Kea 3.1.4
limit_manager.h
Go to the documentation of this file.
1// Copyright (C) 2022-2025 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7#ifndef ISC_LIMITS_RATE_LIMIT_MANAGER_H
8#define ISC_LIMITS_RATE_LIMIT_MANAGER_H
9
10#include <database/audit_entry.h>
11#include <dhcp/classify.h>
12#include <dhcp/pkt_template.h>
13#include <dhcpsrv/cfgmgr.h>
14#include <dhcpsrv/lease.h>
15#include <dhcpsrv/lease_mgr_factory.h>
16#include <dhcpsrv/srv_config.h>
17#include <dhcpsrv/subnet.h>
18#include <dhcpsrv/subnet_id.h>
19#include <hooks/hooks.h>
20#include <limits/configuration.h>
21#include <limits/limits_logger.h>
22#include <stats/stats_mgr.h>
23#include <util/dhcp_space.h>
24#include <util/multi_threading_mgr.h>
25
26#include <boost/circular_buffer.hpp>
27
28#include <chrono>
29#include <unordered_map>
30#include <vector>
31
32namespace isc {
33namespace limits {
34
36using TimePoint = std::chrono::time_point<std::chrono::system_clock>;
37
40using TimeSeries = boost::circular_buffer<TimePoint>;
41
51
53typedef std::shared_ptr<ProtectedTimeSeries> ProtectedTimeSeriesPtr;
54
56struct LimitManager {
60 static LimitManager& instance();
61
63 void clear();
64
71 void initialize(isc::dhcp::SrvConfigPtr const& config);
72
79 void parse(isc::dhcp::SrvConfigPtr const& config);
80
93 template <isc::util::DhcpSpace D>
94 int cb_updated(isc::hooks::CalloutHandle& handle) {
95 isc::hooks::CalloutHandle::CalloutNextStep const status(handle.getStatus());
96 if (status == isc::hooks::CalloutHandle::NEXT_STEP_DROP ||
97 status == isc::hooks::CalloutHandle::NEXT_STEP_SKIP) {
98 return (0);
99 }
100
101 isc::db::AuditEntryCollectionPtr audit_entries;
102 handle.getArgument("audit_entries", audit_entries);
103 if (!audit_entries) {
104 isc_throw(Unexpected, "null audit_entries in LimitManager::cb_updated");
105 }
106
107 auto const& object_type_index(audit_entries->get<isc::db::AuditEntryObjectTypeTag>());
108 auto const& client_class_range(object_type_index.equal_range(
109 isc::util::formatDhcpSpace<D>("dhcp{}_client_class")));
110 auto const& subnet_range(object_type_index.equal_range(
111 isc::util::formatDhcpSpace<D>("dhcp{}_subnet")));
112
113 // If any client classes or subnets changed, reparse the entire configuration.
114 if (std::distance(client_class_range.first, client_class_range.second) ||
115 std::distance(subnet_range.first, subnet_range.second)) {
116 LimitManager::instance().parse(isc::dhcp::CfgMgr::instance().getCurrentCfg());
117 }
118
119 return (0);
120 }
121
130 template <isc::util::DhcpSpace D>
131 int dhcp_srv_configured(isc::hooks::CalloutHandle& handle) {
132 isc::hooks::CalloutHandle::CalloutNextStep const status(handle.getStatus());
133 if (status == isc::hooks::CalloutHandle::NEXT_STEP_DROP ||
134 status == isc::hooks::CalloutHandle::NEXT_STEP_SKIP) {
135 return (0);
136 }
137
138 if (isc::dhcp::LeaseMgrFactory::haveInstance()) {
139 // If lease limiting is used, make sure the database has JSON support.
140 if (!isc::dhcp::LeaseMgrFactory::instance().isJsonSupported()) {
141 const std::string error("The lease database you have configured "
142 "does not support JSON operations which are required for lease "
143 "limiting.");
144 handle.setArgument("error", error);
145 handle.setStatus(isc::hooks::CalloutHandle::NEXT_STEP_DROP);
146 return (1);
147 }
148
149 // Recount the leases by class.
