Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement server-side rate limits for Key Images on FLR #3314

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

awygle
Copy link
Contributor

@awygle awygle commented Apr 12, 2023

This PR implements server-side rate limits for Key Images on FLR

Motivation

This is needed because of bad clients locking up our servers.

Future Work

This implementation isn't what we want to end up with long-term. We ultimately want to return rate limit messages in-band, with a higher hard rate limit for clients that don't respect them.

@awygle awygle force-pushed the feature/fog-ledger-router branch 3 times, most recently from e024ac6 to fee2eb8 Compare April 21, 2023 18:48
Base automatically changed from feature/fog-ledger-router to master April 24, 2023 18:17
@awygle awygle force-pushed the awygle/flr-rate-limit branch from a905af2 to 5802dbb Compare April 26, 2023 17:10
@awygle awygle force-pushed the awygle/flr-rate-limit branch from 5802dbb to 996a1ee Compare April 26, 2023 17:23
Copy link
Collaborator

@nick-mobilecoin nick-mobilecoin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

main blocker is the test, and local manipulation of the test, doesn't seem to indicate it works correctly.
I haven't reviewed new dependencies. I like the idea of the interface for the governor crate, I wish it didn't pull so many deps in.

@@ -266,6 +266,22 @@ pub fn rpc_unavailable_error<S: Display, E: Display>(
)
}

/// Resource exhausted error may be returned if a rate limit is exceeded.
#[inline]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔧 I'm guessing this use of #[inline] is more for consistency with the rest of the file.
I would vote for not using #[inline] over keeping the file consistent, unless it can be proven to be required for performance.

While inline is a technically a hint to the compiler, implementation wise, it's treated as "almost always inline". Looking at these functions/macros I've got a strong hunch function call overhead is a drop in the bucket compared to the other work happening. Inline can have negative side effects like; binary code bloat and developers reluctant to refactor since inline can often indicate performance critical code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with removing #[inline] (I do agree it's not needed in these cases), but I should mention that "it's treated as 'almost always inline'" is LLVM's default mode (the joke on the LLVM developer IRC is "LLVM's inlining heuristic is 'yes'").

fog/ledger/server/tests/router_integration.rs Show resolved Hide resolved
Comment on lines +232 to +237
rate_limit_burst_period: test_config
.rate_limit_period
.unwrap_or(Duration::from_secs(10)),
rate_limit_max_burst: test_config
.rate_limit_max
.unwrap_or(NonZeroU32::new(80).unwrap()),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔧 This feels a little odd that the test config is set to None and then here it decides to use a default based on None. The best wording I can think is that this spreads the "default" logic around (of the TestConfig) instead of keeping it in one place.
Suggest creating a new() method for TestConfig that the other tests use to initialize with default limits,
And then if desired create a new with limits for the limit test.

@@ -136,7 +149,6 @@ impl LedgerGrpcClient {
&mut self,
key_images: &[KeyImage],
) -> Result<CheckKeyImagesResponse, Error> {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓ Double checking. This was removed because it's redundant with the following?

.with_context(create_context(&tracer, "check_key_images"))

fog/ledger/server/tests/router_connection.rs Outdated Show resolved Hide resolved
fog/ledger/server/tests/router_integration.rs Outdated Show resolved Hide resolved
fog/ledger/connection/src/router_client.rs Show resolved Hide resolved
fog/ledger/server/src/config.rs Show resolved Hide resolved
fog/ledger/server/src/config.rs Show resolved Hide resolved
fog/ledger/server/src/router_service.rs Outdated Show resolved Hide resolved
@awygle awygle requested review from nick-mobilecoin and jcape May 1, 2023 17:25
@jcape jcape linked an issue May 5, 2023 that may be closed by this pull request
@joekottke joekottke removed the request for review from jcape July 5, 2023 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Needs Review
Development

Successfully merging this pull request may close these issues.

Fog key image service rate-limiting
2 participants