From 89807593faaa0472372fb267e12b03a2d6485805 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Fri, 12 Jun 2026 21:11:06 +0200 Subject: irmd: Bound the OAP replay cache Replace the linked-list cache with three timestamp-generation hash buckets, each capped at OAP_REPLAY_MAX entries. A bucket is an open-addressed hash set whose slots count as live only while slot.gen equals the bucket generation, so a stale bucket clears in O(1) by bumping its generation instead of being scanned and pruned. On overflow the cache fails closed - it rejects the header rather than evicting the oldest entry. Under flood, dropping a genuine entry would let that header be replayed, so refusing new entries is the safer degradation than evict-oldest (fail-open) behaviour. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- cmake/config/irmd.cmake | 2 ++ 1 file changed, 2 insertions(+) (limited to 'cmake/config/irmd.cmake') diff --git a/cmake/config/irmd.cmake b/cmake/config/irmd.cmake index 72463458..2f5e7f02 100644 --- a/cmake/config/irmd.cmake +++ b/cmake/config/irmd.cmake @@ -20,6 +20,8 @@ set(FLOW_ALLOC_TIMEOUT 20000 CACHE STRING # OAP (Ouroboros Authentication Protocol) set(OAP_REPLAY_TIMER 20 CACHE STRING "OAP replay protection window (s)") +set(OAP_REPLAY_MAX 4096 CACHE STRING + "Maximum entries in the OAP replay cache (bounds memory/CPU under flood)") set(OAP_CLIENT_AUTH_DEFAULT TRUE CACHE BOOL "Client requires the server to authenticate by default (FALSE for testing)") set(DEBUG_PROTO_OAP FALSE CACHE BOOL -- cgit v1.2.3