webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tka: consolidate all the limits into a single file

Browse Source 
This makes the limits easier to find and change, rather than scattering
them across the TKA code.

Updates #cleanup

Change-Id: I2f9b3b83d293eebb2572fa7bb6de2ca1f3d9a192
Signed-off-by: Alex Chan <alexc@tailscale.com>
This commit is contained in:
Alex Chan
2026-03-31 11:19:32 +01:00
committed by Alex Chan
parent 4334dfa7d5
commit 6f0ca946c6
5 changed files with 24 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tka/key.go
-2
View File
@@ -104,8 +104,6 @@ func (k Key) Ed25519() (ed25519.PublicKey, error) {
}
}
const maxMetaBytes = 512
func (k Key) StaticValidate() error {
if k.Votes > 4096 {
return fmt.Errorf("excessive key weight: %d > 4096", k.Votes)
tka/limits.go
+24
View File
@@ -0,0 +1,24 @@
// Copyright (c) Tailscale Inc & contributors
// SPDX-License-Identifier: BSD-3-Clause
package tka
const (
// Upper bound on checkpoint elements, chosen arbitrarily. Intended
// to cap the size of large AUMs.
maxDisablementSecrets = 32
maxKeys = 512
// Max amount of metadata that can be associated with a key, chosen arbitrarily.
// Intended to avoid people abusing TKA as a key-value score.
maxMetaBytes = 512
// Max iterations searching for any intersection during the sync process.
maxSyncIter = 2000
// Max iterations searching for a head intersection during the sync process.
maxSyncHeadIntersectionIter = 400
// Limit on scanning AUM trees, chosen arbitrarily.
maxScanIterations = 2000
)
tka/state.go
-7
View File
@@ -248,13 +248,6 @@ func (s State) applyVerifiedAUM(update AUM) (State, error) {
}
}
// Upper bound on checkpoint elements, chosen arbitrarily. Intended to
// cap out insanely large AUMs.
const (
maxDisablementSecrets = 32
maxKeys = 512
)
// staticValidateCheckpoint validates that the state is well-formed for
// inclusion in a checkpoint AUM.
func (s *State) staticValidateCheckpoint() error {
tka/sync.go
-7
View File
@@ -11,13 +11,6 @@ import (
"os"
)
const (
// Max iterations searching for any intersection.
maxSyncIter = 2000
// Max iterations searching for a head intersection.
maxSyncHeadIntersectionIter = 400
)
// ErrNoIntersection is returned when a shared AUM could
// not be determined when evaluating a remote sync offer.
var ErrNoIntersection = errors.New("no intersection")
tka/tka.go
-3
View File
@@ -31,9 +31,6 @@ var cborDecOpts = cbor.DecOptions{
MaxMapPairs: 1024,
}
// Arbitrarily chosen limit on scanning AUM trees.
const maxScanIterations = 2000
// Authority is a Tailnet Key Authority. This type is the main coupling
// point to the rest of the tailscale client.
//