synapse-waf 0.9.1

High-performance WAF and reverse proxy with embedded intelligence — built on Cloudflare Pingora
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

use std::sync::Arc;
use std::time::Duration;
use tokio::sync::Semaphore;
use tokio::time::timeout;
use tracing::{debug, info, warn};

use crate::horizon::{SignalSink, ThreatSignal};
use crate::intelligence::{SignalCategory, SignalManager};
use crate::metrics::MetricsRegistry;

/// SignalDispatcher - coordinates signal dispatch between sinks and local SignalManager.
pub struct SignalDispatcher {
    sinks: Vec<Arc<dyn SignalSink>>,
    signal_manager: Option<Arc<SignalManager>>,
    metrics: Arc<MetricsRegistry>,
    dispatch_semaphore: Arc<Semaphore>,
}

impl SignalDispatcher {
    pub fn new(
        sinks: Vec<Arc<dyn SignalSink>>,
        signal_manager: Option<Arc<SignalManager>>,
        metrics: Arc<MetricsRegistry>,
    ) -> Self {
        Self {
            sinks,
            signal_manager,
            metrics,
            dispatch_semaphore: Arc::new(Semaphore::new(100)), // Limit to 100 concurrent dispatches
        }
    }

    /// Dispatch a signal to all sinks and local SignalManager in parallel.
    pub async fn dispatch(
        &self,
        signal: ThreatSignal,
        category: SignalCategory,
        sensor_id: &str,
        description: Option<String>,
        metadata: serde_json::Value,
    ) -> Result<(), String> {
        // Acquire permit to limit concurrency
        let _permit = self
            .dispatch_semaphore
            .acquire()
            .await
            .map_err(|e| format!("Dispatcher semaphore closed: {}", e))?;

        self.metrics.signal_dispatch_metrics().record_attempt();
        let start = std::time::Instant::now();

        // Prepare sink dispatch tasks
        let mut sink_tasks = Vec::new();
        for sink in &self.sinks {
            let sink_clone = Arc::clone(sink);
            let signal_clone = signal.clone();
            sink_tasks.push(async move { sink_clone.report_signal(signal_clone).await });
        }

        // Combine sink dispatches into a single future
        let sinks_dispatch = async move {
            let mut all_success = true;
            for task in sink_tasks {
                match timeout(Duration::from_millis(500), task).await {
                    Ok(Ok(())) => debug!("Signal dispatched to sink"),
                    Ok(Err(err)) => {
                        warn!("Sink dispatch failed: {}", err);
                        all_success = false;
                    }
                    Err(_) => {
                        warn!("Sink dispatch timed out");
                        all_success = false;
                    }
                }
            }
            all_success
        };

        // Prepare local dispatch task
        let signal_manager = self.signal_manager.clone();
        let signal_type = format!("{:?}", signal.signal_type);
        let entity_id = signal.source_ip.clone();
        let local_metadata = metadata.clone();
        let local_dispatch = async move {
            if let Some(manager) = signal_manager {
                manager.record_event(
                    category,
                    signal_type,
                    entity_id,
                    description,
                    local_metadata,
                );
                true
            } else {
                false
            }
        };

        // Execute in parallel
        let (sinks_success, local_res) = tokio::join!(
            sinks_dispatch,
            timeout(Duration::from_millis(100), local_dispatch)
        );

        let local_success = match local_res {
            Ok(success) => success,
            Err(_) => {
                warn!("Local signal manager dispatch timed out");
                false
            }
        };

        if local_success {
            self.metrics
                .signal_dispatch_metrics()
                .record_success(start.elapsed().as_micros() as u64);

            if sinks_success {
                info!(
                    sensor_id = %sensor_id,
                    signal_type = %format!("{:?}", signal.signal_type),
                    "Signal successfully dispatched to all sinks and Local Manager"
                );
            } else {
                info!(
                    sensor_id = %sensor_id,
                    signal_type = %format!("{:?}", signal.signal_type),
                    "Signal dispatched to Local Manager (partial or complete sink failure)"
                );
            }
            Ok(())
        } else {
            self.metrics.signal_dispatch_metrics().record_failure();
            Err("Local dispatch failure (SignalManager unavailable)".to_string())
        }
    }
}