DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Rate limit incoming addr p2p messages

Browse Source
This commit is contained in:
Duke
2023-03-16 22:33:25 -04:00
parent bde7273c9f
commit c1baab7b8a
4 changed files with 58 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/net.h
View File

@@ -72,6 +72,13 @@ static const int TIMEOUT_INTERVAL = 20 * 60;
static const unsigned int MAX_INV_SZ = 50000;
/** The maximum number of new addresses to accumulate before announcing. */
static const unsigned int MAX_ADDR_TO_SEND = 1000;
/** The maximum rate of address records we're willing to process on average. Can be bypassed using
* the NetPermissionFlags::Addr permission. */
static constexpr double MAX_ADDR_RATE_PER_SECOND{0.1};
/** The soft limit of the address processing token bucket (the regular MAX_ADDR_RATE_PER_SECOND
* based increments won't go above this, but the MAX_ADDR_TO_SEND increment following GETADDR
* is exempt from this limit. */
static constexpr size_t MAX_ADDR_PROCESSING_TOKEN_BUCKET{MAX_ADDR_TO_SEND};
/** Maximum length of incoming protocol messages (no message over 2 MiB is currently acceptable). */
static const unsigned int MAX_PROTOCOL_MESSAGE_LENGTH = (_MAX_BLOCK_SIZE + 24); // 24 is msgheader size
/** Maximum length of strSubVer in `version` message */
@@ -295,6 +302,9 @@ public:
// CAddress addrBind; // https://github.com/bitcoin/bitcoin/commit/a7e3c2814c8e49197889a4679461be42254e5c51
uint32_t m_mapped_as;
uint64_t m_addr_processed{0};
uint64_t m_addr_rate_limited{0};
/**
* Whether the peer has signaled support for receiving ADDRv2 (BIP155)
* messages, implying a preference to receive ADDRv2 instead of ADDR ones.
@@ -302,9 +312,6 @@ public:
bool m_wants_addrv2;
};
class CNetMessage {
public:
bool in_data; // parsing header (false) or data (true)
@@ -433,6 +440,15 @@ public:
*/
bool m_wants_addrv2{false};
/** Number of addr messages that can be processed from this peer. Start at 1 to permit self-announcement. */
double m_addr_token_bucket{1.0};
/** When m_addr_token_bucket was last updated */
int64_t m_addr_token_timestamp{GetTimeMicros()};
/** Total number of addresses that were dropped due to rate limiting. */
std::atomic<uint64_t> m_addr_rate_limited{0};
/** Total number of addresses that were processed (excludes rate limited ones). */
std::atomic<uint64_t> m_addr_processed{0};
protected:
// Denial-of-service detection/prevention