anti b799ade816 feat(rpki): ripestat validator + sqlite cache ...

RipeStatValidator makes two RIPE STAT calls per uncached IP:
network-info -> announced prefix, rpki-validation -> ROA state.
2-second timeout; any network failure returns status='unknown'.

SQLite cache keyed by IP, 12-hour TTL, pruned on validator init.
Cache avoids per-event HTTP for the high-churn attacker pool —
steady-state cost approaches zero for repeat offenders.

2026-05-21 16:13:01 -04:00

2.1 KiB

Raw Blame History

View Raw