2022-10-11 17:11:57 +00:00
|
|
|
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
|
|
|
|
│ vi: set et ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi │
|
|
|
|
|
╞══════════════════════════════════════════════════════════════════════════════╡
|
|
|
|
|
│ Copyright 2022 Justine Alexandra Roberts Tunney │
|
|
|
|
|
│ │
|
|
|
|
|
│ Permission to use, copy, modify, and/or distribute this software for │
|
|
|
|
|
│ any purpose with or without fee is hereby granted, provided that the │
|
|
|
|
|
│ above copyright notice and this permission notice appear in all copies. │
|
|
|
|
|
│ │
|
|
|
|
|
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
|
|
|
|
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
|
|
|
|
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
|
|
|
|
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
|
|
|
|
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
|
|
|
|
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
|
|
|
|
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
|
|
|
|
│ PERFORMANCE OF THIS SOFTWARE. │
|
|
|
|
|
╚─────────────────────────────────────────────────────────────────────────────*/
|
|
|
|
|
#include "net/http/tokenbucket.h"
|
2023-09-02 03:49:13 +00:00
|
|
|
#include "libc/intrin/atomic.h"
|
2022-10-11 17:11:57 +00:00
|
|
|
|
|
|
|
|
/**
|
2022-11-02 05:36:03 +00:00
|
|
|
* Atomically increments all signed bytes in array, without overflowing.
|
2022-10-11 17:11:57 +00:00
|
|
|
*
|
2022-10-13 20:44:41 +00:00
|
|
|
* Under the token bucket model, operations are denied by default unless
|
|
|
|
|
* tokens exist to allow them. This function must be called periodically
|
|
|
|
|
* from a single background thread to replenish the buckets with tokens.
|
|
|
|
|
* For example, this function may be called once per second which allows
|
|
|
|
|
* one operation per second on average with bursts up to 127 per second.
|
|
|
|
|
* This policy needn't be applied uniformly. For example, you might find
|
|
|
|
|
* out that a large corporation funnels all their traffic through one ip
|
|
|
|
|
* address, so you could replenish their tokens multiple times a second.
|
2022-10-11 17:11:57 +00:00
|
|
|
*
|
|
|
|
|
* @param w is word array that aliases byte token array
|
|
|
|
|
* @param n is number of 64-bit words in `w` array
|
|
|
|
|
*/
|
|
|
|
|
void ReplenishTokens(atomic_uint_fast64_t *w, size_t n) {
|
|
|
|
|
for (size_t i = 0; i < n; ++i) {
|
2022-10-13 20:44:41 +00:00
|
|
|
uint64_t a = atomic_load_explicit(w + i, memory_order_relaxed);
|
|
|
|
|
if (a == 0x7f7f7f7f7f7f7f7f)
|
|
|
|
|
continue;
|
|
|
|
|
uint64_t b = 0x8080808080808080;
|
2022-11-02 05:36:03 +00:00
|
|
|
uint64_t c = 0x7f7f7f7f7f7f7f7f ^ a;
|
2023-09-02 03:49:13 +00:00
|
|
|
uint64_t d = ((((c >> 1 | b) - c) & b) ^ b) >> 7;
|
2022-10-13 20:44:41 +00:00
|
|
|
atomic_fetch_add_explicit(w + i, d, memory_order_relaxed);
|
2022-10-11 17:11:57 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Atomically decrements signed byte index if it's positive.
|
|
|
|
|
*
|
2022-11-02 05:36:03 +00:00
|
|
|
* Multiple threads are able to call this method, to determine if enough
|
2022-10-13 20:44:41 +00:00
|
|
|
* tokens exist to perform an operation. Return values greater than zero
|
2022-11-02 05:36:03 +00:00
|
|
|
* mean a token was atomically acquired. Values less than, or equal zero
|
2022-10-13 20:44:41 +00:00
|
|
|
* means the bucket is empty. There must exist `1 << c` signed bytes (or
|
|
|
|
|
* buckets) in the `b` array.
|
|
|
|
|
*
|
2022-11-02 05:36:03 +00:00
|
|
|
* Since this design uses signed bytes, your returned number may be used
|
2022-10-13 20:44:41 +00:00
|
|
|
* to control how much burstiness is allowed. For example:
|
|
|
|
|
*
|
|
|
|
|
* int t = AcquireToken(tok.b, ip, 22);
|
|
|
|
|
* if (t < 64) {
|
|
|
|
|
* if (t > 8) write(client, "HTTP/1.1 429 \r\n\r\n", 17);
|
|
|
|
|
* close(client);
|
|
|
|
|
* return;
|
|
|
|
|
* }
|
2022-10-11 17:11:57 +00:00
|
|
|
*
|
2022-11-02 05:36:03 +00:00
|
|
|
* Could be used to send rejections to clients that exceed their tokens,
|
|
|
|
|
* whereas clients who've grossly exceeded their tokens, could simply be
|
|
|
|
|
* dropped.
|
2022-10-11 17:11:57 +00:00
|
|
|
*
|
2022-11-02 05:36:03 +00:00
|
|
|
* @param b is array of token buckets
|
|
|
|
|
* @param x is ipv4 address
|
2022-10-11 17:11:57 +00:00
|
|
|
* @param c is cidr
|
|
|
|
|
*/
|
2022-10-13 20:44:41 +00:00
|
|
|
int AcquireToken(atomic_schar *b, uint32_t x, int c) {
|
2022-10-11 17:11:57 +00:00
|
|
|
uint32_t i = x >> (32 - c);
|
2022-10-13 20:44:41 +00:00
|
|
|
int t = atomic_load_explicit(b + i, memory_order_relaxed);
|
|
|
|
|
if (t <= 0)
|
|
|
|
|
return t;
|
|
|
|
|
return atomic_fetch_add_explicit(b + i, -1, memory_order_relaxed);
|
2022-10-11 17:11:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns current number of tokens in bucket.
|
|
|
|
|
*
|
2022-11-02 05:36:03 +00:00
|
|
|
* @param b is array of token buckets
|
|
|
|
|
* @param x is ipv4 address
|
2022-10-11 17:11:57 +00:00
|
|
|
* @param c is cidr
|
|
|
|
|
*/
|
|
|
|
|
int CountTokens(atomic_schar *b, uint32_t x, int c) {
|
|
|
|
|
uint32_t i = x >> (32 - c);
|
|
|
|
|
return atomic_load_explicit(b + i, memory_order_relaxed);
|
|
|
|
|
}
|
