From: Willy Tarreau Date: Fri, 18 Jun 2010 16:33:32 +0000 (+0200) Subject: [MEDIUM] session: add data in and out volume counters X-Git-Tag: v1.5-dev8~523 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=855e4bbcc7783ec6e98076646add557fe4f3bef3;p=thirdparty%2Fhaproxy.git [MEDIUM] session: add data in and out volume counters The new "bytes_in_cnt" and "bytes_out_cnt" session counters have been added. They're automatically updated when session counters are updated. They can be matched with the "src_kbytes_in" and "src_kbytes_out" ACLs which apply to the volume per source address. This can be used to deny access to service abusers. --- diff --git a/include/types/stick_table.h b/include/types/stick_table.h index ca26f766ff..fef759b777 100644 --- a/include/types/stick_table.h +++ b/include/types/stick_table.h @@ -44,6 +44,8 @@ enum { STKTABLE_DT_SERVER_ID, /* the server ID to use with this session if > 0 */ STKTABLE_DT_CONN_CNT, /* cumulated number of connections */ STKTABLE_DT_CONN_CUR, /* concurrent number of connections */ + STKTABLE_DT_BYTES_IN_CNT, /* cumulated bytes count from client to servers */ + STKTABLE_DT_BYTES_OUT_CNT,/* cumulated bytes count from servers to client */ STKTABLE_DATA_TYPES /* Number of data types, must always be last */ }; @@ -52,6 +54,8 @@ union stktable_data { int server_id; unsigned int conn_cnt; unsigned int conn_cur; + unsigned long long bytes_in_cnt; + unsigned long long bytes_out_cnt; }; /* known data types */ diff --git a/src/session.c b/src/session.c index 6cb702dd1f..5fd0f994fb 100644 --- a/src/session.c +++ b/src/session.c @@ -403,6 +403,14 @@ void session_process_counters(struct session *s) if (s->listener->counters) s->listener->counters->bytes_in += bytes; + + if (s->tracked_counters) { + void *ptr = stktable_data_ptr(s->tracked_table, + s->tracked_counters, + STKTABLE_DT_BYTES_IN_CNT); + if (ptr) + stktable_data_cast(ptr, bytes_in_cnt) += bytes; + } } } @@ -420,6 +428,14 @@ void session_process_counters(struct session *s) if (s->listener->counters) s->listener->counters->bytes_out += bytes; + + if (s->tracked_counters) { + void *ptr = stktable_data_ptr(s->tracked_table, + s->tracked_counters, + STKTABLE_DT_BYTES_OUT_CNT); + if (ptr) + stktable_data_cast(ptr, bytes_out_cnt) += bytes; + } } } } @@ -2160,12 +2176,80 @@ acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir, return 1; } +/* set test->i to the number of kbytes received from the session's source + * address in the table pointed to by expr. + */ +static int +acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir, + struct acl_expr *expr, struct acl_test *test) +{ + struct stksess *ts; + struct stktable_key *key; + + key = tcpv4_src_to_stktable_key(l4); + if (!key) + return 0; /* only TCPv4 is supported right now */ + + if (expr->arg_len) + px = find_stktable(expr->arg.str); + + if (!px) + return 0; /* table not found */ + + test->flags = ACL_TEST_F_VOL_TEST; + test->i = 0; + + if ((ts = stktable_lookup_key(&px->table, key)) != NULL) { + void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_IN_CNT); + if (!ptr) + return 0; /* parameter not stored */ + test->i = stktable_data_cast(ptr, bytes_in_cnt) >> 10; + } + + return 1; +} + +/* set test->i to the number of kbytes sent to the session's source address in + * the table pointed to by expr. + */ +static int +acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir, + struct acl_expr *expr, struct acl_test *test) +{ + struct stksess *ts; + struct stktable_key *key; + + key = tcpv4_src_to_stktable_key(l4); + if (!key) + return 0; /* only TCPv4 is supported right now */ + + if (expr->arg_len) + px = find_stktable(expr->arg.str); + + if (!px) + return 0; /* table not found */ + + test->flags = ACL_TEST_F_VOL_TEST; + test->i = 0; + + if ((ts = stktable_lookup_key(&px->table, key)) != NULL) { + void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_OUT_CNT); + if (!ptr) + return 0; /* parameter not stored */ + test->i = stktable_data_cast(ptr, bytes_out_cnt) >> 10; + } + + return 1; +} + /* Note: must not be declared as its list will be overwritten */ static struct acl_kw_list acl_kws = {{ },{ { "src_conn_cnt", acl_parse_int, acl_fetch_src_conn_cnt, acl_match_int, ACL_USE_TCP4_VOLATILE }, { "src_updt_conn_cnt", acl_parse_int, acl_fetch_src_updt_conn_cnt, acl_match_int, ACL_USE_TCP4_VOLATILE }, { "src_conn_cur", acl_parse_int, acl_fetch_src_conn_cur, acl_match_int, ACL_USE_TCP4_VOLATILE }, + { "src_kbytes_in", acl_parse_int, acl_fetch_src_kbytes_in, acl_match_int, ACL_USE_TCP4_VOLATILE }, + { "src_kbytes_out", acl_parse_int, acl_fetch_src_kbytes_out, acl_match_int, ACL_USE_TCP4_VOLATILE }, { NULL, NULL, NULL, NULL }, }}; diff --git a/src/stick_table.c b/src/stick_table.c index 4335b3639c..d701d09e80 100644 --- a/src/stick_table.c +++ b/src/stick_table.c @@ -528,6 +528,8 @@ struct stktable_data_type stktable_data_types[STKTABLE_DATA_TYPES] = { [STKTABLE_DT_SERVER_ID] = { .name = "server_id", .data_length = stktable_data_size(server_id) }, [STKTABLE_DT_CONN_CNT] = { .name = "conn_cnt", .data_length = stktable_data_size(conn_cnt) }, [STKTABLE_DT_CONN_CUR] = { .name = "conn_cur", .data_length = stktable_data_size(conn_cur) }, + [STKTABLE_DT_BYTES_IN_CNT] = { .name = "bytes_in_cnt", .data_length = stktable_data_size(bytes_in_cnt) }, + [STKTABLE_DT_BYTES_OUT_CNT] = { .name = "bytes_out_cnt", .data_length = stktable_data_size(bytes_out_cnt) }, }; /*