialsCutoffCount;
+ else _credentialsCutoffCount = 0;
+ _lastCredentialsReceived = now;
+ return (_directPathPushCutoffCount < ZT_PEER_CREDEITIALS_CUTOFF_LIMIT);
+ }
+
+ /**
+ * Rate limit gate for sending of ERROR_NEED_MEMBERSHIP_CERTIFICATE
+ */
+ inline bool rateGateRequestCredentials(const uint64_t now)
+ {
+ if ((now - _lastCredentialRequestSent) >= ZT_PEER_GENERAL_RATE_LIMIT) {
+ _lastCredentialRequestSent = now;
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Rate limit gate for inbound WHOIS requests
+ */
+ inline bool rateGateInboundWhoisRequest(const uint64_t now)
+ {
+ if ((now - _lastWhoisRequestReceived) >= ZT_PEER_GENERAL_RATE_LIMIT) {
+ _lastWhoisRequestReceived = now;
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Rate limit gate for inbound ECHO requests
+ */
+ inline bool rateGateEchoRequest(const uint64_t now)
+ {
+ if ((now - _lastEchoRequestReceived) >= ZT_PEER_GENERAL_RATE_LIMIT) {
+ _lastEchoRequestReceived = now;
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Rate gate requests for network COM
+ */
+ inline bool rateGateComRequest(const uint64_t now)
+ {
+ if ((now - _lastComRequestReceived) >= ZT_PEER_GENERAL_RATE_LIMIT) {
+ _lastComRequestReceived = now;
+ return true;
+ }
+ return false;
+ }
+
+ /**
* Find a common set of addresses by which two peers can link, if any
*
* @param a Peer A
@@ -378,8 +435,6 @@ public:
}
private:
- bool _pushDirectPaths(const SharedPtr<Path> &path,uint64_t now);
-
inline uint64_t _pathScore(const unsigned int p,const uint64_t now) const
{
uint64_t s = ZT_PEER_PING_PERIOD + _paths[p].lastReceive + (uint64_t)(_paths[p].path->preferenceRank() * (ZT_PEER_PING_PERIOD / ZT_PATH_MAX_PREFERENCE_RANK));
@@ -415,6 +470,12 @@ private:
uint64_t _lastMulticastFrame;
uint64_t _lastDirectPathPushSent;
uint64_t _lastDirectPathPushReceive;
+ uint64_t _lastCredentialRequestSent;
+ uint64_t _lastWhoisRequestReceived;
+ uint64_t _lastEchoRequestReceived;
+ uint64_t _lastComRequestReceived;
+ uint64_t _lastCredentialsReceived;
+ uint64_t _lastTrustEstablishedPacketReceived;
const RuntimeEnvironment *RR;
uint32_t _remoteClusterOptimal4;
uint16_t _vProto;
@@ -433,6 +494,7 @@ private:
unsigned int _numPaths;
unsigned int _latency;
unsigned int _directPathPushCutoffCount;
+ unsigned int _credentialsCutoffCount;
AtomicCounter __refCount;
};
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-27 17:42:52 +0000