Skip to content

node,ingress_limit: operational hardening — rate limits and opening TTL (closes #22)#33

Merged
ch4r10t33r merged 2 commits into
mainfrom
node/operational-hardening-22
May 10, 2026
Merged

node,ingress_limit: operational hardening — rate limits and opening TTL (closes #22)#33
ch4r10t33r merged 2 commits into
mainfrom
node/operational-hardening-22

Conversation

@ch4r10t33r
Copy link
Copy Markdown
Owner

@ch4r10t33r ch4r10t33r commented May 10, 2026

Implements #22 (timeouts / rate limits / basic abuse controls).

Inbound (ingress_limit.zig)

  • Optional global and per-peer-key sliding-window packet caps (defaults: disabled).
  • Peer table bounded with LRU eviction by last_seen_ms.
  • Counting runs before allocate/decode so garbage still burns quota (CPU/DoS).

Node

  • Config.ingress and ingressRateKey(RemoteUdp) (IPv4: IP BE + port; IPv6: Wyhash + port).
  • outbound_opening_ttl_ms: drops allocOpeningPingHandshake state if no WHOAREYOU in time.
  • allocOpeningPingHandshake now takes now_ms (breaking) to stamp created_ms.

Tests

  • Unit tests in ingress_limit; node tests for per-peer cap and outbound expiry.

Not covered (follow-ups)

  • Per-op RPC correlation timeouts beyond opening handshake; send-side rate limits; SO_RCVBUF tuning.

ch4r10t33r added 2 commits May 10, 2026 11:44
@ch4r10t33r
node,ingress_limit: inbound rate limits and outbound opening TTL (iss…
672e731 
…ue 22)

- New ingress_limit: sliding-window global and per-peer caps, LRU-capped peer table.
- Node.handleReceive rate limit before alloc/copy/decode; ingressRateKey for UDP endpoints.
- Config.ingress and outbound_opening_ttl_ms; prune stale opening handshakes on receive.
- allocOpeningPingHandshake takes now_ms for created_ms (API change).
- Tests for limiter, per-peer cap, and outbound expiry.

Closes #22.
@ch4r10t33r
udp_runtime: pumpOnceEx egress limiter (issue 22)
2f06e1a 
- PumpOpts.egress_limiter and pumpOnceEx; pumpOnce delegates with empty opts.
- PumpResult enum for stable return type across pumpOnce/pumpOnceEx.
- ingress_limit module doc: same limiter for outbound counting.
- Node module doc: cross-reference pumpOnceEx egress.
- Test: per-peer egress cap blocks second reply to same UDP source.
@ch4r10t33r ch4r10t33r merged commit e713fc9 into main May 10, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ch4r10t33r