Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Gatelogic - Somewhat functional reactive framew...

majek04
November 27, 2017

Gatelogic - Somewhat functional reactive framework in Python

majek04

November 27, 2017
Tweet

More Decks by majek04

Other Decks in Programming

Transcript

  1. Reverse proxy 3 Eyeball Reverse proxy Origin server • Optimizations

    • Caching • DDoS protection • Security
  2. 7

  3. 16 --ip=1.2.3.4 example.com --except www,n1,ns2 --qps=500 Business logic example.com subdomains:

    (www, ns1, ns2) --ip=1.2.3.4 example.com example.com = FREE | PAID
  4. 18 Reactive rule def dns_mitigation(attack, plan, subdomains, toggles): domain =

    attack['domain'] if toggles['all_mitigations_disabled']: return qps = 100 if plan[domain] == 'business': qps = 500 mitigation = attack['description'] + \ ' --qps=%s' % qps + \ ' --except=%s'.join(subdomains[domain]) return mitigation
  5. Subscriptions 19 def dns_mitigation(attack, plan, subdomains, toggles): domain = attack['domain']

    if toggles['all_mitigations_disabled']: return qps = 100 if plan[domain] == 'business': qps = 500 mitigation = attack['description'] + \ ' --qps=%s' % qps + \ ' --except=%s'.join(subdomains[domain]) return mitigation
  6. Business logic • Hard problem! • Multiple DB lookups •

    Wait for operator confirmation • Critical path 20
  7. 22

  8. Pure FRP is useless • Weird language - (ELM anyone?)

    • Fixed signal flow • Strictly no side-effects 26
  9. Dirty FRP is awesome 27 • Weird language • Python

    • Fixed signal flow • Attacks come and go, but patterns fixed • Strictly no side-effects • Dynamic "subscriptions", but idempotent
  10. 29

  11. Gatelogic • Input - ReadableHub • update(full_data) • Processing -

    ComputableHub • maintain(key, function) • unmaintain • Subscriptions - QueryHub • update(full_data) 31
  12. 32 { '00001': {ip:'1.2.3.4', port: 80, domain: 'bar.com', '00002': {ip:'1.2.3.5',

    port: 80, domain: 'foo.com', ... } Input data - a dict
  13. 34 ComputableHub def on_hook(_, kind, k, row): if kind ==

    'add': mitigations.maintain(k, action, row) if kind == 'delete': mitigations.unmaintain(k) subscribe(readable, on_hook) def action(row): return None 34 ReadableHub
  14. 38 def action(row, plan_hub, subdomain_hub, toggle_hub): domain = row.value if

    not domain: return None if toggle_hub.get('all_mitigations_disabled').value != 'True': return None qps = 100 if plan_hub.get(domain).value in ('business', 'b'): qps = 500 sd = (subdomain_hub.get(domain).value or '').split(' ') mitigation = \ domain + \ ' --qps=%s ' % qps + \ ' '.join('--except=%s' % s for s in sd) return mitigation
  15. It works! • Solid foundation! • Composable! • Scalable •

    Maintainable • But: • no event loop • lacks higher-order abstractions 39
  16. 40

  17. 204 loc 41 marek@ubuntu-saucy:~/cloudflare/gatelogic/gatelogic$ cloc *py 3 text files. 3

    unique files. 0 files ignored. http://cloc.sourceforge.net v 1.60 T=0.01 s (240.8 files/s, 23197.8 lines/s) ------------------------------------------------------------------------------- Language files blank comment code ------------------------------------------------------------------------------- Python 3 61 24 204 ------------------------------------------------------------------------------- SUM: 3 61 24 204 -------------------------------------------------------------------------------
  18. Thanks! • FRP is grea • http://www.flapjax-lang.org/ • https://www.youtube.com/watch?v=mEvo6TVAf64 •

    https://www.youtube.com/watch?v=Agu6jipKfYw 42 https://github.com/cloudflare/gatelogic marek@cloudflare.com @majek04