150 recountClassLeases<D>();
151 } else {
152 std::string const lease_db_access_string(isc::dhcp::CfgMgr::instance()
153 .getStagingCfg()
154 ->getCfgDbAccess()
155 ->getLeaseDbAccessString());
156 if (lease_db_access_string.find("retry-on-startup=true") &&
157 (lease_db_access_string.find("type=mysql") ||
158 lease_db_access_string.find("type=postgresql"))) {
159 LOG_WARN(limits_logger, LIMITS_CONFIGURATION_LEASE_BACKEND_NOT_AVAILABLE);
160 } else {
161 LOG_ERROR(limits_logger,
162 LIMITS_CONFIGURATION_LEASE_BACKEND_SHOULD_HAVE_BEEN_AVAILABLE);
163 }
164 }
165
166 return (0);
167 }
168
179 template <isc::util::DhcpSpace D>
180 int pkt_receive(isc::hooks::CalloutHandle& handle) {
181 isc::hooks::CalloutHandle::CalloutNextStep const status(handle.getStatus());
182 if (status == isc::hooks::CalloutHandle::NEXT_STEP_DROP ||
183 status == isc::hooks::CalloutHandle::NEXT_STEP_SKIP) {
184 return (0);
185 }
186
187 // Get the client classes.
188 isc::dhcp::PktTPtr<D> packet;
189 handle.getArgument(isc::util::formatDhcpSpace<D>("query{}"), packet);
190 if (!packet) {
191 isc_throw(Unexpected, "null packet in LimitManager::pkt_receive");
192 }
193 auto const& classes(packet->getClasses());
194
195 // To be able to iterate over client classes and template classes, all
196 // regular classes must be added to a SubClassContainer with subclass
197 // name set to the same value as template class name.
198 auto const& relations = packet->getSubClassesRelations();
199
200 // Get the current time.
201 TimePoint const now(std::chrono::system_clock::now());
202
203 // Should contain client classes that are both in the packet and that are limited.
204 std::vector<isc::dhcp::ClientClass> common_client_classes;
205
206 // Lock a global-wide mutex for all client classes. It's not a necessary condition, but it's
207 // sufficient. Locking per client class, similarly to how it happens for subnet IDs would
208 // have been more efficient in a more heterogeneous class-to-packet distribution, but that
209 // situation is not guaranteed.
210 isc::util::MultiThreadingLock lock(mutex_);
211
212 // Check if the rate limit is respected.
213 for (auto const& c : relations) {
214 auto const& class_def = isc::dhcp::CfgMgr::instance().getCurrentCfg()->getClientClassDictionary()->findClass(c.class_def_);
215 if (!class_def) {
216 continue;
217 }
218
219 auto const &limit_cfg = rate_limit_configuration_.parseUserContext(class_def->getContext());
220
221 if (!limit_cfg) {
222 continue;
223 }
224
225 // Get the limit.
226 RateLimit const& limit(limit_cfg->stringValue());
227
228 // Get the time series. Create a list on this class if not already added to the map.
229 TimeSeries& time_series(clocked_in_times_by_class_[c.class_]);
230
231 time_series.set_capacity(limit.allowed_packets_);
232
233 // Remove all expired times.
234 while (!time_series.empty()) {
235 if (time_series.back() + limit.time_unit_ < now) {
236 time_series.pop_back();
237 } else {
238 // This is an optimization. Job is finished at the first time point that is not
239 // expired. The rest are sorted and higher in value, thus not expired.
240 break;
241 }
242 }
243
244 // Effectively check the limit.
245 if (time_series.size() == limit.allowed_packets_) {
246 // Drop the packet.
