[MEDIUM] session: add data in and out volume counters

The new "bytes_in_cnt" and "bytes_out_cnt" session counters have been
added. They're automatically updated when session counters are updated.
They can be matched with the "src_kbytes_in" and "src_kbytes_out" ACLs
which apply to the volume per source address. This can be used to deny
access to service abusers.

diff --git a/include/types/stick_table.h b/include/types/stick_table.h
index ca26f766fff324260571d825395e318b4bf9f572..fef759b7770ef610c47faaf6f5efc48439df911e 100644 (file)
--- a/include/types/stick_table.h
+++ b/include/types/stick_table.h
@@ -44,6 +44,8 @@ enum {
        STKTABLE_DT_SERVER_ID,    /* the server ID to use with this session if > 0 */
        STKTABLE_DT_CONN_CNT,     /* cumulated number of connections */
        STKTABLE_DT_CONN_CUR,     /* concurrent number of connections */
+       STKTABLE_DT_BYTES_IN_CNT, /* cumulated bytes count from client to servers */
+       STKTABLE_DT_BYTES_OUT_CNT,/* cumulated bytes count from servers to client */
        STKTABLE_DATA_TYPES       /* Number of data types, must always be last */
 };
 
@@ -52,6 +54,8 @@ union stktable_data {
        int server_id;
        unsigned int conn_cnt;
        unsigned int conn_cur;
+       unsigned long long bytes_in_cnt;
+       unsigned long long bytes_out_cnt;
 };
 
 /* known data types */

diff --git a/src/session.c b/src/session.c
index 6cb702dd1fa2fc70a768e0817e466cba56fc21e6..5fd0f994fbd973443eae8f793accc6d79e08dd20 100644 (file)
--- a/src/session.c
+++ b/src/session.c
@@ -403,6 +403,14 @@ void session_process_counters(struct session *s)
 
                        if (s->listener->counters)
                                s->listener->counters->bytes_in         += bytes;
+
+                       if (s->tracked_counters) {
+                               void *ptr = stktable_data_ptr(s->tracked_table,
+                                                             s->tracked_counters,
+                                                             STKTABLE_DT_BYTES_IN_CNT);
+                               if (ptr)
+                                       stktable_data_cast(ptr, bytes_in_cnt) += bytes;
+                       }
                }
        }
 
@@ -420,6 +428,14 @@ void session_process_counters(struct session *s)
 
                        if (s->listener->counters)
                                s->listener->counters->bytes_out        += bytes;
+
+                       if (s->tracked_counters) {
+                               void *ptr = stktable_data_ptr(s->tracked_table,
+                                                             s->tracked_counters,
+                                                             STKTABLE_DT_BYTES_OUT_CNT);
+                               if (ptr)
+                                       stktable_data_cast(ptr, bytes_out_cnt) += bytes;
+                       }
                }
        }
 }
@@ -2160,12 +2176,80 @@ acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir,
        return 1;
 }
 
+/* set test->i to the number of kbytes received from the session's source
+ * address in the table pointed to by expr.
+ */
+static int
+acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
+                       struct acl_expr *expr, struct acl_test *test)
+{
+       struct stksess *ts;
+       struct stktable_key *key;
+
+       key = tcpv4_src_to_stktable_key(l4);
+       if (!key)
+               return 0; /* only TCPv4 is supported right now */
+
+       if (expr->arg_len)
+               px = find_stktable(expr->arg.str);
+
+       if (!px)
+               return 0; /* table not found */
+
+       test->flags = ACL_TEST_F_VOL_TEST;
+       test->i = 0;
+
+       if ((ts = stktable_lookup_key(&px->table, key)) != NULL) {
+               void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_IN_CNT);
+               if (!ptr)
+                       return 0; /* parameter not stored */
+               test->i = stktable_data_cast(ptr, bytes_in_cnt) >> 10;
+       }
+
+       return 1;
+}
+
+/* set test->i to the number of kbytes sent to the session's source address in
+ * the table pointed to by expr.
+ */
+static int
+acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir,
+                        struct acl_expr *expr, struct acl_test *test)
+{
+       struct stksess *ts;
+       struct stktable_key *key;
+
+       key = tcpv4_src_to_stktable_key(l4);
+       if (!key)
+               return 0; /* only TCPv4 is supported right now */
+
+       if (expr->arg_len)
+               px = find_stktable(expr->arg.str);
+
+       if (!px)
+               return 0; /* table not found */
+
+       test->flags = ACL_TEST_F_VOL_TEST;
+       test->i = 0;
+
+       if ((ts = stktable_lookup_key(&px->table, key)) != NULL) {
+               void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_OUT_CNT);
+               if (!ptr)
+                       return 0; /* parameter not stored */
+               test->i = stktable_data_cast(ptr, bytes_out_cnt) >> 10;
+       }
+
+       return 1;
+}
+
 
 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
        { "src_conn_cnt",       acl_parse_int,   acl_fetch_src_conn_cnt,      acl_match_int, ACL_USE_TCP4_VOLATILE },
        { "src_updt_conn_cnt",  acl_parse_int,   acl_fetch_src_updt_conn_cnt, acl_match_int, ACL_USE_TCP4_VOLATILE },
        { "src_conn_cur",       acl_parse_int,   acl_fetch_src_conn_cur,      acl_match_int, ACL_USE_TCP4_VOLATILE },
+       { "src_kbytes_in",      acl_parse_int,   acl_fetch_src_kbytes_in,     acl_match_int, ACL_USE_TCP4_VOLATILE },
+       { "src_kbytes_out",     acl_parse_int,   acl_fetch_src_kbytes_out,    acl_match_int, ACL_USE_TCP4_VOLATILE },
        { NULL, NULL, NULL, NULL },
 }};
 

diff --git a/src/stick_table.c b/src/stick_table.c
index 4335b3639c516ad27c2978fdbb5208c498dc53cf..d701d09e809675e185de729d2c9a4d1338fc819c 100644 (file)
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -528,6 +528,8 @@ struct stktable_data_type stktable_data_types[STKTABLE_DATA_TYPES] = {
        [STKTABLE_DT_SERVER_ID] = { .name = "server_id", .data_length = stktable_data_size(server_id) },
        [STKTABLE_DT_CONN_CNT]  = { .name = "conn_cnt",  .data_length = stktable_data_size(conn_cnt)  },
        [STKTABLE_DT_CONN_CUR]  = { .name = "conn_cur",  .data_length = stktable_data_size(conn_cur)  },
+       [STKTABLE_DT_BYTES_IN_CNT]  = { .name = "bytes_in_cnt",  .data_length = stktable_data_size(bytes_in_cnt)  },
+       [STKTABLE_DT_BYTES_OUT_CNT] = { .name = "bytes_out_cnt", .data_length = stktable_data_size(bytes_out_cnt) },
 };
 
 /*