diff options
| author |   Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-12-21 00:17:31 +0100 |
|---|---|---|
| committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-12-21 00:17:31 +0100 |
| commit | aabefa50436af8d614520bb219d675953eeba6eb (patch) | |
| tree | 9186ef07b94f12e75040d5163477ef1e549cee14 /src/wireguard/constants.rs | |
| parent | Constant renamed to be consistent with kernel WG (diff) | |
| download | wireguard-rs-aabefa50436af8d614520bb219d675953eeba6eb.tar.xz wireguard-rs-aabefa50436af8d614520bb219d675953eeba6eb.zip | |
Remove unused test code.
- make naming consistent with the kernel module.
- better distribution of functionality from src/wireguard.rs
- more consistent "import pattern" throughout the project.
- remove unused test code.
Diffstat (limited to 'src/wireguard/constants.rs')
| -rw-r--r-- | src/wireguard/constants.rs | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/src/wireguard/constants.rs b/src/wireguard/constants.rs index 97ce6b1..4d0ae54 100644 --- a/src/wireguard/constants.rs +++ b/src/wireguard/constants.rs @@ -10,17 +10,48 @@ pub const REKEY_ATTEMPT_TIME: Duration = Duration::from_secs(90); pub const REKEY_TIMEOUT: Duration = Duration::from_secs(5); pub const KEEPALIVE_TIMEOUT: Duration = Duration::from_secs(10); -pub const MAX_TIMER_HANDSHAKES: usize = 18; +pub const MAX_TIMER_HANDSHAKES: usize = + (REKEY_ATTEMPT_TIME.as_secs() / REKEY_TIMEOUT.as_secs()) as usize; +// Semantics: +// Maximum number of buffered handshake requests +// (either from outside message or handshake requests triggered locally) +pub const MAX_QUEUED_INCOMING_HANDSHAKES: usize = 4096; + +// Semantics: +// When the number of queued handshake requests exceeds this number +// the device is considered under load and DoS mitigation is triggered. +pub const THRESHOLD_UNDER_LOAD: usize = MAX_QUEUED_INCOMING_HANDSHAKES / 8; + +// Semantics: +// When a device is detected to go under load, +// it will remain under load for at least the following duration. +pub const DURATION_UNDER_LOAD: Duration = Duration::from_secs(1); + +// Semantics: +// The payload of transport messages are padded to this multiple +pub const MESSAGE_PADDING_MULTIPLE: usize = 16; + +// Semantics: +// Longest possible duration of any WireGuard timer pub const TIMER_MAX_DURATION: Duration = Duration::from_secs(200); + +// Semantics: +// Resolution of the timer-wheel pub const TIMERS_TICK: Duration = Duration::from_millis(100); + +// Semantics: +// Resulting number of slots in the wheel pub const TIMERS_SLOTS: usize = (TIMER_MAX_DURATION.as_micros() / TIMERS_TICK.as_micros()) as usize; -pub const TIMERS_CAPACITY: usize = 1024; -pub const MESSAGE_PADDING_MULTIPLE: usize = 16; +// Performance: +// Initial capacity of timer-wheel (grows to accommodate more timers) +pub const TIMERS_CAPACITY: usize = 16; /* A long duration (compared to the WireGuard time constants), * used in places to avoid Option<Instant> by instead using a long "expired" Instant: * (Instant::now() - TIME_HORIZON) + * + * Note, this duration need not fit inside the timer wheel. */ -pub const TIME_HORIZON: Duration = Duration::from_secs(60 * 60 * 24); +pub const TIME_HORIZON: Duration = Duration::from_secs(TIMER_MAX_DURATION.as_secs() * 2); |