• Publicity: Public Only All

throttle_mod-procs.tcl

This file defines the following Objects and Classes: ::throttle[i], ::Counter[i], ::Users[i]

Location:
packages/xotcl-request-monitor/tcl/throttle_mod-procs.tcl

Procedures in this file

Detailed information

Object ::throttle (public)

  Object ::throttle

This is a small request-throttle application that handles simple DoS-attacks on the server. A user (request key) is identified via ipAddr or some other key, such as an authenticated userid.

XOTcl Parameters for Class Throttle:

  • timeWindow:Time window for computing detailed statistics; can be configured via OpenACS package parameter time-window
  • timeoutMs: Time window to keep statistics for a user
  • startThrottle: If user requests more than this #, her requests are delayed. When larger than toMuch, the parameter is ignored
  • toMuch: If user requests more than this #, she is kicked out
The throttler is defined as a class running in a detached thread. See XOTcl API for Thread management for more details. It can be subclassed to define e.g. different kinds of throttling policies for different kind of request keys. Note that the throttle thread itself does not block, only the connection thread blocks if necessary (on throttles).

The controlling thread contains the classes Users, Throttle, Counter, MaxCounter, ...

Author:
Gustaf Neumann
CVS ID:
$Id: throttle_mod-procs.tcl,v 1.67.2.57 2023/07/10 08:54:49 gustafn Exp $

Partial Call Graph (max 5 caller/called nodes):
%3 _ _ (public) acs::icanuse acs::icanuse (public) ad_conn ad_conn (public) ad_file ad_file (public) nsf::object::alloc nsf::object::alloc Object ::throttle Object ::throttle Object ::throttle->_ Object ::throttle->acs::icanuse Object ::throttle->ad_conn Object ::throttle->ad_file Object ::throttle->nsf::object::alloc

Testcases:
No testcase defined.

::Counter proc set_in_all_instances (public)

 ::Counter[i] set_in_all_instances var value

A helper function to set in all (direct or indirect) instances an instance variable to the same value. This is used here in combination with changing parameters

Parameters:
var
value

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::Users proc active (public)

 ::Users[i] active [ -full ]

Return a list of lists containing information about current users. If the switch 'full' is used this list contains these users who have used the server within the monitoring time window (per default: 10 minutes). Otherwise, just a list of requesters (user_ids or peer addresses for unauthenticated requests) is returned. If "-full" is used for each requester the last peer address, the last timestamp, the number of hits, a list of values for the activity calculations and the number of ip-switches the user is returned. The activity calculations are performed on base of an exponential smoothing algorithm which is calculated through an aggregated value, a timestamp (in minutes) and the number of hits in the monitored time window.

Switches:
-full
(optional)
Returns:
list with detailed user info

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::Users proc hits (public)

 ::Users[i] hits uid
Parameters:
uid - request key
Returns:
Number of hits by this user (in time window)

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::Users proc last_pa (public)

 ::Users[i] last_pa uid
Parameters:
uid - request key
Returns:
last peer address of the specified users

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::Users proc nr_active (public)

 ::Users[i] nr_active
Returns:
number of active users (in time window)

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::Users proc nr_authenticated (public)

 ::Users[i] nr_authenticated
Returns:
number of authenticated users (in time window)

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::Users proc nr_users_time_window (public)

 ::Users[i] nr_users_time_window
Returns:
number of different IP addresses and authenticated users (in time window)

Partial Call Graph (max 5 caller/called nodes):
%3 xo::is_ip xo::is_ip ::throttle ::Users proc nr_users_time_window ::throttle ::Users proc nr_users_time_window ::throttle ::Users proc nr_users_time_window->xo::is_ip

Testcases:
No testcase defined.

::Users proc user_is_active (public)

 ::Users[i] user_is_active uid
Parameters:
uid
Returns:
boolean value whether user is active

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::throttle Class ::Counter (public)

 ::xotcl::Class Class[i] [ -report report ] [ -timeoutMS timeoutMS ] \
    [ -stats stats ] [ -trend trend ] [ -c c ] [ -logging logging ] \
    [ -nr_trend_elements nr_trend_elements ] \
    [ -nr_stats_elements nr_stats_elements ]

This class holds the counted statistics so they do not have to be computed all the time from the list of requests. The statistics holding objects are instances of this class and initialized and called after the timeoutMS

Switches:
-report
(optional)
Report type of the instance. This could e.g. be hours and minutes
-timeoutMS
(optional)
How often are the statistics for this report computed
-stats
(optional)
stats keeps nr_stats_elements highest values with timestamp. These hold a list of lists of the actual stats in the form {time value}. Time is given like "Thu Sep 13 09:17:30 CEST 2007". This is used for displaying the maximum values
-trend
(optional)
trend keeps nr_trend_elements most recent values. This is used for displaying the graphics
-c
(optional)
counter
-logging
(optional)
If set to 1 the instance current value is logged to the counter.log file
-nr_trend_elements
(optional)
Number of data points that are used for the trend calculation. The default of 48 translates into "48 minutes" for the Views per minute or 48 hours for the views per hour.
-nr_stats_elements
(optional)
Number of data points for the stats values. The default of 5 will give you the highest datapoints over the whole period.

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

::throttle Class ::Users (public)

 ::xotcl::Class Class[i]

This class is responsible for the user tracking and is defined only in a separate Tcl thread named throttle. For each minute within the specified time-window an instance of this class exists keeping various statistics. When a minute ends the instance dropping out of the time window is destroyed. The procs of this class can be used to obtain various kinds of information.

Author:
Gustaf Neumann
CVS ID:
$Id: throttle_mod-procs.tcl,v 1.67.2.57 2023/07/10 08:54:49 gustafn Exp $

Partial Call Graph (max 5 caller/called nodes):
%3

Testcases:
No testcase defined.

throttle proc check (public)

 throttle[i] check

This method should be called once per request that is monitored. It should be called after authentication such we have already the userid if the user is authenticated.

Partial Call Graph (max 5 caller/called nodes):
%3 test_test_cr_items test_cr_items (test xotcl-core) throttle proc check throttle proc check test_test_cr_items->throttle proc check test_test_xo_db_object test_xo_db_object (test xotcl-core) test_test_xo_db_object->throttle proc check test_xotcl_core_tutorial_1 xotcl_core_tutorial_1 (test xotcl-core) test_xotcl_core_tutorial_1->throttle proc check test_xotcl_core_tutorial_2 xotcl_core_tutorial_2 (test xotcl-core) test_xotcl_core_tutorial_2->throttle proc check

Testcases:
xotcl_core_tutorial_1, xotcl_core_tutorial_2, test_xo_db_object, test_cr_items
[ show source ]