tka: consolidate all the limits into a single file
This makes the limits easier to find and change, rather than scattering them across the TKA code. Updates #cleanup Change-Id: I2f9b3b83d293eebb2572fa7bb6de2ca1f3d9a192 Signed-off-by: Alex Chan <alexc@tailscale.com>
This commit is contained in:
Alex Chan
Alex Chan
@@ -104,8 +104,6 @@ func (k Key) Ed25519() (ed25519.PublicKey, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const maxMetaBytes = 512
|
|
||||||
|
|
||||||
func (k Key) StaticValidate() error {
|
func (k Key) StaticValidate() error {
|
||||||
if k.Votes > 4096 {
|
if k.Votes > 4096 {
|
||||||
return fmt.Errorf("excessive key weight: %d > 4096", k.Votes)
|
return fmt.Errorf("excessive key weight: %d > 4096", k.Votes)
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
// Copyright (c) Tailscale Inc & contributors
|
||||||
|
// SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
|
||||||
|
package tka
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Upper bound on checkpoint elements, chosen arbitrarily. Intended
|
||||||
|
// to cap the size of large AUMs.
|
||||||
|
maxDisablementSecrets = 32
|
||||||
|
maxKeys = 512
|
||||||
|
|
||||||
|
// Max amount of metadata that can be associated with a key, chosen arbitrarily.
|
||||||
|
// Intended to avoid people abusing TKA as a key-value score.
|
||||||
|
maxMetaBytes = 512
|
||||||
|
|
||||||
|
// Max iterations searching for any intersection during the sync process.
|
||||||
|
maxSyncIter = 2000
|
||||||
|
|
||||||
|
// Max iterations searching for a head intersection during the sync process.
|
||||||
|
maxSyncHeadIntersectionIter = 400
|
||||||
|
|
||||||
|
// Limit on scanning AUM trees, chosen arbitrarily.
|
||||||
|
maxScanIterations = 2000
|
||||||
|
)
|
||||||
@@ -248,13 +248,6 @@ func (s State) applyVerifiedAUM(update AUM) (State, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Upper bound on checkpoint elements, chosen arbitrarily. Intended to
|
|
||||||
// cap out insanely large AUMs.
|
|
||||||
const (
|
|
||||||
maxDisablementSecrets = 32
|
|
||||||
maxKeys = 512
|
|
||||||
)
|
|
||||||
|
|
||||||
// staticValidateCheckpoint validates that the state is well-formed for
|
// staticValidateCheckpoint validates that the state is well-formed for
|
||||||
// inclusion in a checkpoint AUM.
|
// inclusion in a checkpoint AUM.
|
||||||
func (s *State) staticValidateCheckpoint() error {
|
func (s *State) staticValidateCheckpoint() error {
|
||||||
|
|||||||
@@ -11,13 +11,6 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
|
||||||
// Max iterations searching for any intersection.
|
|
||||||
maxSyncIter = 2000
|
|
||||||
// Max iterations searching for a head intersection.
|
|
||||||
maxSyncHeadIntersectionIter = 400
|
|
||||||
)
|
|
||||||
|
|
||||||
// ErrNoIntersection is returned when a shared AUM could
|
// ErrNoIntersection is returned when a shared AUM could
|
||||||
// not be determined when evaluating a remote sync offer.
|
// not be determined when evaluating a remote sync offer.
|
||||||
var ErrNoIntersection = errors.New("no intersection")
|
var ErrNoIntersection = errors.New("no intersection")
|
||||||
|
|||||||
@@ -31,9 +31,6 @@ var cborDecOpts = cbor.DecOptions{
|
|||||||
MaxMapPairs: 1024,
|
MaxMapPairs: 1024,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Arbitrarily chosen limit on scanning AUM trees.
|
|
||||||
const maxScanIterations = 2000
|
|
||||||
|
|
||||||
// Authority is a Tailnet Key Authority. This type is the main coupling
|
// Authority is a Tailnet Key Authority. This type is the main coupling
|
||||||
// point to the rest of the tailscale client.
|
// point to the rest of the tailscale client.
|
||||||
//
|
//
|
||||||
|
|||||||
Reference in New Issue
Block a user