Module shadow 

Shadow Mirroring Module

Provides zero-latency traffic mirroring for suspicious actors to honeypot endpoints.

Architecture

Request → Detection → Risk Score → Decision Point
                         │
                         ├── risk < min: Pass through (no mirror)
                         ├── min ≤ risk < max: SHADOW MIRROR + Pass
                         └── risk ≥ max: Block (no mirror needed)
                                 │
                                 ▼
                         tokio::spawn() ──► Async HTTP POST to Honeypot
                         (fire & forget)

Key Features

• Zero production latency: Fire-and-forget async mirroring
• Per-IP rate limiting: Prevents honeypot flooding
• Configurable thresholds: Risk score window for mirroring
• HMAC signing: Optional payload authentication
• Sampling: Configurable percentage of eligible traffic

Structs

MirrorPayload

JSON payload sent to honeypot endpoints.

RateLimiter

Per-IP rate limiter using sliding window algorithm.

RateLimiterStats

Statistics from the rate limiter.

ShadowClientStats

Shadow mirror client statistics.

ShadowMirrorClient

Async HTTP client for delivering shadow mirror payloads to honeypots.

ShadowMirrorConfig

Configuration for shadow mirroring suspicious traffic to honeypots.

ShadowMirrorManager

Manager for shadow mirroring operations.

ShadowMirrorStats

Statistics about shadow mirroring operations.

Enums

ShadowConfigError

Errors from shadow mirror configuration validation.

ShadowMirrorError

Errors that can occur during shadow mirror operations.

Functions

is_sensitive_header

Checks if a header name is considered sensitive.