LBRYCommunity/lbcd
1
0
Fork 0
Code Issues 17 Pull requests 4 Projects Releases 28 Packages Wiki Activity
lbcd/connmgr/dynamicbanscore.go

147 lines
4.2 KiB
Go
Raw Normal View History

Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
// Copyright (c) 2016 The btcsuite developers
// Use of this source code is governed by an ISC
// license that can be found in the LICENSE file.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
package connmgr
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
import (
"fmt"
"math"
"sync"
"time"
)
const (
// Halflife defines the time (in seconds) by which the transient part
// of the ban score decays to one half of it's original value.
Halflife = 60
// lambda is the decaying constant.
lambda = math.Ln2 / Halflife
// Lifetime defines the maximum age of the transient part of the ban
// score to be considered a non-zero score (in seconds).
Lifetime = 1800
// precomputedLen defines the amount of decay factors (one per second) that
// should be precomputed at initialization.
precomputedLen = 64
)
// precomputedFactor stores precomputed exponential decay factors for the first
// 'precomputedLen' seconds starting from t == 0.
var precomputedFactor [precomputedLen]float64
// init precomputes decay factors.
func init() {
for i := range precomputedFactor {
precomputedFactor[i] = math.Exp(-1.0 * float64(i) * lambda)
}
}
// decayFactor returns the decay factor at t seconds, using precalculated values
// if available, or calculating the factor if needed.
func decayFactor(t int64) float64 {
if t < precomputedLen {
return precomputedFactor[t]
}
return math.Exp(-1.0 * float64(t) * lambda)
}
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
// DynamicBanScore provides dynamic ban scores consisting of a persistent and a
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
// decaying component. The persistent score could be utilized to create simple
// additive banning policies similar to those found in other bitcoin node
// implementations.
//
// The decaying score enables the creation of evasive logic which handles
// misbehaving peers (especially application layer DoS attacks) gracefully
// by disconnecting and banning peers attempting various kinds of flooding.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
// DynamicBanScore allows these two approaches to be used in tandem.
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
//
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
// Zero value: Values of type DynamicBanScore are immediately ready for use upon
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
// declaration.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
type DynamicBanScore struct {
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
lastUnix int64
transient float64
persistent uint32
sync.Mutex
}
// String returns the ban score as a human-readable string.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
func (s *DynamicBanScore) String() string {
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
s.Lock()
r := fmt.Sprintf("persistent %v + transient %v at %v = %v as of now",
s.persistent, s.transient, s.lastUnix, s.Int())
s.Unlock()
return r
}
// Int returns the current ban score, the sum of the persistent and decaying
// scores.
//
// This function is safe for concurrent access.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
func (s *DynamicBanScore) Int() uint32 {
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
s.Lock()
r := s.int(time.Now())
s.Unlock()
return r
}
// Increase increases both the persistent and decaying scores by the values
// passed as parameters. The resulting score is returned.
//
// This function is safe for concurrent access.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
func (s *DynamicBanScore) Increase(persistent, transient uint32) uint32 {
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
s.Lock()
r := s.increase(persistent, transient, time.Now())
s.Unlock()
return r
}
// Reset set both persistent and decaying scores to zero.
//
// This function is safe for concurrent access.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
func (s *DynamicBanScore) Reset() {
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
s.Lock()
s.persistent = 0
s.transient = 0
s.lastUnix = 0
s.Unlock()
}
// int returns the ban score, the sum of the persistent and decaying scores at a
// given point in time.
//
// This function is not safe for concurrent access. It is intended to be used
// internally and during testing.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
func (s *DynamicBanScore) int(t time.Time) uint32 {
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
dt := t.Unix() - s.lastUnix
if s.transient < 1 || dt < 0 || Lifetime < dt {
return s.persistent
}
return s.persistent + uint32(s.transient*decayFactor(dt))
}
// increase increases the persistent, the decaying or both scores by the values
// passed as parameters. The resulting score is calculated as if the action was
multi: Fix several misspellings in the comments. This commit corrects several typos in the comments found by misspell.
2016-02-25 18:17:12 +01:00
// carried out at the point time represented by the third parameter. The
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
// resulting score is returned.
//
// This function is not safe for concurrent access.
connmgr: Refactor connection management into pkg This commit introduces package connmgr which contains connection management related functionality. The following is an overview of the features the package provides: - Maintain fixed number of outbound connections - Optional connect-only mode - Retry persistent connections with increasing back-off - Source peers from DNS seeds - Use Tor to resolve DNS - Dynamic ban scores - Test coverage In addition, btcd has been refactored to make use of the new package by extending the connection manager to work with the server to source and maintain peer connections. The following is a broad overview of the changes to integrate the package: - Simplify peer state by removing pending, retry peers - Refactor to remove retries which are now handled by connmgr - Use callback to add addresses sourced from the DNS seed Finally the following connection-related things have been improved as a part of this refactor: - Fixes 100% cpu usage when network is down (#129) - Fixes issues with max peers (#577) - Simplify outbound peer connections management
2016-05-12 11:06:07 +02:00
func (s *DynamicBanScore) increase(persistent, transient uint32, t time.Time) uint32 {
Implement banning based on dynamic ban scores Dynamic ban scores consist of a persistent and a decaying component. The persistent score can be used to create simple additive banning policies simlar to those found in other bitcoin node implementations. The decaying score enables the creation of evasive logic which handles misbehaving peers (especially application layer DoS attacks) gracefully by disconnecting and banning peers attempting various kinds of flooding. Dynamic ban scores allow these two approaches to be used in tandem. This pull request includes the following: - Dynamic ban score type & functions, with tests for core functionality - Ban score of connected peers can be queried via rpc (getpeerinfo) - Example policy with decaying score increments on mempool and getdata - Logging of misbehavior once half of the ban threshold is reached - Banning logic can be disabled via configuration (enabled by default) - User defined ban threshold can be set via configuration
2016-01-23 04:11:22 +01:00
s.persistent += persistent
tu := t.Unix()
dt := tu - s.lastUnix
if transient > 0 {
if Lifetime < dt {
s.transient = 0
} else if s.transient > 1 && dt > 0 {
s.transient *= decayFactor(dt)
}
s.transient += float64(transient)
s.lastUnix = tu
}
return s.persistent + uint32(s.transient)
}
Reference in a new issue Copy permalink