Development/BanCache
From Inspire IRCd (InspIRCd)
Contents |
Introduction
Ban checking of all sorts (XLines, DNSBL, proxy scanning) is incredibly expensive.
BanCache is designed to eliminate the expensive cost of these, by providing a caching mechanism.
Basically, in pseudo-C++:
Solution
BanCache *b = ServerInstance->LookupBanCache(u);
if (b)
{
// they have been looked up previously..
if (b->IsBanned())
{
userrec::QuitUser(u, b->GetBanReason())
}
else
{
// user has checked out to be clean
}
}
else
{
// scan user for Q/G/K/Zlines, dnsbl, portscan
}
Naturally, the cache would expire on a network-set time (perhaps 5 minutes for small networks, since it wouldn't matter so much - so they don't care about the expense of checking 3 glines -- bigger networks might use 1-2 days).
Manual placed bans (/gline blah) would match against everyone of course, and perhaps it might be nice to have a command then to trigger full checks on a user, dunno. Actually, no, just have the commands clear the cache (or perhaps the bitmask for the particular subset they are using, i.e. /gline clears out bancache entries for glines?)
This would, needless to say, save fucking loads of CPU, at the expense of some RAM (minimal for small networks, but perhaps 200k for larger networks, depending).
Implementation
Of course, this would all center around a hash (similar to user hash etc), of IP addresses and storing the result/reason they got banned with, or something..
Current State
A lot has been done on BanCache, primary things left to do are to hook up necessary modules (e.g. dnsbl) to use them, and to fix expiry so ..they actually expire.
00:24 <w00t> hm 00:24 <w00t> I suppose now we need to think about expiry of bancache entries first anyway 00:24 <w00t> we need to expire them under two different conditions: 00:24 <w00t> 1) add/remove of a *line expires all positive or negative hits of that line type respectively 00:25 <w00t> 2) they need to expire on a time basis 00:25 <w00t> how can we do both of these optimally 00:25 <Brain> make that 3 00:25 <Brain> 3) rehash 00:25 <Brain> :p 00:25 <w00t> why? 00:25 <Brain> because rehash also has an added effect that its going to reinitialize your BanCacheHash :p 00:25 <Brain> because im going to stick that in later 00:26 <Brain> so, good a time as any to weed out dead entries, as we're going to iterate it there anyway? 00:26 <w00t> hmm 00:26 <w00t> in that case there's no need to sort 00:26 <w00t> so we already optimise for case 2 00:26 <w00t> case 1 is the one we need to think about 00:26 <w00t> (one expiry run per hour or /rehash should be enough, really) 00:27 <w00t> (though I guess we should check time on match too)
After that, we're done.
