mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-22 03:49:36 +00:00
104c99c42e
Add token-bucket based rate limiting for falco notifications. The token bucket is implemented in token_bucket.cpp (actually in the engine directory, just to make it easier to include in other programs). It maintains a current count of tokens (i.e. right to send a notification). Its main method is claim(), which attemps to claim a token and returns true if one was claimed successfully. It has a configurable configurable max burst size and rate. The token bucket gains "rate" tokens per second, up to a maximum of max_burst tokens. These parameters are configurable in falco.yaml via the config options (defaults shown): outputs: rate: 1 max_burst: 1000 In falco_outputs::handle_event(), try to claim a token, and if unsuccessful log a debug message and return immediately.
79 lines
1.5 KiB
C++
79 lines
1.5 KiB
C++
/*
|
|
Copyright (C) 2016 Draios inc.
|
|
|
|
This file is part of falco.
|
|
|
|
falco is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License version 2 as
|
|
published by the Free Software Foundation.
|
|
|
|
falco is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with falco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <cstddef>
|
|
#include <sys/time.h>
|
|
|
|
#include "token_bucket.h"
|
|
|
|
token_bucket::token_bucket()
|
|
{
|
|
init(1, 1);
|
|
}
|
|
|
|
token_bucket::~token_bucket()
|
|
{
|
|
}
|
|
|
|
void token_bucket::init(uint32_t rate, uint32_t max_tokens)
|
|
{
|
|
m_rate = rate;
|
|
m_max_tokens = max_tokens;
|
|
m_tokens = max_tokens;
|
|
m_last_seen = get_epoch_ns();
|
|
}
|
|
|
|
bool token_bucket::claim()
|
|
{
|
|
// Determine the number of tokens gained. Delta between
|
|
// last_seen and now, divided by the rate.
|
|
uint64_t now = get_epoch_ns();
|
|
uint64_t tokens_gained = (now - m_last_seen) / (m_rate * 1000000000);
|
|
m_last_seen = now;
|
|
|
|
m_tokens += tokens_gained;
|
|
|
|
//
|
|
// Cap at max_tokens
|
|
//
|
|
if(m_tokens > m_max_tokens)
|
|
{
|
|
m_tokens = m_max_tokens;
|
|
}
|
|
|
|
//
|
|
// If tokens is < 1, can't claim.
|
|
//
|
|
if(m_tokens < 1)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
m_tokens--;
|
|
|
|
return true;
|
|
}
|
|
|
|
uint64_t token_bucket::get_epoch_ns()
|
|
{
|
|
struct timeval tv;
|
|
gettimeofday(&tv, NULL);
|
|
|
|
return tv.tv_sec * (uint64_t) 1000000000 + (tv.tv_usec * 1000);
|
|
}
|