Module Tezos_p2p.P2p_aclSource

This module implements four Access Control Lists:

IP greylists use a time based GC to periodically remove entries from the table, while peer_id greylists are built using an LRU cache, where the least-recently grey-listed peer is evicted from the table when adding a new banned peer to a full cache. Other tables are user defined and static.

Sourcetype t
Sourceval create : peer_id_size:int -> ip_size:int -> ip_cleanup_delay:Tezos_base.TzPervasives.Time.System.Span.t -> t

create ~peer_id_size ~ip_size is a set of four ACLs (see above) with the peer_id greylist being a LRU cache of size peer_id_size and the IP address greylist a bloom filter of size ip_size (expressed in KiB). Elements are (probabilistically) kept in the bloom filter for ip_cleanup_delay, the cleanup happens in a discrete way in sixteen steps.

Sourceval banned_addr : t -> Tezos_base.TzPervasives.P2p_addr.t -> bool

banned_addr t addr is true if addr is blacklisted or greylisted.

Sourceval unban_addr : t -> Tezos_base.TzPervasives.P2p_addr.t -> unit

unban_addr t addr remove the address from both the blacklist of banned addresses and the greylist of addresses

Sourceval banned_peer : t -> Tezos_base.TzPervasives.P2p_peer.Id.t -> bool

banned_peer t peer_id is true if peer with id peer_id is blacklisted or greylisted.

unban_peer t peer remove the peer from both the blacklist of banned peers and the greylist of peers

Sourceval clear : t -> unit

clear t clears all four ACLs.

Sourcemodule IPGreylist : sig ... end
Sourcemodule IPBlacklist : sig ... end
Sourcemodule PeerBlacklist : sig ... end
Sourcemodule PeerGreylist : sig ... end

/

Sourcemodule Internal_for_tests : sig ... end