counters, measured in amount of bytes over the period configured in the
table. See also src_bytes_out_rate.
+sc1_clr_gpc0
+sc2_clr_gpc0
+ Clears the first General Purpose Counter associated to the currently tracked
+ counters, and returns its previous value. Before the first invocation, the
+ stored value is zero, so first invocation will always return zero. The test
+ can also be used alone and always returns true. This is typically used as a
+ second ACL in an expression in order to mark a connection when a first ACL
+ was verified :
+
+ # block if 5 consecutive requests continue to come faster than 10 sess
+ # per second, and reset the counter as soon as the traffic slows down.
+ acl abuse sc1_http_req_rate gt 10
+ acl kill sc1_inc_gpc0 gt 5
+ acl save sc1_clr_gpc0
+ tcp-request connection accept if !abuse save
+ tcp-request connection reject if abuse kill
+
sc1_conn_cnt
sc2_conn_cnt
Returns the cumulated number of incoming connections from currently tracked
amount of bytes over the period configured in the table. If the address is
not found, zero is returned. See also sc1/sc2_bytes_out_rate.
+src_clr_gpc0 <integer>
+src_clr_gpc0(<table>) <integer>
+ Clears the first General Purpose Counter associated to the connection's
+ source IPv4 address in the current proxy's stick-table or in the designated
+ stick-table, and returns its previous value. If the address is not found, an
+ entry is created and 0 is returned. The test can also be used alone and
+ always returns true. This is typically used as a second ACL in an expression
+ in order to mark a connection when a first ACL was verified :
+
+ # block if 5 consecutive requests continue to come faster than 10 sess
+ # per second, and reset the counter as soon as the traffic slows down.
+ acl abuse src_http_req_rate gt 10
+ acl kill src_inc_gpc0 gt 5
+ acl save src_clr_gpc0
+ tcp-request connection accept if !abuse save
+ tcp-request connection reject if abuse kill
+
src_conn_cnt <integer>
src_conn_cnt(<table>) <integer>
Returns the cumulated number of connections initiated from the current
return acl_fetch_inc_gpc0(&px->table, test, stktable_update_key(&px->table, key));
}
+/* Clear the General Purpose Counter 0 value in the stksess entry <ts> and
+ * return its previous value into test->i.
+ */
+static int
+acl_fetch_clr_gpc0(struct stktable *table, struct acl_test *test, struct stksess *ts)
+{
+ test->flags = ACL_TEST_F_VOL_TEST;
+ test->i = 0;
+ if (ts != NULL) {
+ void *ptr = stktable_data_ptr(table, ts, STKTABLE_DT_GPC0);
+ if (!ptr)
+ return 0; /* parameter not stored */
+ test->i = stktable_data_cast(ptr, gpc0);
+ stktable_data_cast(ptr, gpc0) = 0;
+ }
+ return 1;
+}
+
+/* Clear the General Purpose Counter 0 value from the session's tracked
+ * frontend counters and return its previous value into test->i.
+ */
+static int
+acl_fetch_sc1_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
+ struct acl_expr *expr, struct acl_test *test)
+{
+ if (!l4->stkctr1_entry)
+ return 0;
+ return acl_fetch_clr_gpc0(l4->stkctr1_table, test, l4->stkctr1_entry);
+}
+
+/* Clear the General Purpose Counter 0 value from the session's tracked
+ * backend counters and return its previous value into test->i.
+ */
+static int
+acl_fetch_sc2_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
+ struct acl_expr *expr, struct acl_test *test)
+{
+ if (!l4->stkctr2_entry)
+ return 0;
+ return acl_fetch_clr_gpc0(l4->stkctr2_table, test, l4->stkctr2_entry);
+}
+
+/* Clear the General Purpose Counter 0 value from the session's source address
+ * in the table pointed to by expr, and return its previous value into test->i.
+ */
+static int
+acl_fetch_src_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
+ struct acl_expr *expr, struct acl_test *test)
+{
+ struct stktable_key *key;
+
+ key = tcp_src_to_stktable_key(l4);
+ if (!key)
+ return 0;
+
+ if (expr->arg_len)
+ px = find_stktable(expr->arg.str);
+
+ if (!px)
+ return 0; /* table not found */
+
+ return acl_fetch_clr_gpc0(&px->table, test, stktable_update_key(&px->table, key));
+}
+
/* set test->i to the cumulated number of connections in the stksess entry <ts> */
static int
acl_fetch_conn_cnt(struct stktable *table, struct acl_test *test, struct stksess *ts)
{ "sc1_inc_gpc0", acl_parse_int, acl_fetch_sc1_inc_gpc0, acl_match_int, ACL_USE_NOTHING },
{ "sc2_inc_gpc0", acl_parse_int, acl_fetch_sc2_inc_gpc0, acl_match_int, ACL_USE_NOTHING },
{ "src_inc_gpc0", acl_parse_int, acl_fetch_src_inc_gpc0, acl_match_int, ACL_USE_TCP4_VOLATILE },
+ { "sc1_clr_gpc0", acl_parse_int, acl_fetch_sc1_clr_gpc0, acl_match_int, ACL_USE_NOTHING },
+ { "sc2_clr_gpc0", acl_parse_int, acl_fetch_sc2_clr_gpc0, acl_match_int, ACL_USE_NOTHING },
+ { "src_clr_gpc0", acl_parse_int, acl_fetch_src_clr_gpc0, acl_match_int, ACL_USE_TCP4_VOLATILE },
{ "sc1_conn_cnt", acl_parse_int, acl_fetch_sc1_conn_cnt, acl_match_int, ACL_USE_NOTHING },
{ "sc2_conn_cnt", acl_parse_int, acl_fetch_sc2_conn_cnt, acl_match_int, ACL_USE_NOTHING },
{ "src_conn_cnt", acl_parse_int, acl_fetch_src_conn_cnt, acl_match_int, ACL_USE_TCP4_VOLATILE },
projects / thirdparty / haproxy.git / commitdiff
