[MEDIUM] session: add data in and out volume counters

The new "bytes_in_cnt" and "bytes_out_cnt" session counters have been added. They're automatically updated when session counters are updated. They can be matched with the "src_kbytes_in" and "src_kbytes_out" ACLs which apply to the volume per source address. This can be used to deny access to service abusers.
2025-09-21 13:51:26 +02:00 · 2010-06-18 18:33:32 +02:00 · 2010-06-18 18:33:32 +02:00 · 855e4bbcc7
commit 855e4bbcc7
parent 38285c18f4
3 changed files with 90 additions and 0 deletions
--- a/include/types/stick_table.h
+++ b/include/types/stick_table.h
@ -44,6 +44,8 @@ enum {
 	STKTABLE_DT_SERVER_ID,    /* the server ID to use with this session if > 0 */
 	STKTABLE_DT_CONN_CNT,     /* cumulated number of connections */
 	STKTABLE_DT_CONN_CUR,     /* concurrent number of connections */
+	STKTABLE_DT_BYTES_IN_CNT, /* cumulated bytes count from client to servers */
+	STKTABLE_DT_BYTES_OUT_CNT,/* cumulated bytes count from servers to client */
 	STKTABLE_DATA_TYPES       /* Number of data types, must always be last */
 };

@ -52,6 +54,8 @@ union stktable_data {
 	int server_id;
 	unsigned int conn_cnt;
 	unsigned int conn_cur;
+	unsigned long long bytes_in_cnt;
+	unsigned long long bytes_out_cnt;
 };

 /* known data types */
--- a/src/session.c
+++ b/src/session.c
@ -403,6 +403,14 @@ void session_process_counters(struct session *s)

 			if (s->listener->counters)
 				s->listener->counters->bytes_in		+= bytes;
+
+			if (s->tracked_counters) {
+				void *ptr = stktable_data_ptr(s->tracked_table,
+							      s->tracked_counters,
+							      STKTABLE_DT_BYTES_IN_CNT);
+				if (ptr)
+					stktable_data_cast(ptr, bytes_in_cnt) += bytes;
+			}
 		}
 	}

@ -420,6 +428,14 @@ void session_process_counters(struct session *s)

 			if (s->listener->counters)
 				s->listener->counters->bytes_out	+= bytes;
+
+			if (s->tracked_counters) {
+				void *ptr = stktable_data_ptr(s->tracked_table,
+							      s->tracked_counters,
+							      STKTABLE_DT_BYTES_OUT_CNT);
+				if (ptr)
+					stktable_data_cast(ptr, bytes_out_cnt) += bytes;
+			}
 		}
 	}
 }
@ -2160,12 +2176,80 @@ acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir,
 	return 1;
 }

+/* set test->i to the number of kbytes received from the session's source
+ * address in the table pointed to by expr.
+ */
+static int
+acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
+			struct acl_expr *expr, struct acl_test *test)
+{
+	struct stksess *ts;
+	struct stktable_key *key;
+
+	key = tcpv4_src_to_stktable_key(l4);
+	if (!key)
+		return 0; /* only TCPv4 is supported right now */
+
+	if (expr->arg_len)
+		px = find_stktable(expr->arg.str);
+
+	if (!px)
+		return 0; /* table not found */
+
+	test->flags = ACL_TEST_F_VOL_TEST;
+	test->i = 0;
+
+	if ((ts = stktable_lookup_key(&px->table, key)) != NULL) {
+		void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_IN_CNT);
+		if (!ptr)
+			return 0; /* parameter not stored */
+		test->i = stktable_data_cast(ptr, bytes_in_cnt) >> 10;
+	}
+
+	return 1;
+}
+
+/* set test->i to the number of kbytes sent to the session's source address in
+ * the table pointed to by expr.
+ */
+static int
+acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir,
+			 struct acl_expr *expr, struct acl_test *test)
+{
+	struct stksess *ts;
+	struct stktable_key *key;
+
+	key = tcpv4_src_to_stktable_key(l4);
+	if (!key)
+		return 0; /* only TCPv4 is supported right now */
+
+	if (expr->arg_len)
+		px = find_stktable(expr->arg.str);
+
+	if (!px)
+		return 0; /* table not found */
+
+	test->flags = ACL_TEST_F_VOL_TEST;
+	test->i = 0;
+
+	if ((ts = stktable_lookup_key(&px->table, key)) != NULL) {
+		void *ptr = stktable_data_ptr(&px->table, ts, STKTABLE_DT_BYTES_OUT_CNT);
+		if (!ptr)
+			return 0; /* parameter not stored */
+		test->i = stktable_data_cast(ptr, bytes_out_cnt) >> 10;
+	}
+
+	return 1;
+}
+

 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
 	{ "src_conn_cnt",       acl_parse_int,   acl_fetch_src_conn_cnt,      acl_match_int, ACL_USE_TCP4_VOLATILE },
 	{ "src_updt_conn_cnt",  acl_parse_int,   acl_fetch_src_updt_conn_cnt, acl_match_int, ACL_USE_TCP4_VOLATILE },
 	{ "src_conn_cur",       acl_parse_int,   acl_fetch_src_conn_cur,      acl_match_int, ACL_USE_TCP4_VOLATILE },
+	{ "src_kbytes_in",      acl_parse_int,   acl_fetch_src_kbytes_in,     acl_match_int, ACL_USE_TCP4_VOLATILE },
+	{ "src_kbytes_out",     acl_parse_int,   acl_fetch_src_kbytes_out,    acl_match_int, ACL_USE_TCP4_VOLATILE },
 	{ NULL, NULL, NULL, NULL },
 }};

--- a/src/stick_table.c
+++ b/src/stick_table.c
@ -528,6 +528,8 @@ struct stktable_data_type stktable_data_types[STKTABLE_DATA_TYPES] = {
 	[STKTABLE_DT_SERVER_ID] = { .name = "server_id", .data_length = stktable_data_size(server_id) },
 	[STKTABLE_DT_CONN_CNT]  = { .name = "conn_cnt",  .data_length = stktable_data_size(conn_cnt)  },
 	[STKTABLE_DT_CONN_CUR]  = { .name = "conn_cur",  .data_length = stktable_data_size(conn_cur)  },
+	[STKTABLE_DT_BYTES_IN_CNT]  = { .name = "bytes_in_cnt",  .data_length = stktable_data_size(bytes_in_cnt)  },
+	[STKTABLE_DT_BYTES_OUT_CNT] = { .name = "bytes_out_cnt", .data_length = stktable_data_size(bytes_out_cnt) },
 };

 /*