Simply network auth logic and always sent error on auth failure even for unknown networks to prevent forensics.

node/Peer.hpp

@@ -395,9 +395,9 @@ public:
 	}
 
 	/**
-	 * Rate gate requests for network COM
+	 * Rate gate incoming requests for network COM
 	 */
-	inline bool rateGateComRequest(const uint64_t now)
+	inline bool rateGateIncomingComRequest(const uint64_t now)
 	{
 		if ((now - _lastComRequestReceived) >= ZT_PEER_GENERAL_RATE_LIMIT) {
 			_lastComRequestReceived = now;
@@ -406,6 +406,18 @@ public:
 		return false;
 	}
 
+	/**
+	 * Rate gate outgoing requests for network COM
+	 */
+	inline bool rateGateOutgoingComRequest(const uint64_t now)
+	{
+		if ((now - _lastComRequestSent) >= ZT_PEER_GENERAL_RATE_LIMIT) {
+			_lastComRequestSent = now;
+			return true;
+		}
+		return false;
+	}
+
 	/**
 	 * Find a common set of addresses by which two peers can link, if any
 	 *
@@ -465,6 +477,7 @@ private:
 	uint64_t _lastWhoisRequestReceived;
 	uint64_t _lastEchoRequestReceived;
 	uint64_t _lastComRequestReceived;
+	uint64_t _lastComRequestSent;
 	uint64_t _lastCredentialsReceived;
 	uint64_t _lastTrustEstablishedPacketReceived;
 	const RuntimeEnvironment *RR;