commit 855e4bbcc7783ec6e98076646add557fe4f3bef3
author Willy Tarreau <w@1wt.eu> Fri Jun 18 18:33:32 2010 +0200
committer Willy Tarreau <w@1wt.eu> Tue Aug 10 18:04:12 2010 +0200
tree 486161e6e4c8887281b30e069e2fa591867d0c99
parent 38285c18f44c44b235d450fdbc6fa5c89b71fa0c

[MEDIUM] session: add data in and out volume counters

The new "bytes_in_cnt" and "bytes_out_cnt" session counters have been
added. They're automatically updated when session counters are updated.
They can be matched with the "src_kbytes_in" and "src_kbytes_out" ACLs
which apply to the volume per source address. This can be used to deny
access to service abusers.

include/types/stick_table.h

diff --git a/include/types/stick_table.h b/include/types/stick_table.h
index ca26f76..fef759b 100644
--- a/include/types/stick_table.h
+++ b/include/types/stick_table.h
@@ -44,6 +44,8 @@
 	STKTABLE_DT_SERVER_ID,    /* the server ID to use with this session if > 0 */
 	STKTABLE_DT_CONN_CNT,     /* cumulated number of connections */
 	STKTABLE_DT_CONN_CUR,     /* concurrent number of connections */
+	STKTABLE_DT_BYTES_IN_CNT, /* cumulated bytes count from client to servers */
+	STKTABLE_DT_BYTES_OUT_CNT,/* cumulated bytes count from servers to client */
 	STKTABLE_DATA_TYPES       /* Number of data types, must always be last */
 };
 
@@ -52,6 +54,8 @@
 	int server_id;
 	unsigned int conn_cnt;
 	unsigned int conn_cur;
+	unsigned long long bytes_in_cnt;
+	unsigned long long bytes_out_cnt;
 };
 
 /* known data types */

src/session.c

diff --git a/src/session.c b/src/session.c
index 6cb702d..5fd0f99 100644
--- a/src/session.c
+++ b/src/session.c
@@ -403,6 +403,14 @@
 
 			if (s->listener->counters)
 				s->listener->counters->bytes_in		+= bytes;
+
+			if (s->tracked_counters) {
+				void *ptr = stktable_data_ptr(s->tracked_table,
+							      s->tracked_counters,
+							      STKTABLE_DT_BYTES_IN_CNT);
+				if (ptr)
+					stktable_data_cast(ptr, bytes_in_cnt) += bytes;
+			}
 		}
 	}
 
@@ -420,6 +428,14 @@
 
 			if (s->listener->counters)
 				s->listener->counters->bytes_out	+= bytes;
+
+			if (s->tracked_counters) {
+				void *ptr = stktable_data_ptr(s->tracked_table,
+							      s->tracked_counters,
+							      STKTABLE_DT_BYTES_OUT_CNT);
+				if (ptr)
+					stktable_data_cast(ptr, bytes_out_cnt) += bytes;
+			}
 		}
 	}
 }
@@ -2160,12 +2176,80 @@
 	return 1;
 }
 
+/* set test->i to the number of kbytes received from the session's source
+ * address in the table pointed to by expr.
+ */
+static int
+acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
+			struct acl_expr *expr, struct acl_test *test)
+{
+	struct stksess *ts;
+	struct stktable_key *key;
+
+	key = tcpv4_src_to_stktable_key(l4);
+	if (!key)
+		return 0; /* only TCPv4 is supported right now */
+
+	if (expr->arg_len)
+		px = find_stktable(expr->arg.str);
+
+	if (!px)
+		return 0; /* table not found */
+
+	test->flags = ACL_TEST_F_VOL_TEST;
+	test->i = 0;
+
+	if ((ts = stktable_lookup_key(&px->table, key)) != NULL) {
+		void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_IN_CNT);
+		if (!ptr)
+			return 0; /* parameter not stored */
+		test->i = stktable_data_cast(ptr, bytes_in_cnt) >> 10;
+	}
+
+	return 1;
+}
+
+/* set test->i to the number of kbytes sent to the session's source address in
+ * the table pointed to by expr.
+ */
+static int
+acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir,
+			 struct acl_expr *expr, struct acl_test *test)
+{
+	struct stksess *ts;
+	struct stktable_key *key;
+
+	key = tcpv4_src_to_stktable_key(l4);
+	if (!key)
+		return 0; /* only TCPv4 is supported right now */
+
+	if (expr->arg_len)
+		px = find_stktable(expr->arg.str);
+
+	if (!px)
+		return 0; /* table not found */
+
+	test->flags = ACL_TEST_F_VOL_TEST;
+	test->i = 0;
+
+	if ((ts = stktable_lookup_key(&px->table, key)) != NULL) {
+		void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_OUT_CNT);
+		if (!ptr)
+			return 0; /* parameter not stored */
+		test->i = stktable_data_cast(ptr, bytes_out_cnt) >> 10;
+	}
+
+	return 1;
+}
+
 
 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
 	{ "src_conn_cnt",       acl_parse_int,   acl_fetch_src_conn_cnt,      acl_match_int, ACL_USE_TCP4_VOLATILE },
 	{ "src_updt_conn_cnt",  acl_parse_int,   acl_fetch_src_updt_conn_cnt, acl_match_int, ACL_USE_TCP4_VOLATILE },
 	{ "src_conn_cur",       acl_parse_int,   acl_fetch_src_conn_cur,      acl_match_int, ACL_USE_TCP4_VOLATILE },
+	{ "src_kbytes_in",      acl_parse_int,   acl_fetch_src_kbytes_in,     acl_match_int, ACL_USE_TCP4_VOLATILE },
+	{ "src_kbytes_out",     acl_parse_int,   acl_fetch_src_kbytes_out,    acl_match_int, ACL_USE_TCP4_VOLATILE },
 	{ NULL, NULL, NULL, NULL },
 }};
 

src/stick_table.c

diff --git a/src/stick_table.c b/src/stick_table.c
index 4335b36..d701d09 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -528,6 +528,8 @@
 	[STKTABLE_DT_SERVER_ID] = { .name = "server_id", .data_length = stktable_data_size(server_id) },
 	[STKTABLE_DT_CONN_CNT]  = { .name = "conn_cnt",  .data_length = stktable_data_size(conn_cnt)  },
 	[STKTABLE_DT_CONN_CUR]  = { .name = "conn_cur",  .data_length = stktable_data_size(conn_cur)  },
+	[STKTABLE_DT_BYTES_IN_CNT]  = { .name = "bytes_in_cnt",  .data_length = stktable_data_size(bytes_in_cnt)  },
+	[STKTABLE_DT_BYTES_OUT_CNT] = { .name = "bytes_out_cnt", .data_length = stktable_data_size(bytes_out_cnt) },
 };
 
 /*