247 handle.setStatus(isc::hooks::CalloutHandle::NEXT_STEP_DROP);
248
249 LOG_DEBUG(limits_logger, isc::log::DBGLVL_TRACE_BASIC,
250 LIMITS_PACKET_WITH_CLIENT_CLASSES_RATE_LIMIT_DROPPED)
251 .arg(classes.toText())
252 .arg(limit.text_)
253 .arg(c.class_);
254
255 // No need to check other client classes since packet is dropped.
256 break;
257 }
258
259 // Cache the set of client classes that are both in the packet and limited. If packet is
260 // not dropped, they will be iterated through one more time further below. As such, the
261 // configuration lookup for each client class at the beginning of this loop will no
262 // longer be required.
263 common_client_classes.push_back(c.class_);
264 }
265
266 if (handle.getStatus() == isc::hooks::CalloutHandle::NEXT_STEP_DROP) {
267 isc::stats::StatsMgr& stats_mgr = isc::stats::StatsMgr::instance();
268 if (D == isc::util::DhcpSpace::DHCPv4) {
269 stats_mgr.addValue("pkt4-limit-exceeded",
270 static_cast<int64_t>(1));
271 stats_mgr.addValue("pkt4-receive-drop",
272 static_cast<int64_t>(1));
273 } else {
274 stats_mgr.addValue("pkt6-limit-exceeded",
275 static_cast<int64_t>(1));
276 stats_mgr.addValue("pkt6-receive-drop",
277 static_cast<int64_t>(1));
278 }
279 } else {
280 // Honor the packet and keep track of it.
281 for (auto const& c : common_client_classes) {
282 TimeSeries& time_series(clocked_in_times_by_class_.at(c));
283 time_series.push_front(now);
284 }
285
286 // Only log that the packet is within the limit if this packet is being rate limited.
287 if (!common_client_classes.empty()) {
288 LOG_DEBUG(limits_logger, isc::log::DBGLVL_TRACE_DETAIL_DATA,
289 LIMITS_PACKET_WITH_CLIENT_CLASSES_RATE_LIMIT_HONORED)
290 .arg(classes.toText());
291 }
292 }
293
294 return (0);
295 }
296
309 template <isc::util::DhcpSpace D>
310 int subnet_select(isc::hooks::CalloutHandle& handle) {
311 isc::hooks::CalloutHandle::CalloutNextStep const status(handle.getStatus());
312 if (status == isc::hooks::CalloutHandle::NEXT_STEP_DROP ||
313 status == isc::hooks::CalloutHandle::NEXT_STEP_SKIP) {
314 return (0);
315 }
316
317 // Get the subnet ID.
318 isc::dhcp::ConstSubnetTPtr<D> subnet;
319 handle.getArgument(isc::util::formatDhcpSpace<D>("subnet{}"), subnet);
320 if (!subnet) {
321 LOG_DEBUG(limits_logger, isc::log::DBGLVL_TRACE_DETAIL_DATA,
322 LIMITS_PACKET_WIIH_SUBNET_ID_RATE_NO_SUBNET);
323 return (0);
324 }
325 isc::dhcp::SubnetID const subnet_id(subnet->getID());
326
327 RateLimit limit;
328 auto const& limit_cfg = subnetRateLimit<D>(subnet_id);
329 if (limit_cfg) {
330 // Get the limit.
331 limit = RateLimit(limit_cfg->stringValue());
332 } else {
333 return (0);
334 }
335
336 ProtectedTimeSeriesPtr time_series;
337
338 // Lock a global-wide mutex while configuration can be read-to and written-from.
339 {
340 isc::util::MultiThreadingLock lock(mutex_);
341
342 // Create a time series on this subnet ID if not already added to the map.
343 ProtectedTimeSeriesPtr& time_series_ref(clocked_in_times_by_subnet_id_[subnet_id]);
344 if (!time_series_ref) {
345 time_series_ref = std::make_shared<ProtectedTimeSeries>();
346 }
347 time_series = time_series_ref;
348 }
349
350 // Get the current time.
351 TimePoint const now(std::chrono::system_clock::now());
352
353 // Lock the mutex on this subnet ID.
354 isc::util::MultiThreadingLock lock(time_series->mutex_);
355
356 time_series->time_points_.set_capacity(limit.allowed_packets_);
357
358 // Remove all expired times.
359 while (!time_series->time_points_.empty()) {
360 if (time_series->time_points_.back() + limit.time_unit_ < now) {
361 time_series->time_points_.pop_back();
362 } else {
363 // This is an optimization. Job is finished at the first time point that is not
364 // expired. The rest are sorted and higher in value, thus not expired.
365 break;
366 }
367 }
368
369 // Check the limit.
370 if (time_series->time_points_.size() < limit.allowed_packets_) {
371 // Honor the packet and keep track of it.
372 time_series->time_points_.push_front(now);
373 } else {
374 // Drop the packet.
375 handle.setStatus(isc::hooks::CalloutHandle::NEXT_STEP_DROP);
376
377 LOG_DEBUG(limits_logger, isc::log::DBGLVL_TRACE_BASIC,
378 LIMITS_PACKET_WITH_SUBNET_ID_RATE_LIMIT_DROPPED)
379 .arg(subnet_id)
380 .arg(limit.text_);
381
382 isc::stats::StatsMgr& stats_mgr = isc::stats::StatsMgr::instance();
383 if (D == isc::util::DhcpSpace::DHCPv4) {
384 stats_mgr.addValue("pkt4-limit-exceeded",
385 static_cast<int64_t>(1));
386 stats_mgr.addValue("pkt4-receive-drop",
387 static_cast<int64_t>(1));
388 } else {
389 stats_mgr.addValue("pkt6-limit-exceeded",
390 static_cast<int64_t>(1));
391 stats_mgr.addValue("pkt6-receive-drop",
392 static_cast<int64_t>(1));
393 }
394
395 return (0);
396 }
397
398 LOG_DEBUG(limits_logger, isc::log::DBGLVL_TRACE_DETAIL_DATA,
399 LIMITS_PACKET_WITH_SUBNET_ID_RATE_LIMIT_HONORED)
400 .arg(subnet_id)
401 .arg(limit.text_);
402
403 return (0);
404 }
405
421 template <isc::util::DhcpSpace D>
422 int lease_callout(isc::hooks::CalloutHandle& handle, bool lease_update = false) {
423 isc::hooks::CalloutHandle::CalloutNextStep const status(handle.getStatus());
424 if (status == isc::hooks::CalloutHandle::NEXT_STEP_DROP ||
425 status == isc::hooks::CalloutHandle::NEXT_STEP_SKIP) {
426 return (0);
427 }
428
429 // Get the lease.
430 isc::dhcp::LeaseTPtr<D> lease;
431 handle.getArgument(isc::util::formatDhcpSpace<D>("lease{}"), lease);
432 if (!lease) {
433 isc_throw(Unexpected, "null lease in LimitManager::lease_callout");
434 }
435 isc::dhcp::SubnetID const subnet_id(lease->subnet_id_);
436
437 // Get the client classes.
438 isc::dhcp::PktTPtr<D> packet;
439 handle.getArgument(isc::util::formatDhcpSpace<D>("query{}"), packet);
440 if (!packet) {
441 isc_throw(Unexpected, "null packet in LimitManager::lease_callout");
442 }
443 auto const& classes(packet->getClasses());
444
445 // Add client classes to the lease context.
446 addClientClassesToLeaseContext(classes, lease);
447
448 // Don't check limits for lease renewals.
449 if (lease_update) {
450 return (0);
451 }
452
453 // To be able to iterate over client classes and template classes, all
454 // regular classes must be added to a SubClassContainer with subclass
455 // name set to the same value as template class name.
456 auto const& relations(packet->getSubClassesRelations());
457
458 // Create parts of the limits context.
459 // Add client class limits to the context.
460 isc::data::ElementPtr client_class_limits = clientClassLimitsToElement<D>(relations, lease->getType());
461 // Add subnet limits to the context.
462 isc::data::ElementPtr subnet_limit = subnetLimitToElement<D>(subnet_id, lease->getType());
463
464 // Tie the limits together into an "ISC" context.
465 isc::data::ElementPtr limits(isc::data::Element::createMap());
466 if (!client_class_limits->empty()) {
467 limits->set("client-classes", client_class_limits);
468 }
469 if (!subnet_limit->empty()) {
470 limits->set("subnet", subnet_limit);
471 }
472 if (limits->empty()) {
473 // No limits means we let the lease through by default. Exit here so that we don't check
474 // lease limits for nothing and so that we don't log details on non-limited leases.
475 return (0);
476 }
477 isc::data::ElementPtr ISC(isc::data::Element::createMap());
478 ISC->set("limits", limits);
479 isc::data::ElementPtr context(isc::data::Element::createMap());
480 context->set("ISC", ISC);
481
482 // Check lease limits.
483 std::string const limit_exceeded_text(checkLeaseLimits<D>(context));
484 if (limit_exceeded_text.empty()) {
485 LOG_DEBUG(limits_logger, isc::log::DBGLVL_TRACE_BASIC, LIMITS_LEASE_WITHIN_LIMITS)
486 .arg(lease->addr_);
487 } else {
488 // Prevent the lease from being allocated.
489 handle.setStatus(isc::hooks::CalloutHandle::NEXT_STEP_SKIP);
490
491 LOG_DEBUG(limits_logger, isc::log::DBGLVL_TRACE_BASIC, LIMITS_LEASE_LIMIT_EXCEEDED)
492 .arg(limit_exceeded_text);
493 }
494
495 return (0);
496 }
497
498private:
503 void addClientClassesToLeaseContext(isc::dhcp::ClientClasses const& classes,
504 isc::dhcp::LeasePtr const& lease);
505
517 template <isc::util::DhcpSpace D>
518 isc::data::ElementPtr clientClassLimitsToElement(isc::dhcp::SubClassRelationContainer const& classes,
519 isc::dhcp::Lease::Type const& lease_type);
520
531 template <isc::util::DhcpSpace D>
532 isc::data::ElementPtr subnetLimitToElement(isc::dhcp::SubnetID const subnet_id,
533 isc::dhcp::Lease::Type const& lease_type);
534
542 template <isc::util::DhcpSpace D>
543 isc::data::ConstElementPtr subnetRateLimit(isc::dhcp::SubnetID const subnet_id);
544
556 template <isc::util::DhcpSpace D>
557 std::string checkLeaseLimits(isc::data::ConstElementPtr const& context) const;
558
562 template <isc::util::DhcpSpace D>
563 void recountClassLeases() const;
564
567 std::unordered_map<isc::dhcp::ClientClass, TimeSeries> clocked_in_times_by_class_;
568
571 std::unordered_map<isc::dhcp::SubnetID, ProtectedTimeSeriesPtr> clocked_in_times_by_subnet_id_;
572
575 std::mutex mutex_;
576
578 AddressLimitConfiguration address_limit_configuration_;
579
581 PrefixLimitConfiguration prefix_limit_configuration_;
582
584 RateLimitConfiguration rate_limit_configuration_;
585
588 LimitManager() = default;
589 LimitManager(LimitManager const&) = delete;
590 LimitManager& operator=(LimitManager const&) = delete;
592};
593
594} // namespace limits
595} // namespace isc
596
597#endif // ISC_LIMITS_RATE_LIMIT_MANAGER_H
audit_entry.h
classify.h
Defines elements for storing the names of client classes.
isc::Unexpected
A generic exception that is thrown when an unexpected error condition occurs.
Definition exceptions/exceptions.h:153
isc::data::Element::createMap
static ElementPtr createMap(const Position &pos=ZERO_POSITION())
Creates an empty MapElement type ElementPtr.
Definition data.cc:304
isc::dhcp::CfgMgr::instance
static CfgMgr & instance()
returns a single instance of Configuration Manager
Definition cfgmgr.cc:29
isc::dhcp::CfgMgr::getCurrentCfg
SrvConfigPtr getCurrentCfg()
Returns a pointer to the current configuration.
Definition cfgmgr.cc:116
isc::dhcp::ClientClasses
Container for storing client class names.
Definition classify.h:110
isc::dhcp::LeaseMgrFactory::instance
static TrackingLeaseMgr & instance()
Return current lease manager.
Definition lease_mgr_factory.cc:124
isc::dhcp::LeaseMgrFactory::haveInstance
static bool haveInstance()
Indicates if the lease manager has been instantiated.
Definition lease_mgr_factory.cc:119
isc::hooks::CalloutHandle
Per-packet callout handle.
Definition callout_handle.h:78
isc::hooks::CalloutHandle::CalloutNextStep
CalloutNextStep
Specifies allowed next steps.
Definition callout_handle.h:86
isc::hooks::CalloutHandle::NEXT_STEP_DROP
@ NEXT_STEP_DROP
drop the packet
Definition callout_handle.h:89
isc::hooks::CalloutHandle::NEXT_STEP_SKIP
@ NEXT_STEP_SKIP
skip the next processing step
Definition callout_handle.h:88
isc::hooks::CalloutHandle::getStatus
CalloutNextStep getStatus() const
Returns the next processing step.
Definition callout_handle.h:241
isc::hooks::CalloutHandle::setStatus
void setStatus(const CalloutNextStep next)
Sets the next processing step.
Definition callout_handle.h:231
isc::hooks::CalloutHandle::getArgument
void getArgument(const std::string &name, T &value) const
Get argument.
Definition callout_handle.h:164
isc::hooks::CalloutHandle::setArgument
void setArgument(const std::string &name, T value)
Set argument.
Definition callout_handle.h:147
isc::stats::StatsMgr
Statistics Manager class.
Definition lib/stats/stats_mgr.h:65
isc::stats::StatsMgr::instance
static StatsMgr & instance()
Statistics Manager accessor method.
Definition lib/stats/stats_mgr.cc:30
dhcp_space.h
isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition exceptions/exceptions.h:210
isc::stats::StatsMgr::addValue
void addValue(const std::string &name, const int64_t value)
Records incremental integer observation.
Definition lib/stats/stats_mgr.cc:70
lease_mgr_factory.h
stats_mgr.h
limits_logger.h
LOG_ERROR
#define LOG_ERROR(LOGGER, MESSAGE)
Macro to conveniently test error output and log it.
Definition macros.h:32
LOG_WARN
#define LOG_WARN(LOGGER, MESSAGE)
Macro to conveniently test warn output and log it.
Definition macros.h:26
LOG_DEBUG
#define LOG_DEBUG(LOGGER, LEVEL, MESSAGE)
Macro to conveniently test debug output and log it.
Definition macros.h:14
multi_threading_mgr.h
isc::data::ConstElementPtr
boost::shared_ptr< const Element > ConstElementPtr
Definition data.h:29
isc::data::ElementPtr
boost::shared_ptr< Element > ElementPtr
Definition data.h:28
isc::db::error
@ error
Definition db_log.h:118
isc::db::AuditEntryCollectionPtr
boost::shared_ptr< AuditEntryCollection > AuditEntryCollectionPtr
Definition audit_entry.h:294
isc::dhcp::PktTPtr
boost::shared_ptr< PktT< D > > PktTPtr
Definition pkt_template.h:41
isc::dhcp::LeaseTPtr
boost::shared_ptr< LeaseT< D > > LeaseTPtr
Definition lease.h:730
isc::dhcp::SrvConfigPtr
boost::shared_ptr< SrvConfig > SrvConfigPtr
Non-const pointer to the SrvConfig.
Definition srv_config.h:1136
isc::dhcp::ConstSubnetTPtr
boost::shared_ptr< const SubnetT< D > > ConstSubnetTPtr
Definition subnet.h:1002
isc::dhcp::SubClassRelationContainer
boost::multi_index_container< SubClassRelation, boost::multi_index::indexed_by< boost::multi_index::sequenced< boost::multi_index::tag< TemplateClassSequenceTag > >, boost::multi_index::hashed_unique< boost::multi_index::tag< TemplateClassNameTag >, boost::multi_index::member< SubClassRelation, ClientClass, &SubClassRelation::class_def_ > > > > SubClassRelationContainer
the subclass multi-index.
Definition classify.h:104
isc::dhcp::SubnetID
uint32_t SubnetID
Defines unique IPv4 or IPv6 subnet identifier.
Definition subnet_id.h:25
isc::dhcp::LeasePtr
boost::shared_ptr< Lease > LeasePtr
Pointer to the lease object.
Definition lease.h:25
isc::limits::ProtectedTimeSeriesPtr
std::shared_ptr< ProtectedTimeSeries > ProtectedTimeSeriesPtr
Defines a smart pointer to a ProtectedTimeSeries.
Definition limit_manager.h:53
isc::limits::LIMITS_CONFIGURATION_LEASE_BACKEND_NOT_AVAILABLE
const isc::log::MessageID LIMITS_CONFIGURATION_LEASE_BACKEND_NOT_AVAILABLE
Definition limits_messages.h:11
isc::limits::TimePoint
std::chrono::time_point< std::chrono::system_clock > TimePoint
a point in time
Definition limit_manager.h:36
isc::limits::LIMITS_PACKET_WITH_SUBNET_ID_RATE_LIMIT_HONORED
const isc::log::MessageID LIMITS_PACKET_WITH_SUBNET_ID_RATE_LIMIT_HONORED
Definition limits_messages.h:25
isc::limits::LIMITS_LEASE_LIMIT_EXCEEDED
const isc::log::MessageID LIMITS_LEASE_LIMIT_EXCEEDED
Definition limits_messages.h:19
isc::limits::LIMITS_PACKET_WITH_SUBNET_ID_RATE_LIMIT_DROPPED
const isc::log::MessageID LIMITS_PACKET_WITH_SUBNET_ID_RATE_LIMIT_DROPPED
Definition limits_messages.h:24
isc::limits::LIMITS_LEASE_WITHIN_LIMITS
const isc::log::MessageID LIMITS_LEASE_WITHIN_LIMITS
Definition limits_messages.h:20
isc::limits::TimeSeries
boost::circular_buffer< TimePoint > TimeSeries
Holds a number of time points, used in limiting by a single criterion.
Definition limit_manager.h:40
isc::limits::LIMITS_PACKET_WITH_CLIENT_CLASSES_RATE_LIMIT_DROPPED
const isc::log::MessageID LIMITS_PACKET_WITH_CLIENT_CLASSES_RATE_LIMIT_DROPPED
Definition limits_messages.h:22
isc::limits::LIMITS_PACKET_WIIH_SUBNET_ID_RATE_NO_SUBNET
const isc::log::MessageID LIMITS_PACKET_WIIH_SUBNET_ID_RATE_NO_SUBNET
Definition limits_messages.h:21
isc::limits::LIMITS_CONFIGURATION_LEASE_BACKEND_SHOULD_HAVE_BEEN_AVAILABLE
const isc::log::MessageID LIMITS_CONFIGURATION_LEASE_BACKEND_SHOULD_HAVE_BEEN_AVAILABLE
Definition limits_messages.h:12
isc::limits::LIMITS_PACKET_WITH_CLIENT_CLASSES_RATE_LIMIT_HONORED
const isc::log::MessageID LIMITS_PACKET_WITH_CLIENT_CLASSES_RATE_LIMIT_HONORED
Definition limits_messages.h:23
isc::limits::limits_logger
isc::log::Logger limits_logger("limits-hooks")
Definition limits_logger.h:18
isc::log::DBGLVL_TRACE_BASIC
const int DBGLVL_TRACE_BASIC
Trace basic operations.
Definition log_dbglevels.h:69
isc::log::DBGLVL_TRACE_DETAIL_DATA
const int DBGLVL_TRACE_DETAIL_DATA
Trace data associated with detailed operations.
Definition log_dbglevels.h:78
isc::util::formatDhcpSpace
std::string formatDhcpSpace(char const *const format_string)
Replaces all occurrences of {} with 4 or 6 based on the templated DHCP space.
Definition dhcp_space.h:36
isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148
pkt_template.h
srv_config.h
isc::db::AuditEntryObjectTypeTag
Tag used to access index by object type.
Definition audit_entry.h:229
isc::dhcp::Lease::Type
Type
Type of lease or pool.
Definition lease.h:46
isc::limits::AddressLimitConfiguration
the configuration manager for address limiting
Definition configuration.h:136
isc::limits::LimitManager
Provides the capability to limit the number of leases or the response rate.
Definition limit_manager.h:56
isc::limits::LimitManager::cb_updated
int cb_updated(isc::hooks::CalloutHandle &handle)
cbX_updated hook point
Definition limit_manager.h:94
isc::limits::LimitManager::dhcp_srv_configured
int dhcp_srv_configured(isc::hooks::CalloutHandle &handle)
dhcpX_srv_configured hook point
Definition limit_manager.h:131
isc::limits::LimitManager::subnet_select
int subnet_select(isc::hooks::CalloutHandle &handle)
subnetX_select hook point
Definition limit_manager.h:310
isc::limits::LimitManager::pkt_receive
int pkt_receive(isc::hooks::CalloutHandle &handle)
pktX_receive hook point
Definition limit_manager.h:180
isc::limits::LimitManager::parse
void parse(isc::dhcp::SrvConfigPtr const &config)
Fetches limits from the given Kea configuration.
Definition limit_manager.cc:85
isc::limits::LimitManager::lease_callout
int lease_callout(isc::hooks::CalloutHandle &handle, bool lease_update=false)
leaseX_select hook point
Definition limit_manager.h:422
isc::limits::LimitManager::clear
void clear()
Clears the time series circular buffers in order to start over rate limiting.
Definition limit_manager.cc:37
isc::limits::LimitManager::initialize
void initialize(isc::dhcp::SrvConfigPtr const &config)
Reinitialize data structures required for limiting.
Definition limit_manager.cc:43
isc::limits::LimitManager::instance
static LimitManager & instance()
singleton access function
Definition limit_manager.cc:31
isc::limits::PrefixLimitConfiguration
the configuration manager for prefix limiting
Definition configuration.h:158
isc::limits::ProtectedTimeSeries
Holds a number of time points, used in limiting by a single criterion, and a mutex to protect concurr...
Definition limit_manager.h:44
isc::limits::ProtectedTimeSeries::mutex_
std::mutex mutex_
Protects against races on the time points which can be edited at each hook callout.
Definition limit_manager.h:46
isc::limits::ProtectedTimeSeries::time_points_
TimeSeries time_points_
Holds the actual time points.
Definition limit_manager.h:49
isc::limits::RateLimitConfiguration
the configuration manager for rate limiting
Definition configuration.h:180
isc::limits::RateLimit
a single rate-limiting entry configured as "rate-limit": "<n> packet[s] per <time-unit>"
Definition configuration.h:44
isc::limits::RateLimit::text_
std::string text_
a string representation of the rate limit as specified in the configuration used for logging purposes
Definition configuration.h:62
isc::limits::RateLimit::time_unit_
std::chrono::seconds time_unit_
Seconds of one time unit's worth.
Definition configuration.h:58
isc::limits::RateLimit::allowed_packets_
uint32_t allowed_packets_
the configured limit
Definition configuration.h:54
isc::util::MultiThreadingLock
RAII lock object to protect the code in the same scope with a mutex.
Definition multi_threading_mgr.h:349
subnet_id.h