From 89807593faaa0472372fb267e12b03a2d6485805 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Fri, 12 Jun 2026 21:11:06 +0200 Subject: irmd: Bound the OAP replay cache Replace the linked-list cache with three timestamp-generation hash buckets, each capped at OAP_REPLAY_MAX entries. A bucket is an open-addressed hash set whose slots count as live only while slot.gen equals the bucket generation, so a stale bucket clears in O(1) by bumping its generation instead of being scanned and pruned. On overflow the cache fails closed - it rejects the header rather than evicting the oldest entry. Under flood, dropping a genuine entry would let that header be replayed, so refusing new entries is the safer degradation than evict-oldest (fail-open) behaviour. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/irmd/config.h.in | 1 + 1 file changed, 1 insertion(+) (limited to 'src/irmd/config.h.in') diff --git a/src/irmd/config.h.in b/src/irmd/config.h.in index 0364e080..84d58130 100644 --- a/src/irmd/config.h.in +++ b/src/irmd/config.h.in @@ -42,6 +42,7 @@ #define FLOW_DEALLOC_TIMEOUT @FLOW_DEALLOC_TIMEOUT@ #define OAP_REPLAY_TIMER @OAP_REPLAY_TIMER@ +#define OAP_REPLAY_MAX @OAP_REPLAY_MAX@ #cmakedefine01 OAP_CLIENT_AUTH_DEFAULT #define BOOTSTRAP_TIMEOUT @BOOTSTRAP_TIMEOUT@ -- cgit v1.2.3