-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CDN] Rate limiting - DDoS protection #3774
base: main
Are you sure you want to change the base?
Conversation
This reverts commit 8cecb2f.
crates/builder-api/Cargo.toml
Outdated
async-trait = { workspace = true } | ||
clap = { workspace = true } | ||
committable = { workspace = true } | ||
derive_more = { workspace = true } | ||
futures = { workspace = true } | ||
hotshot-types = { path = "../types" } | ||
serde = { workspace = true } | ||
thiserror = { workspace = true } | ||
tagged-base64 = { workspace = true } | ||
thiserror = { workspace = true } | ||
tide-disco = { workspace = true } | ||
toml = { workspace = true } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cargo-sort
did this
crates/example-types/Cargo.toml
Outdated
async-trait = { workspace = true } | ||
anyhow = { workspace = true } | ||
sha3 = "^0.10" | ||
async-lock = { workspace = true } | ||
async-trait = { workspace = true } | ||
committable = { workspace = true } | ||
hotshot = { path = "../hotshot" } | ||
hotshot-types = { path = "../types" } | ||
hotshot-task-impls = { path = "../task-impls", version = "0.5.36", default-features = false } | ||
hotshot-types = { path = "../types" } | ||
jf-vid = { workspace = true } | ||
rand = { workspace = true } | ||
thiserror = { workspace = true } | ||
reqwest = { workspace = true } | ||
serde = { workspace = true } | ||
sha2 = { workspace = true } | ||
sha3 = "^0.10" | ||
thiserror = { workspace = true } | ||
time = { workspace = true } | ||
async-lock = { workspace = true } | ||
jf-vid = { workspace = true } | ||
vbs = { workspace = true } | ||
url = { workspace = true } | ||
reqwest = { workspace = true } | ||
tokio = { workspace = true } | ||
url = { workspace = true } | ||
vbs = { workspace = true } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also cargo-sort
@@ -0,0 +1,577 @@ | |||
#![allow(clippy::unnecessary_wraps)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file contains the majority of the changes
/// A sample representing the number of bytes processed per period | ||
#[derive(Clone)] | ||
pub struct Sample { | ||
/// The number of bytes processed | ||
num_bytes: f64, | ||
|
||
/// The time of the last commit | ||
last_committed_time: Instant, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This Sample
is held locally for each CDN connection and is used to occasionally the global average
}; | ||
|
||
// Check against the `GCR` instance, skipping if we're rate limited | ||
// If we hit a parameter error, we'll process the message anyway |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A parameter error is internal to Gcr
, it can be hit if, say, you try to update the average to zero. This makes it so we don't accidentally block all messages everywhere if there was an issue with that
@@ -0,0 +1,90 @@ | |||
use std::marker::PhantomData; | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file has just been moved
use bincode::Options; | ||
use cdn_broker::reexports::crypto::signature::{Serializable, SignatureScheme}; | ||
use hotshot_types::{traits::signature_key::SignatureKey, utils::bincode_opts}; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file has just been moved
@@ -0,0 +1,28 @@ | |||
use hotshot_types::traits::metrics::{Counter, Metrics, NoMetrics}; | |||
|
|||
/// CDN-specific metrics |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file has just been moved
pub mod definition; | ||
/// The metrics for the Push CDN | ||
pub mod metrics; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was the big file everything else moved from
Successor to #3664
This PR:
Implements CDN rate limiting. Let me describe it:
Reviewers:
Most of the changes are in a single file,
message_hook.rs
. The majority of the rest of the changes are breaking out the CDN code into smaller, easily-digestible files