diff options
author | Magnus Ahltorp <map@kth.se> | 2015-06-11 16:38:30 +0200 |
---|---|---|
committer | Magnus Ahltorp <map@kth.se> | 2015-06-11 16:38:30 +0200 |
commit | e109e12abb56414cbf64aad7a7e38c19062cdbb9 (patch) | |
tree | b3c59a3f363f4be1ed0224751c4f8dee3850614e /tools | |
parent | 1d4ee3918c353649f2a166f0bdd6a1846caccfee (diff) |
Implement rate limiting of add_chainratelimit
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/compileconfig.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/tools/compileconfig.py b/tools/compileconfig.py index d90d96d..c48ba66 100755 --- a/tools/compileconfig.py +++ b/tools/compileconfig.py @@ -150,6 +150,21 @@ def allowed_servers_frontend(signingnodenames, storagenodenames): ("/ct/signing/sct", signingnodenames), ] +def parse_ratelimit_expression(expression): + if expression == "none": + return Symbol("none") + parts = expression.split(" ") + if not (len(parts) == 3 and parts[1] == 'per' and parts[2] in ["second", "minute", "hour"]): + print >>sys.stderr, "Ratelimit expressions must have the format \"<frequency> per second|minute|hour\" or \"none\"" + sys.exit(1) + return (int(parts[0]), Symbol(parts[2])) + +def parse_ratelimit((type, description)): + descriptions = [parse_ratelimit_expression(s.strip()) for s in description.split(",")] + if len(descriptions) != 1: + print >>sys.stderr, "%s: Only one ratelimit expression supported right now" % (type,) + return (Symbol(type), descriptions) + def gen_config(nodename, config, localconfig): print "generating config for", nodename paths = localconfig["paths"] @@ -171,6 +186,9 @@ def gen_config(nodename, config, localconfig): catlfishconfig.append((Symbol("known_roots_path"), localconfig["paths"]["knownroots"])) if "sctcaching" in options: catlfishconfig.append((Symbol("sctcache_root_path"), paths["db"] + "sctcache/")) + if localconfig["ratelimits"]: + ratelimits = map(parse_ratelimit, localconfig["ratelimits"].items()) + catlfishconfig.append((Symbol("ratelimits"), ratelimits)) catlfishconfig += [ (Symbol("https_servers"), https_servers), |