aboutsummaryrefslogtreecommitdiff
path: root/src/banman.h
diff options
context:
space:
mode:
authorCory Fields <cory-nospam-@coryfields.com>2017-10-05 16:40:43 -0400
committerCarl Dong <accounts@carldong.me>2019-01-16 13:54:18 -0500
commitaf3503d903b1a608cd212e2d74b274103199078c (patch)
tree14c60eea45f0f1ed6ccde5241be58922102524ec /src/banman.h
parentd0469b2e9386a7a4b268cb9725347e7517acace6 (diff)
net: move BanMan to its own files
Diffstat (limited to 'src/banman.h')
-rw-r--r--src/banman.h69
1 files changed, 69 insertions, 0 deletions
diff --git a/src/banman.h b/src/banman.h
new file mode 100644
index 0000000000..898ae85197
--- /dev/null
+++ b/src/banman.h
@@ -0,0 +1,69 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2017 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+#ifndef BITCOIN_BANMAN_H
+#define BITCOIN_BANMAN_H
+
+#include <cstdint>
+#include <memory>
+
+#include <addrdb.h>
+#include <fs.h>
+#include <sync.h>
+
+// NOTE: When adjusting this, update rpcnet:setban's help ("24h")
+static constexpr unsigned int DEFAULT_MISBEHAVING_BANTIME = 60 * 60 * 24; // Default 24-hour ban
+
+class CClientUIInterface;
+class CNetAddr;
+class CSubNet;
+
+// Denial-of-service detection/prevention
+// The idea is to detect peers that are behaving
+// badly and disconnect/ban them, but do it in a
+// one-coding-mistake-won't-shatter-the-entire-network
+// way.
+// IMPORTANT: There should be nothing I can give a
+// node that it will forward on that will make that
+// node's peers drop it. If there is, an attacker
+// can isolate a node and/or try to split the network.
+// Dropping a node for sending stuff that is invalid
+// now but might be valid in a later version is also
+// dangerous, because it can cause a network split
+// between nodes running old code and nodes running
+// new code.
+
+class BanMan
+{
+public:
+ ~BanMan();
+ BanMan(fs::path ban_file, CClientUIInterface* client_interface, int64_t default_ban_time);
+ void Ban(const CNetAddr& netAddr, const BanReason& banReason, int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
+ void Ban(const CSubNet& subNet, const BanReason& banReason, int64_t bantimeoffset = 0, bool sinceUnixEpoch = false);
+ void ClearBanned(); // needed for unit testing
+ bool IsBanned(CNetAddr netAddr);
+ bool IsBanned(CSubNet subNet);
+ bool Unban(const CNetAddr& netAddr);
+ bool Unban(const CSubNet& subNet);
+ void GetBanned(banmap_t& banMap);
+ void DumpBanlist();
+
+private:
+ void SetBanned(const banmap_t& banMap);
+ bool BannedSetIsDirty();
+ //!set the "dirty" flag for the banlist
+ void SetBannedSetDirty(bool dirty = true);
+ //!clean unused entries (if bantime has expired)
+ void SweepBanned();
+
+ banmap_t setBanned;
+ CCriticalSection cs_setBanned;
+ bool setBannedIsDirty;
+ CClientUIInterface* clientInterface = nullptr;
+ CBanDB m_ban_db;
+ int64_t m_default_ban_time;
+};
+
+extern std::unique_ptr<BanMan> g_banman;
+#endif