Expand description
§In-memory DDoS accounting
Implements crate::transport::ddos::ddos::DdosProtection purely in RAM: per-IP
DdosScores live in a moka cache with time-based eviction so idle IPs get
collected automatically, and per-IP connection counts live in a HashMap guarded
by a parking_lot::Mutex.
“Ban” here is just a flag in the cache — no kernel-level dropping. That makes this
implementation suitable for tests (the integration harness stresses the scoring
logic without wanting to touch host firewall state) and for platforms where
ipset/iptables aren’t available. The production path in
hashiverse-server-lib wraps this with a real firewall-level ban via
crate::tools::config::SERVER_DDOS_IPSET_SET_NAME.
Structs§
- MemDdos
Protection - In-memory DDoS protection with linearly decaying per-IP scores.