Constant zebra_network::constants::INBOUND_PEER_LIMIT_MULTIPLIER

pub const INBOUND_PEER_LIMIT_MULTIPLIER: usize = 5;

A multiplier used to calculate the inbound connection limit for the peer set,

When it starts up, Zebra opens [Config.peerset_initial_target_size] outbound connections.

Then it opens additional outbound connections as needed for network requests, and accepts inbound connections initiated by other peers.

The inbound and outbound connection limits are calculated from:

The inbound limit is: Config.peerset_initial_target_size * INBOUND_PEER_LIMIT_MULTIPLIER. (This is similar to zcashd’s default inbound limit.)

The outbound limit is: Config.peerset_initial_target_size * OUTBOUND_PEER_LIMIT_MULTIPLIER. (This is a bit larger than zcashd’s default outbound limit.)

Security

Each connection requires one inbound slot and one outbound slot, on two different peers. But some peers only make outbound connections, because they are behind a firewall, or their lister port address is misconfigured.

Zebra allows extra inbound connection slots, to prevent accidental connection slot exhaustion. (zcashd also allows a large number of extra inbound slots.)

Security Tradeoff

Since the inbound peer limit is higher than the outbound peer limit, Zebra can be connected to a majority of peers that it has not chosen from its crate::AddressBook.

Inbound peer connections are initiated by the remote peer, so inbound peer selection is not controlled by the local node. This means that an attacker can easily become a majority of a node’s peers.

However, connection exhaustion is a higher priority.