ads: support envoy filter local ratelimit.

Signed-off-by: yuan <[email protected]>
kmesh-net · Sep 15, 2024 · 5964c91 · 5964c91
1 parent 53caaa8
commit 5964c91
Show file tree

Hide file tree

Showing 10 changed files with 389 additions and 30 deletions.
diff --git a/api/filter/ratelimit.proto b/api/filter/ratelimit.proto
@@ -0,0 +1,57 @@
+syntax = "proto3";
+
+package filter;
+option go_package = "kmesh.net/kmesh/api/filter;filter";
+
+/*
+  TokenBucket defines parameters for a token bucket rate limiter.
+  https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/v3/token_bucket.proto#envoy-v3-api-msg-type-v3-tokenbucket
+  {
+      "max_tokens": ...,
+      "tokens_per_fill": {...},
+      "fill_interval": {...}
+  }
+*/
+message TokenBucket {
+  // The maximum number of tokens in the bucket.
+  int64 max_tokens = 1;
+
+  // The number of tokens added to the bucket during each fill interval.
+  int64 tokens_per_fill = 2;
+
+  // The interval at which the bucket is refilled in nanoseconds.
+  int64 fill_interval = 3;
+}
+
+
+/*
+  LocalRateLimit defines parameters for local rate limiting.
+  https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/local_ratelimit/v3/local_rate_limit.proto#envoy-v3-api-msg-extensions-filters-http-local-ratelimit-v3-localratelimit
+  {
+      "stat_prefix": ...,
+      "status": {...},
+      "token_bucket": {...},
+      "filter_enabled": {...},
+      "filter_enforced": {...},
+      "request_headers_to_add_when_not_enforced": [],
+      "response_headers_to_add": [],
+      "descriptors": [],
+      "stage": ...,
+      "local_rate_limit_per_downstream_connection": ...,
+      "local_cluster_rate_limit": {...},
+      "enable_x_ratelimit_headers": ...,
+      "vh_rate_limits": ...,
+      "always_consume_default_token_bucket": {...},
+      "rate_limited_as_resource_exhausted": ...
+  }
+*/
+message LocalRateLimit {
+  reserved 1 to 2;
+
+  // The token bucket configuration for the rate limiter.
+  TokenBucket token_bucket = 3;
+
+  // Reserved field numbers for future use
+  reserved 4 to 15;
+}
+
diff --git a/api/listener/listener_components.proto b/api/listener/listener_components.proto
@@ -6,12 +6,14 @@ option go_package = "kmesh.net/kmesh/api/listener;listener";
 import "api/core/address.proto";
 import "api/filter/tcp_proxy.proto";
 import "api/filter/http_connection_manager.proto";
+import "api/filter/ratelimit.proto";
 
 message Filter {
   string name = 1;
   oneof config_type {
     filter.TcpProxy tcp_proxy = 2;
     filter.HttpConnectionManager http_connection_manager = 3;
+    filter.LocalRateLimit local_rate_limit = 4;
   }
 }
 

diff --git a/api/v2-c/listener/listener_components.pb-c.c b/api/v2-c/listener/listener_components.pb-c.c
@@ -142,7 +142,7 @@ void   listener__filter_chain__free_unpacked
   assert(message->base.descriptor == &listener__filter_chain__descriptor);
   protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
 }
-static const ProtobufCFieldDescriptor listener__filter__field_descriptors[3] =
+static const ProtobufCFieldDescriptor listener__filter__field_descriptors[4] =
 {
   {
     "name",
@@ -180,16 +180,29 @@ static const ProtobufCFieldDescriptor listener__filter__field_descriptors[3] =
     0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
     0,NULL,NULL    /* reserved1,reserved2, etc */
   },
+  {
+    "local_rate_limit",
+    4,
+    PROTOBUF_C_LABEL_NONE,
+    PROTOBUF_C_TYPE_MESSAGE,
+    offsetof(Listener__Filter, config_type_case),
+    offsetof(Listener__Filter, local_rate_limit),
+    &filter__local_rate_limit__descriptor,
+    NULL,
+    0 | PROTOBUF_C_FIELD_FLAG_ONEOF,             /* flags */
+    0,NULL,NULL    /* reserved1,reserved2, etc */
+  },
 };
 static const unsigned listener__filter__field_indices_by_name[] = {
   2,   /* field[2] = http_connection_manager */
+  3,   /* field[3] = local_rate_limit */
   0,   /* field[0] = name */
   1,   /* field[1] = tcp_proxy */
 };
 static const ProtobufCIntRange listener__filter__number_ranges[1 + 1] =
 {
   { 1, 0 },
-  { 0, 3 }
+  { 0, 4 }
 };
 const ProtobufCMessageDescriptor listener__filter__descriptor =
 {
@@ -199,7 +212,7 @@ const ProtobufCMessageDescriptor listener__filter__descriptor =
   "Listener__Filter",
   "listener",
   sizeof(Listener__Filter),
-  3,
+  4,
   listener__filter__field_descriptors,
   listener__filter__field_indices_by_name,
   1,  listener__filter__number_ranges,

diff --git a/api/v2-c/listener/listener_components.pb-c.h b/api/v2-c/listener/listener_components.pb-c.h
diff --git a/api/v2/listener/listener_components.pb.go b/api/v2/listener/listener_components.pb.go
diff --git a/bpf/kmesh/ads/include/filter.h b/bpf/kmesh/ads/include/filter.h
@@ -4,6 +4,7 @@
 #ifndef __KMESH_FILTER_H__
 #define __KMESH_FILTER_H__
 
+#include "local_ratelimit.h"
 #include "tcp_proxy.h"
 #include "tail_call.h"
 #include "bpf_log.h"
@@ -181,6 +182,10 @@ int filter_chain_manager(ctx_buff_t *ctx)
     if (filter_chain == NULL) {
         return KMESH_TAIL_CALL_RET(-1);
     }
+
+    /* ratelimit check */
+    Local_rate_limit__check_and_take(filter_chain, &addr, ctx);
+
     /* filter match */
     ret = filter_chain_filter_match(filter_chain, &addr, ctx, &filter, &filter_idx);
     if (ret != 0) {