Router: Reduce and document the banlist-forever threshold
Some checks failed
Sync Primary Repository to GitHub Mirror / sync (push) Has been cancelled
Daily Workflow / daily-job (push) Has been cancelled
Daily Workflow / javadoc-latest (push) Has been cancelled
Daily Workflow / build-java7 (push) Has been cancelled
Java CI / build (push) Has been cancelled
Java CI / javadoc-latest (push) Has been cancelled
Java CI / build-java7 (push) Has been cancelled
Dockerhub / docker (push) Has been cancelled
Java with IzPack Snapshot Setup / setup (push) Has been cancelled
Some checks failed
Sync Primary Repository to GitHub Mirror / sync (push) Has been cancelled
Daily Workflow / daily-job (push) Has been cancelled
Daily Workflow / javadoc-latest (push) Has been cancelled
Daily Workflow / build-java7 (push) Has been cancelled
Java CI / build (push) Has been cancelled
Java CI / javadoc-latest (push) Has been cancelled
Java CI / build-java7 (push) Has been cancelled
Dockerhub / docker (push) Has been cancelled
Java with IzPack Snapshot Setup / setup (push) Has been cancelled
SSU2: Reduce bad RI ban time if floodfill
This commit is contained in:
zzz
@ -69,6 +69,15 @@ public class Banlist {
|
||||
public final static long BANLIST_DURATION_NO_NETWORK = 30*24*60*60*1000L;
|
||||
public final static long BANLIST_DURATION_LOCALHOST = 2*60*60*1000;
|
||||
private final static long BANLIST_CLEANER_START_DELAY = BANLIST_DURATION_PARTIAL;
|
||||
|
||||
/**
|
||||
* A ban that expires after this will return true in isBanlistedForever().
|
||||
* In the transports, "forever" is treated as a hard ban, and both
|
||||
* inbound and outbound connections will be rejected.
|
||||
* Not-forever is treated as a soft ban, with outbound rejected
|
||||
* but inbound will be allowed and will automatically unban.
|
||||
*/
|
||||
private static final long BANLIST_FOREVER_THRESHOLD = 24*60*60*1000L;
|
||||
|
||||
public Banlist(RouterContext context) {
|
||||
_context = context;
|
||||
@ -336,9 +345,12 @@ public class Banlist {
|
||||
return rv;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return true if banned and expires more than 24 hours from now
|
||||
*/
|
||||
public boolean isBanlistedForever(Hash peer) {
|
||||
Entry entry = _entries.get(peer);
|
||||
return entry != null && entry.expireOn > _context.clock().now() + 2*24*60*60*1000L;
|
||||
return entry != null && entry.expireOn > _context.clock().now() + BANLIST_FOREVER_THRESHOLD;
|
||||
}
|
||||
|
||||
/** @deprecated moved to router console */
|
||||
|
||||
@ -253,8 +253,11 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
|
||||
// see SSU2Payload: RI format error, signature was verified there, so we can take action
|
||||
_context.blocklist().add(_aliceIP);
|
||||
Hash h = _receivedUnconfirmedIdentity.calculateHash();
|
||||
// these really hammer the floodfills, so reduce the time on floodfills
|
||||
// so the banlist doesn't get huge
|
||||
long time = _context.netDb().floodfillEnabled() ? 36*60*60*1000 : 4*24*60*60*1000;
|
||||
_context.banlist().banlistRouter(h, "Signed bad RI", null,
|
||||
null, _context.clock().now() + 4*24*60*60*1000);
|
||||
null, _context.clock().now() + time);
|
||||
throw new RIException("RI DFE " + h.toBase64(), REASON_BANNED);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user