synapse_pingora/actor/mod.rs
1//! Actor State Management Module
2//!
3//! Provides per-actor state tracking with 100K LRU capacity for the synapse-pingora WAF proxy.
4//! Actors represent persistent threat identities that may span multiple IP addresses and sessions.
5//!
6//! # Architecture
7//!
8//! The `ActorManager` coordinates three main data structures:
9//! - **actors**: Primary DashMap storing ActorState by actor_id
10//! - **ip_to_actor**: O(1) lookup from IP address to actor_id
11//! - **fingerprint_to_actor**: O(1) lookup from fingerprint to actor_id
12//!
13//! # Correlation Strategy
14//!
15//! When processing a request, the manager attempts to correlate the request to an existing actor:
16//! 1. Check if the IP is already mapped to an actor
17//! 2. Check if the fingerprint is already mapped to an actor
18//! 3. If both match different actors, prefer fingerprint (more stable identifier)
19//! 4. If no match, create a new actor
20//!
21//! # Usage
22//!
23//! ```rust,ignore
24//! use synapse_pingora::actor::{ActorManager, ActorConfig};
25//! use std::sync::Arc;
26//!
27//! // Create manager with custom configuration
28//! let config = ActorConfig {
29//! max_actors: 100_000,
30//! decay_interval_secs: 900,
31//! ..Default::default()
32//! };
33//! let manager = Arc::new(ActorManager::new(config));
34//!
35//! // Get or create actor for request
36//! let ip = "192.168.1.100".parse().unwrap();
37//! let actor_id = manager.get_or_create_actor(ip, Some("t13d1516h2_abc123"));
38//!
39//! // Record rule match
40//! manager.record_rule_match(&actor_id, "sqli-001", 25.0, "sqli");
41//!
42//! // Start background tasks
43//! Arc::clone(&manager).start_background_tasks();
44//! ```
45
46mod manager;
47
48pub use manager::{
49 ActorConfig, ActorManager, ActorState, ActorStats, ActorStatsSnapshot, RuleMatch,
50};