Overview
The remote communications system needs rate limiting to protect against message and connection flooding attacks.
Note: PR #714 implemented resource limits for capacity (concurrent connections, message size, queue depth). This issue now tracks the remaining rate-based limits.
What's Already Implemented (PR #714)
- ✅ 100 concurrent connections limit (
maxConcurrentConnections)
- ✅ 1MB message size limit (
maxMessageSizeBytes)
- ✅ Message queuing with 200 capacity (
maxQueue)
- ✅ Stale peer cleanup (1 hour timeout)
Remaining Work
1. Message Rate Limiting
- Requirement: 100 messages per second per peer (sliding 1-second window)
- Behavior: Queue excess messages up to capacity, then drop with error logging
- Implementation: Track per-peer message counts with sliding windows, validate rates before sending
2. Connection Attempt Rate Limiting
- Requirement: 10 connection attempts per minute per peer
- Behavior: Reject connection attempts that exceed the rate limit
- Implementation: Log connection attempt timestamps per peer, validate before dialing
Implementation Approach
- Create a
SlidingWindowRateLimiter class for tracking message rates
- Add per-peer connection attempt tracking
- Integrate rate checks into
sendRemoteMessage() and dial logic
- Add error logging when messages are dropped due to rate limits
Acceptance Criteria
Overview
The remote communications system needs rate limiting to protect against message and connection flooding attacks.
What's Already Implemented (PR #714)
maxConcurrentConnections)maxMessageSizeBytes)maxQueue)Remaining Work
1. Message Rate Limiting
2. Connection Attempt Rate Limiting
Implementation Approach
SlidingWindowRateLimiterclass for tracking message ratessendRemoteMessage()and dial logicAcceptance Criteria