Expand description
Actor State Management Module
Provides per-actor state tracking with 100K LRU capacity for the synapse-pingora WAF proxy. Actors represent persistent threat identities that may span multiple IP addresses and sessions.
§Architecture
The ActorManager coordinates three main data structures:
- actors: Primary DashMap storing ActorState by actor_id
- ip_to_actor: O(1) lookup from IP address to actor_id
- fingerprint_to_actor: O(1) lookup from fingerprint to actor_id
§Correlation Strategy
When processing a request, the manager attempts to correlate the request to an existing actor:
- Check if the IP is already mapped to an actor
- Check if the fingerprint is already mapped to an actor
- If both match different actors, prefer fingerprint (more stable identifier)
- If no match, create a new actor
§Usage
ⓘ
use synapse_pingora::actor::{ActorManager, ActorConfig};
use std::sync::Arc;
// Create manager with custom configuration
let config = ActorConfig {
max_actors: 100_000,
decay_interval_secs: 900,
..Default::default()
};
let manager = Arc::new(ActorManager::new(config));
// Get or create actor for request
let ip = "192.168.1.100".parse().unwrap();
let actor_id = manager.get_or_create_actor(ip, Some("t13d1516h2_abc123"));
// Record rule match
manager.record_rule_match(&actor_id, "sqli-001", 25.0, "sqli");
// Start background tasks
Arc::clone(&manager).start_background_tasks();Structs§
- Actor
Config - Configuration for ActorManager.
- Actor
Manager - Thread-safe implementation using DashMap for lock-free concurrent access.
- Actor
State - Per-actor state tracking.
- Actor
Stats - Statistics for monitoring the actor manager.
- Actor
Stats Snapshot - Snapshot of actor statistics (for serialization).
- Rule
Match - Rule match record for actor history.