summaryrefslogtreecommitdiffstats
path: root/src/bloombucket.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move functions from header files into dedicated fileMatt Dunwoodie2019-09-221-89/+0
| | | | | | | | The header files were nice while experimenting, but they are not ideal. Currently we have all the custom data structures in kerk/kern_wg.c, which would ideally not be named after wireguard, But for the time being, at least they're organised.
* Add bloombucket.h for ratelimiting.Matt Dunwoodie2019-08-221-0/+127
In my perpetual quest for allocationless datastructures, this bloombucket attempts to rate limit an arbitrary number of peers during initiation. It works on a mix of a bloom filter and a token bucket, and has configurable parameters for size and number of hashes. The hashes are kept independent by using unique siphash keys. The idea is that a unique input, in this case the peer ip will be hashed into multiple buckets, and each of those buckets incremented. When evaluating if a packet should be rate limited, it sees if at least one of those buckets is not at the threshold. I don't have any good mathematical notes behind this, but will need to sit down and do some tests to get some sane defaults for the values.