diff --git a/go.mod b/go.mod index 0ef58e0..1d0568a 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/transparency-dev/armored-witness-os v0.1.3-0.20240524123036-bdd4b0b96386 github.com/transparency-dev/formats v0.0.0-20240610130149-01e8727bec75 github.com/transparency-dev/serverless-log v0.0.0-20240408141044-5d483a81bdb7 - github.com/transparency-dev/witness v0.0.0-20240612131802-aa0e8e37a478 + github.com/transparency-dev/witness v0.0.0-20240625135645-1bc742f2c18b github.com/usbarmory/GoTEE v0.0.0-20240314122327-40179239ad36 github.com/usbarmory/imx-enet v0.0.0-20240304151238-5b3010d57ea3 github.com/usbarmory/tamago v0.0.0-20240321170635-3bf2d607eccb @@ -45,7 +45,7 @@ require ( github.com/prometheus/procfs v0.12.0 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/transparency-dev/merkle v0.0.2 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect diff --git a/go.sum b/go.sum index a8ccc81..2256cc8 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/transparency-dev/serverless-log v0.0.0-20240408141044-5d483a81bdb7 h1:Caqvx+/b2hpuK5dHLMtKxoNsNhSf6JsT9m+7Xgk1z6Y= github.com/transparency-dev/serverless-log v0.0.0-20240408141044-5d483a81bdb7/go.mod h1:A+cQ9EQeah/Ua7JaMOAAKkCfyDZPsq74o+UgwqQEPsQ= -github.com/transparency-dev/witness v0.0.0-20240612131802-aa0e8e37a478 h1:mPPVI+UFUntXKzKsarClIaQ7W8j4fdww1DrAq90tWOo= -github.com/transparency-dev/witness v0.0.0-20240612131802-aa0e8e37a478/go.mod h1:Iq7rPFk24Io/+bgoJU56E18G/JGKdv6B8wgPSEIG5WA= +github.com/transparency-dev/witness v0.0.0-20240625135645-1bc742f2c18b h1:fxC3BUw4spFvzTiaET94nKxqM04tw7DvZ2rqg7arPZg= +github.com/transparency-dev/witness v0.0.0-20240625135645-1bc742f2c18b/go.mod h1:z6UUZOM1dbLYdqwmeH/cK3AaL/8l9MrgzaOrxCxO4+Y= github.com/usbarmory/GoTEE v0.0.0-20240314122327-40179239ad36 h1:rZfhjJpgKuwos6KBdHKouDJmYmpV/FJv4q34eIjtPjw= github.com/usbarmory/GoTEE v0.0.0-20240314122327-40179239ad36/go.mod h1:YlZVucqxy/z5QWKerml3Vm5T14UOzZEs2kXfS1nilx8= github.com/usbarmory/imx-enet v0.0.0-20240304151238-5b3010d57ea3 h1:o6ixndtlZMRKOXcDCc2Mw6lSu1f79jmIaSY0wyzkmq4= @@ -85,8 +85,8 @@ golang.org/x/crypto/x509roots/fallback v0.0.0-20230623170555-183630ada7e0 h1:8O7 golang.org/x/crypto/x509roots/fallback v0.0.0-20230623170555-183630ada7e0/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8= golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= diff --git a/trusted_applet/main.go b/trusted_applet/main.go index 345b226..94be860 100644 --- a/trusted_applet/main.go +++ b/trusted_applet/main.go @@ -71,6 +71,9 @@ const ( // updateCheckInterval is the time between checking the FT Log for firmware // updates. updateCheckInterval = 5 * time.Minute + + // bastionRateLimit is the maximum number of bastion requests per second to serve. + bastionRateLimit = float64(10) ) var ( @@ -360,6 +363,7 @@ func runWithNetworking(ctx context.Context) error { klog.Infof("Bastion host %q configured", BastionAddr) opConfig.BastionAddr = BastionAddr opConfig.BastionKey = bastionSigningKey + opConfig.BastionRateLimit = bastionRateLimit } mainListener, err := listenCfg.Listen(ctx, "tcp", ":80") if err != nil {