From 8ef0e4bbafbd87c32c62553bd84d87bd0eda0e06 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 13 Sep 2016 10:46:36 -0700 Subject: Get rid of HELLO rate gate on path since its basically worthless. There are 65535 ports per IP. --- node/IncomingPacket.cpp | 13 ++++--------- node/Path.hpp | 15 --------------- 2 files changed, 4 insertions(+), 24 deletions(-) (limited to 'node') diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index 7510fec8..64dccef3 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -211,11 +211,6 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut try { const uint64_t now = RR->node->now(); - if (!_path->rateGateHello(now)) { - TRACE("dropped HELLO from %s(%s): rate limiting circuit breaker for HELLO on this path tripped",source().toString().c_str(),_path->address().toString().c_str()); - return true; - } - const uint64_t pid = packetId(); const Address fromAddress(source()); const unsigned int protoVersion = (*this)[ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION]; @@ -258,14 +253,14 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut if (peer->identity() != id) { // Identity is different from the one we already have -- address collision - unsigned char key[ZT_PEER_SECRET_KEY_LENGTH]; + uint8_t key[ZT_PEER_SECRET_KEY_LENGTH]; if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) { if (dearmor(key)) { // ensure packet is authentic, otherwise drop TRACE("rejected HELLO from %s(%s): address already claimed",id.address().toString().c_str(),_path->address().toString().c_str()); Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR); - outp.append((unsigned char)Packet::VERB_HELLO); + outp.append((uint8_t)Packet::VERB_HELLO); outp.append((uint64_t)pid); - outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION); + outp.append((uint8_t)Packet::ERROR_IDENTITY_COLLISION); outp.armor(key,true); _path->send(RR,outp.data(),outp.size(),RR->node->now()); } else { @@ -296,7 +291,7 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,const bool alreadyAut return true; } - // Check identity proof of work + // Check that identity's address is valid as per the derivation function if (!id.locallyValidate()) { TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_path->address().toString().c_str()); return true; diff --git a/node/Path.hpp b/node/Path.hpp index 6278532d..27cff645 100644 --- a/node/Path.hpp +++ b/node/Path.hpp @@ -104,7 +104,6 @@ public: Path() : _lastOut(0), _lastIn(0), - _lastHello(0), _addr(), _localAddress(), _ipScope(InetAddress::IP_SCOPE_NONE) @@ -114,7 +113,6 @@ public: Path(const InetAddress &localAddress,const InetAddress &addr) : _lastOut(0), _lastIn(0), - _lastHello(0), _addr(addr), _localAddress(localAddress), _ipScope(addr.ipScope()) @@ -231,22 +229,9 @@ public: */ inline uint64_t lastIn() const { return _lastIn; } - /** - * @return True if we should allow HELLO via this path - */ - inline bool rateGateHello(const uint64_t now) - { - if ((now - _lastHello) >= ZT_PATH_HELLO_RATE_LIMIT) { - _lastHello = now; - return true; - } - return false; - } - private: uint64_t _lastOut; uint64_t _lastIn; - uint64_t _lastHello; InetAddress _addr; InetAddress _localAddress; InetAddress::IpScope _ipScope; // memoize this since it's a computed value checked often -- cgit v1.2.3