Expand description
Ring buffer for bounded forensic logging with DoS protection.
Prevents memory exhaustion attacks by maintaining a fixed-size buffer with FIFO eviction. Ideal for high-volume honeypot deployments where attackers might trigger thousands of errors per second.
§Design Principles
- Bounded memory: Fixed maximum size regardless of attack volume
- FIFO eviction: Oldest entries dropped first, keeps recent attacks
- Per-entry size caps: No single error can dominate the buffer
- RwLock-based: Concurrent readers, exclusive writers
§Performance Characteristics
- Zero allocations for reads (uses Arc
for cheap cloning) - O(1) insertion and eviction
- Concurrent read scalability (N readers simultaneously)
- Fixed memory footprint (no growth/reallocation)
§Example
use palisade_errors::ring_buffer::RingBufferLogger;
use palisade_errors::{AgentError, definitions};
// Max 1000 entries, 2KB per entry = 2MB total
let logger = RingBufferLogger::new(1000, 2048);
// Log errors - oldest automatically evicted
let err = AgentError::config(definitions::CFG_PARSE_FAILED, "op", "details");
logger.log(&err, "192.168.1.100");
// Retrieve recent entries for analysis
let recent = logger.get_recent(10);
for entry in recent {
println!("{:?}", entry);
}Structs§
- Forensic
Entry - A single forensic log entry with bounded size.
- Ring
Buffer Logger - Ring buffer logger with bounded memory usage.