EtherGuard-VPN/ratelimiter/ratelimiter.go

151 lines
2.8 KiB
Go
Raw Normal View History

/* SPDX-License-Identifier: GPL-2.0
*
* Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*/
package ratelimiter
import (
"net"
"sync"
"time"
)
const (
packetsPerSecond = 20
packetsBurstable = 5
garbageCollectTime = time.Second
packetCost = 1000000000 / packetsPerSecond
maxTokens = packetCost * packetsBurstable
)
type RatelimiterEntry struct {
mutex sync.Mutex
lastTime time.Time
tokens int64
}
type Ratelimiter struct {
2018-02-11 22:53:39 +01:00
mutex sync.RWMutex
stop chan struct{}
tableIPv4 map[[net.IPv4len]byte]*RatelimiterEntry
tableIPv6 map[[net.IPv6len]byte]*RatelimiterEntry
}
func (rate *Ratelimiter) Close() {
rate.mutex.Lock()
defer rate.mutex.Unlock()
if rate.stop != nil {
close(rate.stop)
}
}
func (rate *Ratelimiter) Init() {
rate.mutex.Lock()
defer rate.mutex.Unlock()
2018-02-11 22:53:39 +01:00
// stop any ongoing garbage collection routine
2018-02-11 22:53:39 +01:00
if rate.stop != nil {
close(rate.stop)
}
rate.stop = make(chan struct{})
rate.tableIPv4 = make(map[[net.IPv4len]byte]*RatelimiterEntry)
rate.tableIPv6 = make(map[[net.IPv6len]byte]*RatelimiterEntry)
2018-02-11 22:53:39 +01:00
// start garbage collection routine
2018-02-11 22:53:39 +01:00
go func() {
2018-05-13 18:42:06 +02:00
ticker := time.NewTicker(time.Second)
2018-02-11 22:53:39 +01:00
for {
select {
case <-rate.stop:
2018-05-13 18:42:06 +02:00
ticker.Stop()
2018-02-11 22:53:39 +01:00
return
2018-05-13 18:42:06 +02:00
case <-ticker.C:
func() {
rate.mutex.Lock()
defer rate.mutex.Unlock()
for key, entry := range rate.tableIPv4 {
entry.mutex.Lock()
if time.Now().Sub(entry.lastTime) > garbageCollectTime {
delete(rate.tableIPv4, key)
}
entry.mutex.Unlock()
}
for key, entry := range rate.tableIPv6 {
entry.mutex.Lock()
if time.Now().Sub(entry.lastTime) > garbageCollectTime {
delete(rate.tableIPv6, key)
}
entry.mutex.Unlock()
}
}()
2018-02-11 22:53:39 +01:00
}
}
}()
}
func (rate *Ratelimiter) Allow(ip net.IP) bool {
var entry *RatelimiterEntry
2018-05-13 18:42:06 +02:00
var keyIPv4 [net.IPv4len]byte
var keyIPv6 [net.IPv6len]byte
// lookup entry
IPv4 := ip.To4()
IPv6 := ip.To16()
rate.mutex.RLock()
if IPv4 != nil {
2018-05-13 18:42:06 +02:00
copy(keyIPv4[:], IPv4)
entry = rate.tableIPv4[keyIPv4]
} else {
2018-05-13 18:42:06 +02:00
copy(keyIPv6[:], IPv6)
entry = rate.tableIPv6[keyIPv6]
}
rate.mutex.RUnlock()
// make new entry if not found
if entry == nil {
entry = new(RatelimiterEntry)
entry.tokens = maxTokens - packetCost
entry.lastTime = time.Now()
2018-05-13 18:42:06 +02:00
rate.mutex.Lock()
if IPv4 != nil {
2018-05-13 18:42:06 +02:00
rate.tableIPv4[keyIPv4] = entry
} else {
2018-05-13 18:42:06 +02:00
rate.tableIPv6[keyIPv6] = entry
}
rate.mutex.Unlock()
return true
}
// add tokens to entry
entry.mutex.Lock()
now := time.Now()
entry.tokens += now.Sub(entry.lastTime).Nanoseconds()
entry.lastTime = now
if entry.tokens > maxTokens {
entry.tokens = maxTokens
}
// subtract cost of packet
if entry.tokens > packetCost {
entry.tokens -= packetCost
entry.mutex.Unlock()
return true
}
entry.mutex.Unlock()
return false
}