diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-12 21:11:06 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:58 +0200 |
| commit | 89807593faaa0472372fb267e12b03a2d6485805 (patch) | |
| tree | 2c035433605845a75cfe1090f518f61cae9d7329 /src/irmd/config.h.in | |
| parent | dce27129b74f906e0d1c086858f360228d5cbc83 (diff) | |
| download | ouroboros-89807593faaa0472372fb267e12b03a2d6485805.tar.gz ouroboros-89807593faaa0472372fb267e12b03a2d6485805.zip | |
irmd: Bound the OAP replay cache
Replace the linked-list cache with three timestamp-generation hash
buckets, each capped at OAP_REPLAY_MAX entries.
A bucket is an open-addressed hash set whose slots count as live only
while slot.gen equals the bucket generation, so a stale bucket clears
in O(1) by bumping its generation instead of being scanned and pruned.
On overflow the cache fails closed - it rejects the header rather than
evicting the oldest entry. Under flood, dropping a genuine entry would
let that header be replayed, so refusing new entries is the safer
degradation than evict-oldest (fail-open) behaviour.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/config.h.in')
| -rw-r--r-- | src/irmd/config.h.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/irmd/config.h.in b/src/irmd/config.h.in index 0364e080..84d58130 100644 --- a/src/irmd/config.h.in +++ b/src/irmd/config.h.in @@ -42,6 +42,7 @@ #define FLOW_DEALLOC_TIMEOUT @FLOW_DEALLOC_TIMEOUT@ #define OAP_REPLAY_TIMER @OAP_REPLAY_TIMER@ +#define OAP_REPLAY_MAX @OAP_REPLAY_MAX@ #cmakedefine01 OAP_CLIENT_AUTH_DEFAULT #define BOOTSTRAP_TIMEOUT @BOOTSTRAP_TIMEOUT@ |
