From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id CD1791FF16B for ; Fri, 7 Nov 2025 14:24:46 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 449881124D; Fri, 7 Nov 2025 14:25:29 +0100 (CET) Message-ID: <0de60db2-7476-4990-a65c-744165b915c7@proxmox.com> Date: Fri, 7 Nov 2025 14:24:55 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Hannes Laimer To: pbs-devel@lists.proxmox.com References: <20250909085245.91641-1-h.laimer@proxmox.com> Content-Language: en-US In-Reply-To: <20250909085245.91641-1-h.laimer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762521875712 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.044 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] superseded: [PATCH proxmox{, -backup} 0/6] add user specific rate-limits X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" superseded-by: https://lore.proxmox.com/pbs-devel/20251107132329.42965-1-h.laimer@proxmox.com/T/#t On 9/9/25 10:53, Hannes Laimer wrote: > This adds support for specifying user specific rate-limits. > We add a user-tag to every rate-limited connection, with this present we > can limit the connection based on the authenticated user assiciated with > it. > > Authentication happens after accept, so we can't set this right when we > accept a connection. Currently we initialize the handle on accept, we > then give this handle to the rate_limiter callback function. And on > completed authentication we set the user using this handle. > I did consider using a Peer -> User map in the cache, and just adding > entries on auth, but there isn't really a good way to clean those > entries. And peers(so IP:port) may end up being reused, and that would > be a problem. With the current approach we don't have this problem. > > Currently rules with a user specified take priority over others. So: > user > IP only > neither, in case two rules match. > > If users and networks are specified, the rule only applies if both > match. So, Any of the specified user connect from any of the specified > network. > > And all of this ofc still only if the given timeframe matches. > > Note: this is only for users, you can't specify individual tokens. But I > don't think that is much of a problem, it is probably even better like > this. > > (I did look through BZ if there is an issue for this, I feel like there > should be, but did not find one) > > proxmox: > > Hannes Laimer (3): > pbs-api-types: add users to traffic-control rule > http: add user tag to rate-limited streams > rest-server: add use tag field to RateLimitedStreams > > pbs-api-types/src/traffic_control.rs | 9 ++++ > proxmox-http/src/rate_limited_stream.rs | 30 ++++++++++- > proxmox-rest-server/src/connection.rs | 16 +++++- > proxmox-rest-server/src/rest.rs | 72 ++++++++++++++++++++++++- > 4 files changed, 123 insertions(+), 4 deletions(-) > > > proxmox-backup: > > Hannes Laimer (3): > api: taffic-control: update/delete users on rule correctly > traffic-control: handle users specified in a rule correctly > ui: traffic-control: add users field in edit form and list > > src/api2/config/traffic_control.rs | 8 +++ > src/bin/proxmox-backup-proxy.rs | 7 +- > src/traffic_control_cache.rs | 100 +++++++++++++++++++++++++---- > www/config/TrafficControlView.js | 7 ++ > www/window/TrafficControlEdit.js | 18 ++++++ > 5 files changed, 126 insertions(+), 14 deletions(-) > > > Summary over all repositories: > 9 files changed, 249 insertions(+), 18 deletions(-) > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel