Skip to content

OF-3171: Implement basic rate limiting for new connections (C2S and S2S)#3127

Open
guusdk wants to merge 2 commits intoigniterealtime:mainfrom
guusdk:OF-3170_Rate-Limit-New-Connections
Open

OF-3171: Implement basic rate limiting for new connections (C2S and S2S)#3127
guusdk wants to merge 2 commits intoigniterealtime:mainfrom
guusdk:OF-3170_Rate-Limit-New-Connections

Conversation

@guusdk
Copy link
Member

@guusdk guusdk commented Jan 22, 2026

  • Introduce NewConnectionLimiterRegistry to track new connections per type.
  • Add per-group rate limiting: client-to-server (C2S) and server-to-server (S2S).
  • By default, rate limiting is disabled for both C2S and S2S.
  • Support dynamic updates via system properties for permits per second, max burst, and enabled flag.
  • Add optional logging for rejected connections with configurable suppression interval.
  • Ensure unsupported connection types receive unlimited limiters while still collecting metrics.

This lays the foundation for controlling the rate of new connections, without yet exposing admin console configuration or statistics.

guusdk added 2 commits January 22, 2026 17:12
@guusdk
OF-3171: Implement basic rate limiting for new connections (C2S and S2S)
32351f8 
- Introduce NewConnectionLimiterRegistry to track new connections per type.
- Add per-group rate limiting: client-to-server (C2S) and server-to-server (S2S).
- By default, rate limiting is disabled for both C2S and S2S.
- Support dynamic updates via system properties for permits per second, max burst, and enabled flag.
- Add optional logging for rejected connections with configurable suppression interval.
- Ensure unsupported connection types receive unlimited limiters while still collecting metrics.

This lays the foundation for controlling the rate of new connections, without yet exposing admin console configuration or statistics.
@guusdk
OF-3173: Expose rate-limiting statistics via Statistics API
2bdc1f8 
Integrate rate-limiting counters into Openfire's Statistics API so they are automatically available via JMX and the Monitoring plugin.

This adds real-time, thread-safe statistics for rate limiters used for all connection types (eg: socket_c2s, socket_s2s), tracking accepted and rejected connection attempts. Metrics are incremented on every connection attempt, but reset after rate limit configuration changes.

Acceptance ratio is intentionally not exposed. Ratios would be derived from cumulative totals since the last rate-limiter reset, causing them to converge over time and potentially mislead users expecting a time-windowed value. Consumers can derive meaningful ratios themselves from the provided accepted and rejected counters.
@guusdk
Copy link
Member Author

guusdk commented Feb 12, 2026

I've now added exposure of rate-limiting statistics via Statistics API

Integrate rate-limiting counters into Openfire's Statistics API so they are automatically available via JMX and the Monitoring plugin.

This adds real-time, thread-safe statistics for rate limiters used for all connection types (eg: socket_c2s, socket_s2s), tracking accepted and rejected connection attempts. Metrics are incremented on every connection attempt, but reset after rate limit configuration changes.

Acceptance ratio is intentionally not exposed. Ratios would be derived from cumulative totals since the last rate-limiter reset, causing them to converge over time and potentially mislead users expecting a time-windowed value. Consumers can derive meaningful ratios themselves from the provided accepted and rejected counters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@guusdk