Bitcoin ABC 0.30.7
P2P Digital Currency
banman.h
Go to the documentation of this file.
1// Copyright (c) 2009-2010 Satoshi Nakamoto
2// Copyright (c) 2009-2017 The Bitcoin Core developers
3// Distributed under the MIT software license, see the accompanying
4// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5#ifndef BITCOIN_BANMAN_H
6#define BITCOIN_BANMAN_H
7
8#include <addrdb.h>
9#include <common/bloom.h>
10#include <net_types.h> // For banmap_t
11#include <sync.h>
12#include <util/fs.h>
13
14#include <chrono>
15#include <cstdint>
16#include <memory>
17
18// Default 24-hour ban.
19// NOTE: When adjusting this, update rpcnet:setban's help ("24h")
20static constexpr unsigned int DEFAULT_MISBEHAVING_BANTIME = 60 * 60 * 24;
21// How often to dump addresses to banlist.dat
22static constexpr std::chrono::minutes DUMP_BANS_INTERVAL{15};
23
25class CNetAddr;
26class CSubNet;
27
28// Banman manages two related but distinct concepts:
29//
30// 1. Banning. This is configured manually by the user, through the setban RPC.
31// If an address or subnet is banned, we never accept incoming connections from
32// it and never create outgoing connections to it. We won't gossip its address
33// to other peers in addr messages. Banned addresses and subnets are stored to
34// banlist.dat on shutdown and reloaded on startup. Banning can be used to
35// prevent connections with spy nodes or other griefers.
36//
37// 2. Discouragement. If a peer misbehaves enough (see Misbehaving() in
38// net_processing.cpp), we'll mark that address as discouraged. We still allow
39// incoming connections from them, but they're preferred for eviction when
40// we receive new incoming connections. We never make outgoing connections to
41// them, and do not gossip their address to other peers. This is implemented as
42// a bloom filter. We can (probabilistically) test for membership, but can't
43// list all discouraged addresses or unmark them as discouraged. Discouragement
44// can prevent our limited connection slots being used up by incompatible
45// or broken peers.
46//
47// Neither banning nor discouragement are protections against denial-of-service
48// attacks, since if an attacker has a way to waste our resources and we
49// disconnect from them and ban that address, it's trivial for them to
50// reconnect from another IP address.
51//
52// Attempting to automatically disconnect or ban any class of peer carries the
53// risk of splitting the network. For example, if we banned/disconnected for a
54// transaction that fails a policy check and a future version changes the
55// policy check so the transaction is accepted, then that transaction could
56// cause the network to split between old nodes and new nodes.
57
58class BanMan {
59public:
60 ~BanMan();
61 BanMan(fs::path ban_file, const CChainParams &chainparams,
62 CClientUIInterface *client_interface, int64_t default_ban_time);
63 void Ban(const CNetAddr &net_addr, int64_t ban_time_offset = 0,
64 bool since_unix_epoch = false);
65 void Ban(const CSubNet &sub_net, int64_t ban_time_offset = 0,
66 bool since_unix_epoch = false);
67 void Discourage(const CNetAddr &net_addr);
68 void ClearBanned();
69
71 bool IsBanned(const CNetAddr &net_addr);
72
74 bool IsBanned(const CSubNet &sub_net);
75
77 bool IsDiscouraged(const CNetAddr &net_addr);
78
79 bool Unban(const CNetAddr &net_addr);
80 bool Unban(const CSubNet &sub_net);
81 void GetBanned(banmap_t &banmap);
82 void DumpBanlist();
83
84private:
85 void SetBanned(const banmap_t &banmap);
86 bool BannedSetIsDirty();
88 void SetBannedSetDirty(bool dirty = true);
90 void SweepBanned();
91
94 bool m_is_dirty GUARDED_BY(m_cs_banned);
97 const int64_t m_default_ban_time;
98 CRollingBloomFilter m_discouraged GUARDED_BY(m_cs_banned){50000, 0.000001};
99};
100
101#endif // BITCOIN_BANMAN_H
static constexpr unsigned int DEFAULT_MISBEHAVING_BANTIME
Definition: banman.h:20
static constexpr std::chrono::minutes DUMP_BANS_INTERVAL
Definition: banman.h:22
Definition: banman.h:58
void Discourage(const CNetAddr &net_addr)
Definition: banman.cpp:122
void Ban(const CNetAddr &net_addr, int64_t ban_time_offset=0, bool since_unix_epoch=false)
Definition: banman.cpp:116
banmap_t m_banned GUARDED_BY(m_cs_banned)
const int64_t m_default_ban_time
Definition: banman.h:97
void GetBanned(banmap_t &banmap)
Definition: banman.cpp:179
void ClearBanned()
Definition: banman.cpp:70
bool IsBanned(const CNetAddr &net_addr)
Return whether net_addr is banned.
Definition: banman.cpp:89
RecursiveMutex m_cs_banned
Definition: banman.h:92
void SetBanned(const banmap_t &banmap)
Definition: banman.cpp:187
bool BannedSetIsDirty()
Definition: banman.cpp:221
CClientUIInterface * m_client_interface
Definition: banman.h:95
bool Unban(const CNetAddr &net_addr)
Definition: banman.cpp:157
BanMan(fs::path ban_file, const CChainParams &chainparams, CClientUIInterface *client_interface, int64_t default_ban_time)
Definition: banman.cpp:14
CBanDB m_ban_db
Definition: banman.h:96
CRollingBloomFilter m_discouraged GUARDED_BY(m_cs_banned)
Definition: banman.h:98
bool m_is_dirty GUARDED_BY(m_cs_banned)
void SetBannedSetDirty(bool dirty=true)
set the "dirty" flag for the banlist
Definition: banman.cpp:226
~BanMan()
Definition: banman.cpp:45
void SweepBanned()
clean unused entries (if bantime has expired)
Definition: banman.cpp:193
void DumpBanlist()
Definition: banman.cpp:49
bool IsDiscouraged(const CNetAddr &net_addr)
Return whether net_addr is discouraged.
Definition: banman.cpp:84
Access to the banlist database (banlist.dat)
Definition: addrdb.h:58
CChainParams defines various tweakable parameters of a given instance of the Bitcoin system.
Definition: chainparams.h:80
Signals for UI communication.
Definition: ui_interface.h:24
Network address.
Definition: netaddress.h:121
RollingBloomFilter is a probabilistic "keep track of most recently inserted" set.
Definition: bloom.h:115
Path class wrapper to block calls to the fs::path(std::string) implicit constructor and the fs::path:...
Definition: fs.h:30
std::map< CSubNet, CBanEntry > banmap_t
Definition: net_types.h:13