diff options
| author | Pieter Wuille <pieter@wuille.net> | 2020-06-08 18:46:53 -0700 |
|---|---|---|
| committer | Pieter Wuille <pieter@wuille.net> | 2020-07-03 20:43:55 -0700 |
| commit | b691f2df5f7d443c0c9ee056ab94aa0fc19566d5 (patch) | |
| tree | 00f4cdae9cd0ea068634de9d910229123e7e7847 /src/net.cpp | |
| parent | 3276c148c4cac7b7c9adbaab5997b26488612085 (diff) | |
| download | bitcoin-b691f2df5f7d443c0c9ee056ab94aa0fc19566d5.tar.xz | |
Replace automatic bans with discouragement filter
This patch improves performance and resource usage around IP
addresses that are banned for misbehavior. They're already not
actually banned, as connections from them are still allowed,
but they are preferred for eviction if the inbound connection
slots are full.
Stop treating these like manually banned IP ranges, and instead
just keep them in a rolling Bloom filter of misbehaving nodes,
which isn't persisted to disk or exposed through the ban
framework. The effect remains the same: preferred for eviction,
avoided for outgoing connections, and not relayed to other peers.
Also change the name of this mechanism to better reflect reality;
they're not banned, just discouraged.
Contains release notes and several interface improvements by
John Newbery.
Diffstat (limited to 'src/net.cpp')
| -rw-r--r-- | src/net.cpp | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/net.cpp b/src/net.cpp index 281232d801..760335e5e5 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -1012,15 +1012,22 @@ void CConnman::AcceptConnection(const ListenSocket& hListenSocket) { int bannedlevel = m_banman ? m_banman->IsBannedLevel(addr) : 0; - // Don't accept connections from banned peers, but if our inbound slots aren't almost full, accept - // if the only banning reason was an automatic misbehavior ban. - if (!NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::PF_NOBAN) && bannedlevel > ((nInbound + 1 < nMaxInbound) ? 1 : 0)) + // Don't accept connections from banned peers. + if (!NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::PF_NOBAN) && bannedlevel == 2) { LogPrint(BCLog::NET, "connection from %s dropped (banned)\n", addr.ToString()); CloseSocket(hSocket); return; } + // Only accept connections from discouraged peers if our inbound slots aren't (almost) full. + if (!NetPermissions::HasFlag(permissionFlags, NetPermissionFlags::PF_NOBAN) && nInbound + 1 >= nMaxInbound && bannedlevel >= 1) + { + LogPrint(BCLog::NET, "connection from %s dropped (discouraged)\n", addr.ToString()); + CloseSocket(hSocket); + return; + } + if (nInbound >= nMaxInbound) { if (!AttemptToEvictConnection()) { |