From 14baf6f3d650712b9ffbc0898706faa8cd72e5df Mon Sep 17 00:00:00 2001 From: Liam Fitzgerald Date: Thu, 15 Dec 2022 13:37:14 -0600 Subject: [PATCH] ames: add %snub functionality Adds .snub to ames-state, a global blocklist for ships. If a packet is received from a ship that is in the .snub set, it is immediately dropped. Adds %snub to ames' $task, to allow manipulating this list --- pkg/arvo/sys/lull.hoon | 2 + pkg/arvo/sys/vane/ames.hoon | 83 +++++++++++++++++++++++++++++++------ 2 files changed, 73 insertions(+), 12 deletions(-) diff --git a/pkg/arvo/sys/lull.hoon b/pkg/arvo/sys/lull.hoon index 0936cdd58..9a1a4dae4 100644 --- a/pkg/arvo/sys/lull.hoon +++ b/pkg/arvo/sys/lull.hoon @@ -360,6 +360,7 @@ :: %init: vane boot :: %prod: re-send a packet per flow, to all peers if .ships is ~ :: %sift: limit verbosity to .ships + :: %snub: set packet blacklist to .ships :: %spew: set verbosity toggles :: %trim: release memory :: %vega: kernel reload notification @@ -375,6 +376,7 @@ $>(%init vane-task) [%prod ships=(list ship)] [%sift ships=(list ship)] + [%snub ships=(list ship)] [%spew veb=(list verb)] [%stir arg=@t] $>(%trim vane-task) diff --git a/pkg/arvo/sys/vane/ames.hoon b/pkg/arvo/sys/vane/ames.hoon index f6f1f9a58..00c0a0489 100644 --- a/pkg/arvo/sys/vane/ames.hoon +++ b/pkg/arvo/sys/vane/ames.hoon @@ -607,19 +607,20 @@ :: life: our $life; how many times we've rekeyed :: crypto-core: interface for encryption and signing :: bug: debug printing configuration -:: corks(STALE):wires for cork flows pending publisher update +:: snub: blocklist for incoming packets :: :: Note: .corks is only still present for unreleased migration reasons :: +:: +$ ames-state $: peers=(map ship ship-state) =unix=duct =life crypto-core=acru:ames =bug - corks=(set wire) ::TODO unused, remove in next version of state + corks=(set wire) + snub=(set ship) == -:: +$ ames-state-4 ames-state-5 +$ ames-state-5 $: peers=(map ship ship-state-5) @@ -686,6 +687,17 @@ crypto-core=acru:ames =bug == +:: ++$ ames-state-8 + $: peers=(map ship ship-state) + =unix=duct + =life + crypto-core=acru:ames + =bug + corks=(set wire) + == +:: + :: $bug: debug printing configuration :: :: veb: verbosity toggles @@ -841,7 +853,14 @@ :: =< =* adult-gate . =| queued-events=(qeu queued-event) - =| cached-state=(unit $%([%5 ames-state-5] [%6 ames-state-6] [%7 ames-state-7] [%8 ^ames-state])) + =| $= cached-state + %- unit + $% [%5 ames-state-5] + [%6 ames-state-6] + [%7 ames-state-7] + [%8 ames-state-8] + [%9 ^ames-state] + == :: |= [now=@da eny=@ rof=roof] =* larval-gate . @@ -963,7 +982,7 @@ :: lifecycle arms; mostly pass-throughs to the contained adult ames :: ++ scry scry:adult-core - ++ stay [%8 %larva queued-events ames-state.adult-gate] + ++ stay [%9 %larva queued-events ames-state.adult-gate] ++ load |= $= old $% $: %4 @@ -995,6 +1014,13 @@ [%adult state=ames-state-7] == == $: %8 + $% $: %larva + events=(qeu queued-event) + state=ames-state-8 + == + [%adult state=ames-state-8] + == == + $: %9 $% $: %larva events=(qeu queued-event) state=_ames-state.adult-gate @@ -1039,12 +1065,22 @@ =. queued-events events.old larval-gate :: - [%8 %adult *] (load:adult-core %8 state.old) + [%8 %adult *] + =. cached-state `[%8 state.old] + ~> %slog.0^leaf/"ames: larva reload" + larval-gate :: [%8 %larva *] + ~> %slog.0^leaf/"ames: larva: load" + =. queued-events events.old + larval-gate + :: + [%9 %adult *] (load:adult-core %9 state.old) + :: + [%9 %larva *] ~> %slog.1^leaf/"ames: larva: load" =. queued-events events.old - =. adult-gate (load:adult-core %8 state.old) + =. adult-gate (load:adult-core %9 state.old) larval-gate :: == @@ -1063,7 +1099,9 @@ ~> %slog.0^leaf/"ames: init daily recork timer" :- [[/ames]~ %pass /recork %b %wait `@da`(add now ~d1)]~ 8+(state-7-to-8:load:adult-core +.u.cached-state) - ?> ?=(%8 -.u.cached-state) + =? u.cached-state ?=(%8 -.u.cached-state) + 9+(state-8-to-9:load:adult-core +.u.cached-state) + ?> ?=(%9 -.u.cached-state) =. ames-state.adult-gate +.u.cached-state [moz larval-core(cached-state ~)] -- @@ -1102,6 +1140,7 @@ %jilt (on-jilt:event-core ship.task) %prod (on-prod:event-core ships.task) %sift (on-sift:event-core ships.task) + %snub (on-snub:event-core ships.task) %spew (on-spew:event-core veb.task) %stir (on-stir:event-core arg.task) %trim on-trim:event-core @@ -1138,15 +1177,15 @@ [moves ames-gate] :: +stay: extract state before reload :: -++ stay [%8 %adult ames-state] +++ stay [%9 %adult ames-state] :: +load: load in old state after reload :: ++ load =< |= $= old-state - $% [%8 ^ames-state] + $% [%9 ^ames-state] == ^+ ames-gate - ?> ?=(%8 -.old-state) + ?> ?=(%9 -.old-state) ames-gate(ames-state +.old-state) :: |% @@ -1210,7 +1249,7 @@ :: ++ state-7-to-8 |= ames-state=ames-state-7 - ^- ^^ames-state + ^- ames-state-8 :* peers.ames-state unix-duct.ames-state life.ames-state @@ -1218,6 +1257,17 @@ bug.ames-state *(set wire) == + ++ state-8-to-9 + |= ames-state=ames-state-8 + ^- ^^ames-state + :* peers.ames-state + unix-duct.ames-state + life.ames-state + crypto-core.ames-state + bug.ames-state + corks.ames-state + *(set ship) + == -- :: +scry: dereference namespace :: @@ -1430,6 +1480,13 @@ ^+ event-core =. ships.bug.ames-state (sy ships) event-core + :: +on-snub: handle request to change ship blacklist + :: + ++ on-snub + |= ships=(list ship) + ^+ event-core + =. snub.ames-state (sy ships) + event-core :: +on-spew: handle request to set verbosity toggles on debug output :: ++ on-spew @@ -1566,6 +1623,8 @@ :: ?: =(our sndr.packet) event-core + ?: (~(has in snub.ames-state) sndr.packet) + event-core :: %. +< ::