From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id C17CC1FF179 for ; Wed, 12 Nov 2025 11:36:14 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 062BF1E8CB; Wed, 12 Nov 2025 11:37:02 +0100 (CET) Message-ID: Date: Wed, 12 Nov 2025 11:36:28 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Hannes Laimer To: pbs-devel@lists.proxmox.com References: <20251110134255.69132-1-h.laimer@proxmox.com> Content-Language: en-US In-Reply-To: <20251110134255.69132-1-h.laimer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762943764070 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.048 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] superseded: [PATCH proxmox{, -backup} v3 0/6] add user specific rate-limits X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" superseded-by: https://lore.proxmox.com/pbs-devel/20251112103505.122844-1-h.laimer@proxmox.com/T/#t On 11/10/25 14:43, Hannes Laimer wrote: > When a connection is accepted we create a shared tag handle for its > rate-limited stream. The REST layer clears that handle before every > request. Once a request authenticates successfully, we push a > User(...) tag with the auth ID. Failed or unauthenticated requests > leave the tag list empty. RateLimitedStream watches that handle and > forces an immediate limiter refresh whenever the tag set changes so > user-specific throttles take effect right away. > > Currently rules with a user specified take priority over others. So: > user > IP only > neither, in case two rules match. > > If users and networks are specified, the rule only applies if both > match. So, Any of the specified user connect from any of the specified > network. > > And all of this ofc still only if the given timeframe matches. > > I did also test this with a basic nginx reverse proxy configured with > `keepalive 32`, I didn't run into problems using this setup. > > v3, thanks @Chris!: > - simplify code by passing the taglist to the callback, as sugested by > Chris > - mention potential future use-case in commit message > - created documented type for 3-tuple and inlined var for printing > > v2, thanks @Chris!: > - fix problem with tag staying on connection after request finishes, > and with when it would be set in first place > - use a more generic tag-list on the connection, this is more general > - tag is now an enum, like chris suggested, this should make it > somewhat easy to extend if we at some point should want to > > > proxmox: > > Hannes Laimer (3): > pbs-api-types: allow traffic-control rules to match users > http: track user tag updates on rate-limited streams > rest-server: propagate rate-limit tags from authenticated users > > pbs-api-types/src/traffic_control.rs | 9 ++ > proxmox-http/src/lib.rs | 2 +- > proxmox-http/src/rate_limited_stream.rs | 40 ++++++- > proxmox-rest-server/src/connection.rs | 11 +- > proxmox-rest-server/src/rest.rs | 137 +++++++++++++++++++++++- > 5 files changed, 186 insertions(+), 13 deletions(-) > > > proxmox-backup: > > Hannes Laimer (3): > api: taffic-control: update/delete users on rule correctly > traffic-control: handle users specified in a rule correctly > ui: traffic-control: add users field in edit form and list > > src/api2/config/traffic_control.rs | 8 +++ > src/bin/proxmox-backup-proxy.rs | 12 +++- > src/traffic_control_cache.rs | 105 +++++++++++++++++++++++++---- > www/config/TrafficControlView.js | 7 ++ > www/window/TrafficControlEdit.js | 18 +++++ > 5 files changed, 136 insertions(+), 14 deletions(-) > > > Summary over all repositories: > 10 files changed, 322 insertions(+), 27 deletions(-) > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel