Refactors rate_limit plugin with YAML configurations #10559

zwoop · 2023-10-04T17:15:54Z

Besides majorly refactoring a lot of the global plugin code, this PR makes the following changes:

YAML configuration
Reloadable configurations (even as a global)
SNI aliases (one rate limiter can apply to many SNIs)
The IP reputation objects are now shareable for many SNIs. This means an attacker can circumvent the reputation by spreading the DDoS traffic across many SNIs.

shukitchan · 2023-10-04T19:17:30Z

I can review this when it is ready

zwoop · 2023-10-05T00:17:33Z

I can review this when it is ready

Great! Almost there :). The refactoring focuses entirely on the global plugin only, leaving the remap plugin as-is. One hope with this refactoring and change to a reloadable YAML configuration is that we can add more features and rate limiting rules more easily.

shukitchan · 2023-10-10T18:54:14Z

@zwoop let me know when it is ready to review. It looks like it is but I am not sure if you are having more changes in your mind.

bneradt · 2023-10-10T20:41:24Z

[approve ci autest]

brbzull0 · 2023-10-13T09:04:48Z

plugins/experimental/rate_limit/sni_selector.cc

+
+  try {
+    config = YAML::LoadFile(yaml_file);
+  } catch (YAML::BadFile &e) {


You are not going to change the exception right? if not then why not const.
the one below too.

I just copied this pattern from other places in the code :). I can change it.

hope it wasn't my code! that would be a shame 🤣

shukitchan

I think it looks ok.

zwoop · 2023-10-18T20:50:37Z

[approve ci]

shukitchan · 2023-10-19T07:21:39Z

doc/admin-guide/plugins/rate_limit.en.rst

-   An optional metric tag to use instead of the default. When a tag is not specified
-   the plugin will use the FQDN of the SNI associated with each rate limiter instance
-   created during plugin initialization.
+   No queue is enable without this configuration directive, but it can also be


plugins/experimental/rate_limit/CMakeLists.txt

zwoop · 2023-10-19T15:25:01Z

[approve ci]

zwoop · 2023-10-23T19:56:12Z

I updated this to use the updated version of the registration API.

zwoop added the rate_limit rate_limit plugin label Oct 4, 2023

zwoop added this to the 10.0.0 milestone Oct 4, 2023

zwoop marked this pull request as draft October 4, 2023 17:16

zwoop force-pushed the NewRateLimitConfigs branch 4 times, most recently from 08a267d to 5a306fb Compare October 5, 2023 00:16

zwoop force-pushed the NewRateLimitConfigs branch 12 times, most recently from e51f9c3 to 6e41166 Compare October 5, 2023 23:20

zwoop marked this pull request as ready for review October 5, 2023 23:57

shukitchan self-requested a review October 9, 2023 17:11

bryancall assigned zwoop Oct 9, 2023

zwoop force-pushed the NewRateLimitConfigs branch 2 times, most recently from eb8263b to 39f3ecd Compare October 10, 2023 17:00

brbzull0 reviewed Oct 13, 2023

View reviewed changes

zwoop force-pushed the NewRateLimitConfigs branch from 39f3ecd to 05b5f2a Compare October 13, 2023 20:51

zwoop force-pushed the NewRateLimitConfigs branch from 05b5f2a to 0024a9e Compare October 17, 2023 14:55

shukitchan previously approved these changes Oct 17, 2023

View reviewed changes

zwoop dismissed shukitchan’s stale review via f6a1206 October 18, 2023 23:05

zwoop force-pushed the NewRateLimitConfigs branch from 0024a9e to f6a1206 Compare October 18, 2023 23:05

shukitchan requested changes Oct 19, 2023

View reviewed changes

zwoop force-pushed the NewRateLimitConfigs branch from f6a1206 to e063742 Compare October 19, 2023 15:00

zwoop force-pushed the NewRateLimitConfigs branch 2 times, most recently from e67c560 to bad2f5f Compare October 19, 2023 22:30

zwoop added 9 commits October 23, 2023 13:54

First pass at refactoring, prior to adding YAML configs

5b73262

Adding the YAML parser for SNI

15f018c

Cleanup and adding config reloads

3125cea

Adds a wildcard rule for the SNI

dc42618

Some more cleanup

a04b00c

Cleanup YAML parsing, and cleanup

7d6b42d

Adds a List YAML section, and an exclude directive

2618fcc

Run clang-tidy on this code

2b66364

Updated with Kit's concerns

6cf956c

zwoop force-pushed the NewRateLimitConfigs branch from bad2f5f to d5cabf2 Compare October 23, 2023 19:54

Switches to new flavor of TSMgmtUpdateRegister

b842c59

zwoop force-pushed the NewRateLimitConfigs branch from d5cabf2 to b842c59 Compare October 23, 2023 21:39

shukitchan approved these changes Oct 24, 2023

View reviewed changes

zwoop merged commit 3b2e557 into apache:master Oct 25, 2023

zwoop deleted the NewRateLimitConfigs branch October 25, 2023 20:14

zwoop added the New Feature label Aug 15, 2024

maskit mentioned this pull request Aug 16, 2024

☂ ATS 10 Documentation #11677

Open

91 tasks

brbzull0 mentioned this pull request Aug 19, 2024

Update documentation - hostdb, rate plugin, slice plugin #11717

Merged

brbzull0 added the Release Doc Done label Aug 19, 2024

Refactors rate_limit plugin with YAML configurations #10559

Refactors rate_limit plugin with YAML configurations #10559

Uh oh!

Conversation

zwoop commented Oct 4, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

shukitchan commented Oct 4, 2023

Uh oh!

zwoop commented Oct 5, 2023

Uh oh!

shukitchan commented Oct 10, 2023

Uh oh!

bneradt commented Oct 10, 2023

Uh oh!

brbzull0 Oct 13, 2023

Choose a reason for hiding this comment

Uh oh!

zwoop Oct 13, 2023

Choose a reason for hiding this comment

Uh oh!

brbzull0 Oct 16, 2023

Choose a reason for hiding this comment

Uh oh!

shukitchan left a comment

Choose a reason for hiding this comment

Uh oh!

zwoop commented Oct 18, 2023

Uh oh!

shukitchan Oct 19, 2023

Choose a reason for hiding this comment

Uh oh!

zwoop Oct 23, 2023

Choose a reason for hiding this comment

Uh oh!

Uh oh!

zwoop commented Oct 19, 2023

Uh oh!

zwoop commented Oct 23, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

zwoop commented Oct 4, 2023 •

edited

Loading