diff options
| author | Pieter Wuille <pieter@wuille.net> | 2020-06-08 18:46:53 -0700 |
|---|---|---|
| committer | Pieter Wuille <pieter@wuille.net> | 2020-07-03 20:43:55 -0700 |
| commit | b691f2df5f7d443c0c9ee056ab94aa0fc19566d5 (patch) | |
| tree | 00f4cdae9cd0ea068634de9d910229123e7e7847 /src/banman.cpp | |
| parent | 3276c148c4cac7b7c9adbaab5997b26488612085 (diff) | |
Replace automatic bans with discouragement filter
This patch improves performance and resource usage around IP
addresses that are banned for misbehavior. They're already not
actually banned, as connections from them are still allowed,
but they are preferred for eviction if the inbound connection
slots are full.
Stop treating these like manually banned IP ranges, and instead
just keep them in a rolling Bloom filter of misbehaving nodes,
which isn't persisted to disk or exposed through the ban
framework. The effect remains the same: preferred for eviction,
avoided for outgoing connections, and not relayed to other peers.
Also change the name of this mechanism to better reflect reality;
they're not banned, just discouraged.
Contains release notes and several interface improvements by
John Newbery.
Diffstat (limited to 'src/banman.cpp')
| -rw-r--r-- | src/banman.cpp | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/banman.cpp b/src/banman.cpp index 422904bb33..2d14433f68 100644 --- a/src/banman.cpp +++ b/src/banman.cpp @@ -74,7 +74,6 @@ int BanMan::IsBannedLevel(CNetAddr net_addr) // 0 - Not banned // 1 - Automatic misbehavior ban // 2 - Any other ban - int level = 0; auto current_time = GetTime(); LOCK(m_cs_banned); for (const auto& it : m_banned) { @@ -82,17 +81,17 @@ int BanMan::IsBannedLevel(CNetAddr net_addr) CBanEntry ban_entry = it.second; if (current_time < ban_entry.nBanUntil && sub_net.Match(net_addr)) { - if (ban_entry.banReason != BanReasonNodeMisbehaving) return 2; - level = 1; + return 2; } } - return level; + return m_discouraged.contains(net_addr.GetAddrBytes()) ? 1 : 0; } bool BanMan::IsBanned(CNetAddr net_addr) { auto current_time = GetTime(); LOCK(m_cs_banned); + if (m_discouraged.contains(net_addr.GetAddrBytes())) return true; for (const auto& it : m_banned) { CSubNet sub_net = it.first; CBanEntry ban_entry = it.second; @@ -120,12 +119,18 @@ bool BanMan::IsBanned(CSubNet sub_net) void BanMan::Ban(const CNetAddr& net_addr, const BanReason& ban_reason, int64_t ban_time_offset, bool since_unix_epoch) { + if (ban_reason == BanReasonNodeMisbehaving) { + LOCK(m_cs_banned); + m_discouraged.insert(net_addr.GetAddrBytes()); + return; + } CSubNet sub_net(net_addr); Ban(sub_net, ban_reason, ban_time_offset, since_unix_epoch); } void BanMan::Ban(const CSubNet& sub_net, const BanReason& ban_reason, int64_t ban_time_offset, bool since_unix_epoch) { + assert(ban_reason == BanReasonManuallyAdded); CBanEntry ban_entry(GetTime(), ban_reason); int64_t normalized_ban_time_offset = ban_time_offset; |