From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id D7D031FF165 for ; Thu, 6 Nov 2025 10:41:47 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BBD4B11F64; Thu, 6 Nov 2025 10:42:28 +0100 (CET) Message-ID: <906d08a7-7c33-410a-b356-975834bd2c7e@proxmox.com> Date: Thu, 6 Nov 2025 10:41:54 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: pbs-devel@lists.proxmox.com References: <20250909085245.91641-1-h.laimer@proxmox.com> Content-Language: en-US From: Hannes Laimer In-Reply-To: <20250909085245.91641-1-h.laimer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762422095653 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.042 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox{, -backup} 0/6] add user specific rate-limits X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" ping On 9/9/25 10:53, Hannes Laimer wrote: > This adds support for specifying user specific rate-limits. > We add a user-tag to every rate-limited connection, with this present we > can limit the connection based on the authenticated user assiciated with > it. > > Authentication happens after accept, so we can't set this right when we > accept a connection. Currently we initialize the handle on accept, we > then give this handle to the rate_limiter callback function. And on > completed authentication we set the user using this handle. > I did consider using a Peer -> User map in the cache, and just adding > entries on auth, but there isn't really a good way to clean those > entries. And peers(so IP:port) may end up being reused, and that would > be a problem. With the current approach we don't have this problem. > > Currently rules with a user specified take priority over others. So: > user > IP only > neither, in case two rules match. > > If users and networks are specified, the rule only applies if both > match. So, Any of the specified user connect from any of the specified > network. > > And all of this ofc still only if the given timeframe matches. > > Note: this is only for users, you can't specify individual tokens. But I > don't think that is much of a problem, it is probably even better like > this. > > (I did look through BZ if there is an issue for this, I feel like there > should be, but did not find one) > > proxmox: > > Hannes Laimer (3): > pbs-api-types: add users to traffic-control rule > http: add user tag to rate-limited streams > rest-server: add use tag field to RateLimitedStreams > > pbs-api-types/src/traffic_control.rs | 9 ++++ > proxmox-http/src/rate_limited_stream.rs | 30 ++++++++++- > proxmox-rest-server/src/connection.rs | 16 +++++- > proxmox-rest-server/src/rest.rs | 72 ++++++++++++++++++++++++- > 4 files changed, 123 insertions(+), 4 deletions(-) > > > proxmox-backup: > > Hannes Laimer (3): > api: taffic-control: update/delete users on rule correctly > traffic-control: handle users specified in a rule correctly > ui: traffic-control: add users field in edit form and list > > src/api2/config/traffic_control.rs | 8 +++ > src/bin/proxmox-backup-proxy.rs | 7 +- > src/traffic_control_cache.rs | 100 +++++++++++++++++++++++++---- > www/config/TrafficControlView.js | 7 ++ > www/window/TrafficControlEdit.js | 18 ++++++ > 5 files changed, 126 insertions(+), 14 deletions(-) > > > Summary over all repositories: > 9 files changed, 249 insertions(+), 18 deletions(-) > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel