Actually rate-limit new outbound peer connections #2216
Labels
A-network
Area: Network protocol updates or fixes
A-rust
Area: Updates to Rust code
C-bug
Category: This is a bug
C-security
Category: Security issues
I-remote-node-overload
Zebra can overload other nodes on the network
Milestone
Is your feature request related to a problem? Please describe.
Zebra has an outbound connection rate-limit in the CandidateSet. But if there haven't been many connections for a while, it can allow a very large burst of connections.
Describe the solution you'd like
current_deadline
to the maximum of the current time and thenext_peer_min_wait.deadline()
:zebra/zebra-network/src/peer_set/candidate_set.rs
Lines 281 to 282 in 5cdcc52
This makes sure that the next sleep is at least 100 milliseconds from the current time. (It can be be up to 200 milliseconds, if there's just been a connection, and we're about to sleep for 100 milliseconds.)
AddressBook
0..4
initial candidates, an async sleep from0..400
milliseconds, and then0..4
extra candidatesDescribe alternatives you've considered
We could change the CandidateSet.next_peer_min_wait from a Sleep to an Instant. This simplifies the code, because we're not storing a Sleep future any more. See #2160 for an example of this change.
Additional context
This change will also rate-limit the crawler task, so we should do it before #2212.
The text was updated successfully, but these errors were encountered: