prosody
38c95544b7ee
util/throttle.lua
Software / code / prosody
File
util/throttle.lua @ 13289:38c95544b7ee
mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 26 Oct 2023 15:14:39 +0100 |
| parent | 12975:d10957394a3c |
line wrap: on
line source
local gettime = require "prosody.util.time".now local setmetatable = setmetatable; local _ENV = nil; -- luacheck: std none local throttle = {}; local throttle_mt = { __index = throttle }; function throttle:update() local newt = gettime(); local elapsed = newt - self.t; self.t = newt; local balance = (self.rate * elapsed) + self.balance; if balance > self.max then self.balance = self.max; else self.balance = balance; end return self.balance; end function throttle:peek(cost) cost = cost or 1; return self.balance >= cost or self:update() >= cost; end function throttle:poll(cost, split) if self:peek(cost) then self.balance = self.balance - cost; return true; else local balance = self.balance; if split then self.balance = 0; end return false, balance, (cost-balance); end end local function create(max, period) return setmetatable({ rate = max / period, max = max, t = gettime(), balance = max }, throttle_mt); end return { create = create; };
