Rakelimit

A multi-dimensional fair-share rate limiter in BPF, designed for UDP.
The algorithm is based on Hierarchical Heavy Hitters, and ensures that no party can exceed
a certain rate of packets. For more information please take a look at our blog post.

Usage

First we need to increase the optmem memory

sudo sysctl -w net.core.optmem_max=65536

To activate rakelimit create a new instance and provide a file descriptor and a rate limit that you think the
service in question won't be able to handle anymore:


conn, err := net.ListenPacket("udp4", "127.0.0.1:0")
if err != nil {
    tb.Fatal("Can't listen:", err)
}
udpConn := conn.(*net.UDPConn)

// We don't want to allow anyone to use more than 128 packets per second
ppsPerSecond := 128
rake, err := New(udpConn, ppsPerSecond)
defer rake.Close()
// rate limiter stays active even after closing

That's all! The library now enforces rate limits on incoming packets, and it happens within the kernel.

Requirements

The library should be go-gettable, and has been tested on Linux 5.4.

You will need a clang-9 binary if you want to recompile the filter. Simply run go generate in the root of the project.

Limitations

no IPv6 (we're working on adding it)
requires tweaking of optmem
not tested in production

名稱與所有者	cloudflare/rakelimit
主編程語言	C
編程語言	Makefile (語言數: 3)
平台
許可證	BSD 3-Clause "New" or "Revised" License

名稱與所有者

cloudflare/rakelimit

主編程語言

編程語言

Makefile (語言數: 3)

平台

許可證

BSD 3-Clause "New" or "Revised" License

創建於	2020-08-10 17:19:23
推送於	2024-09-26 15:11:28
最后一次提交	2024-09-19 21:54:42
發布數	1
最新版本名稱	v0.1.0 (發布於 )
第一版名稱	v0.1.0 (發布於 )

創建於

2020-08-10 17:19:23

推送於

2024-09-26 15:11:28

最后一次提交

2024-09-19 21:54:42

發布數

星數	198
關注者數	17
派生數	10
提交數	39
已啟用問題?
問題數	9
打開的問題數	5
拉請求數	15
打開的拉請求數	2
關閉的拉請求數	0

已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?

rakelimit

Github星跟蹤圖

Rakelimit

Usage

Requirements

Limitations

主要指標