urbit/shrub
1
1
Fork 0
mirror of https://github.com/urbit/shrub.git synced 2024-12-19 08:32:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

ames: add %snub functionality

Browse Source 
Adds .snub to ames-state, a global blocklist for ships. If a packet is
received from a ship that is in the .snub set, it is immediately
dropped. Adds %snub to ames' $task, to allow manipulating this list
This commit is contained in:
Liam Fitzgerald 2022-12-15 13:37:14 -06:00
parent 36deb95411
commit 14baf6f3d6
2 changed files with 73 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/arvo/sys/lull.hoon
View File

@ -360,6 +360,7 @@
:: %init: vane boot
:: %prod: re-send a packet per flow, to all peers if .ships is ~
:: %sift: limit verbosity to .ships
:: %snub: set packet blacklist to .ships
:: %spew: set verbosity toggles
:: %trim: release memory
:: %vega: kernel reload notification
@ -375,6 +376,7 @@
$>(%init vane-task)
[%prod ships=(list ship)]
[%sift ships=(list ship)]
[%snub ships=(list ship)]
[%spew veb=(list verb)]
[%stir arg=@t]
$>(%trim vane-task)

83
pkg/arvo/sys/vane/ames.hoon
View File

@ -607,19 +607,20 @@
:: life: our $life; how many times we've rekeyed
:: crypto-core: interface for encryption and signing
:: bug: debug printing configuration
:: corks(STALE):wires for cork flows pending publisher update
:: snub: blocklist for incoming packets
::
:: Note: .corks is only still present for unreleased migration reasons
::
::
+$ ames-state
$: peers=(map ship ship-state)
=unix=duct
=life
crypto-core=acru:ames
=bug
corks=(set wire) ::TODO unused, remove in next version of state
corks=(set wire)
snub=(set ship)
==
::
+$ ames-state-4 ames-state-5
+$ ames-state-5
$: peers=(map ship ship-state-5)
@ -686,6 +687,17 @@
crypto-core=acru:ames
=bug
==
::
+$ ames-state-8
$: peers=(map ship ship-state)
=unix=duct
=life
crypto-core=acru:ames
=bug
corks=(set wire)
==
::
:: $bug: debug printing configuration
::
:: veb: verbosity toggles
@ -841,7 +853,14 @@
::
=< =* adult-gate .
=| queued-events=(qeu queued-event)
=| cached-state=(unit $%([%5 ames-state-5] [%6 ames-state-6] [%7 ames-state-7] [%8 ^ames-state]))
=| $= cached-state
%- unit
$% [%5 ames-state-5]
[%6 ames-state-6]
[%7 ames-state-7]
[%8 ames-state-8]
[%9 ^ames-state]
==
::
|= [now=@da eny=@ rof=roof]
=* larval-gate .
@ -963,7 +982,7 @@
:: lifecycle arms; mostly pass-throughs to the contained adult ames
::
++ scry scry:adult-core
++ stay [%8 %larva queued-events ames-state.adult-gate]
++ stay [%9 %larva queued-events ames-state.adult-gate]
++ load
|= $= old
$% $: %4
@ -995,6 +1014,13 @@
[%adult state=ames-state-7]
== ==
$: %8
$% $: %larva
events=(qeu queued-event)
state=ames-state-8
==
[%adult state=ames-state-8]
== ==
$: %9
$% $: %larva
events=(qeu queued-event)
state=_ames-state.adult-gate
@ -1039,12 +1065,22 @@
=. queued-events events.old
larval-gate
::
[%8 %adult *] (load:adult-core %8 state.old)
[%8 %adult *]
=. cached-state `[%8 state.old]
~> %slog.0^leaf/"ames: larva reload"
larval-gate
::
[%8 %larva *]
~> %slog.0^leaf/"ames: larva: load"
=. queued-events events.old
larval-gate
::
[%9 %adult *] (load:adult-core %9 state.old)
::
[%9 %larva *]
~> %slog.1^leaf/"ames: larva: load"
=. queued-events events.old
=. adult-gate (load:adult-core %8 state.old)
=. adult-gate (load:adult-core %9 state.old)
larval-gate
::
==
@ -1063,7 +1099,9 @@
~> %slog.0^leaf/"ames: init daily recork timer"
:- [[/ames]~ %pass /recork %b %wait `@da`(add now ~d1)]~
8+(state-7-to-8:load:adult-core +.u.cached-state)
?> ?=(%8 -.u.cached-state)
=? u.cached-state ?=(%8 -.u.cached-state)
9+(state-8-to-9:load:adult-core +.u.cached-state)
?> ?=(%9 -.u.cached-state)
=. ames-state.adult-gate +.u.cached-state
[moz larval-core(cached-state ~)]
--
@ -1102,6 +1140,7 @@
%jilt (on-jilt:event-core ship.task)
%prod (on-prod:event-core ships.task)
%sift (on-sift:event-core ships.task)
%snub (on-snub:event-core ships.task)
%spew (on-spew:event-core veb.task)
%stir (on-stir:event-core arg.task)
%trim on-trim:event-core
@ -1138,15 +1177,15 @@
[moves ames-gate]
:: +stay: extract state before reload
::
++ stay [%8 %adult ames-state]
++ stay [%9 %adult ames-state]
:: +load: load in old state after reload
::
++ load
=< |= $= old-state
$% [%8 ^ames-state]
$% [%9 ^ames-state]
==
^+ ames-gate
?> ?=(%8 -.old-state)
?> ?=(%9 -.old-state)
ames-gate(ames-state +.old-state)
::
|%
@ -1210,7 +1249,7 @@
::
++ state-7-to-8
|= ames-state=ames-state-7
^- ^^ames-state
^- ames-state-8
:* peers.ames-state
unix-duct.ames-state
life.ames-state
@ -1218,6 +1257,17 @@
bug.ames-state
*(set wire)
==
++ state-8-to-9
|= ames-state=ames-state-8
^- ^^ames-state
:* peers.ames-state
unix-duct.ames-state
life.ames-state
crypto-core.ames-state
bug.ames-state
corks.ames-state
*(set ship)
==
--
:: +scry: dereference namespace
::
@ -1430,6 +1480,13 @@
^+ event-core
=. ships.bug.ames-state (sy ships)
event-core
:: +on-snub: handle request to change ship blacklist
::
++ on-snub
|= ships=(list ship)
^+ event-core
=. snub.ames-state (sy ships)
event-core
:: +on-spew: handle request to set verbosity toggles on debug output
::
++ on-spew
@ -1566,6 +1623,8 @@
::
?: =(our sndr.packet)
event-core
?: (~(has in snub.ames-state) sndr.packet)
event-core
::
%. +<
::