Commit 58204ee8 authored by Julien Muchembled's avatar Julien Muchembled

Limit number of client tunnels if NAT is not configured properly

If too many nodes create client tunnels without serving any, working servers
saturate and the network collapses.
parent 3a9e668c
...@@ -314,10 +314,12 @@ class TunnelManager(object): ...@@ -314,10 +314,12 @@ class TunnelManager(object):
# Get the candidates to killing # Get the candidates to killing
peer_set = set(self._connection_dict) peer_set = set(self._connection_dict)
peer_set.difference_update(self._killing) peer_set.difference_update(self._killing)
count = len(peer_set) - self._client_count + 1 # Keep only a small number of tunnels if server is not reachable
if count > 0: # (user should configure NAT properly).
for prefix in sorted(peer_set, key=self._tunnelScore)[:count]: if (self._client_count if self._served or self._disconnected else
self._killing[prefix] = TunnelKiller(prefix, self, True) min(2, self._client_count)) <= len(peer_set):
prefix = min(peer_set, key=self._tunnelScore)
self._killing[prefix] = TunnelKiller(prefix, self, True)
def _abortTunnelKiller(self, prefix): def _abortTunnelKiller(self, prefix):
tunnel_killer = self._killing.get(prefix) tunnel_killer = self._killing.get(prefix)
...@@ -419,6 +421,11 @@ class TunnelManager(object): ...@@ -419,6 +421,11 @@ class TunnelManager(object):
elif len(distant_peers) < count or 0 < self._disconnected < time.time(): elif len(distant_peers) < count or 0 < self._disconnected < time.time():
return True return True
if distant_peers: if distant_peers:
if count and not self._served:
# Limit number of client tunnels if server is not reachable
# from outside.
count = max(0, min(2, self._client_count)
- len(self._connection_dict))
# Normal operation. Choose peers to connect to by looking at the # Normal operation. Choose peers to connect to by looking at the
# routing table. # routing table.
while count and distant_peers: while count and distant_peers:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment