diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-09-25 06:14:52 +0800 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-09-25 16:15:23 +0800 |
commit | 2f1a984d4fe0980a9961ff089dc410e49d988967 (patch) | |
tree | a8078eea62cd86a106c33ceaa5ff13d60adf87a4 | |
parent | 568b9682e062943b6fd0cd34cebf38d265b2c84f (diff) |
nat: Add statistics to the access-list in the NAT
Count how many times we match a BSC or NAT deny. This will
give us the number of how often something should be filtered.
-rw-r--r-- | openbsc/include/openbsc/bsc_nat.h | 8 | ||||
-rw-r--r-- | openbsc/src/nat/bsc_nat_utils.c | 22 |
2 files changed, 30 insertions, 0 deletions
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h index ff0ee484c..f988a8f67 100644 --- a/openbsc/include/openbsc/bsc_nat.h +++ b/openbsc/include/openbsc/bsc_nat.h @@ -152,9 +152,17 @@ struct bsc_nat_statistics { } msc; }; +enum bsc_nat_acc_ctr { + ACC_LIST_BSC_FILTER, + ACC_LIST_NAT_FILTER, +}; + struct bsc_nat_acc_lst { struct llist_head list; + /* counter */ + struct rate_ctr_group *stats; + /* the name of the list */ const char *name; struct llist_head fltr_list; diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c index 3933f1bf4..e7c892867 100644 --- a/openbsc/src/nat/bsc_nat_utils.c +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -56,6 +56,18 @@ static const struct rate_ctr_group_desc bsc_cfg_ctrg_desc = { .ctr_desc = bsc_cfg_ctr_description, }; +static const struct rate_ctr_desc acc_list_ctr_description[] = { + [ACC_LIST_BSC_FILTER] = { "access-list.bsc-filter", "Rejected by rule for BSC"}, + [ACC_LIST_NAT_FILTER] = { "access-list.nat-filter", "Rejected by rule for NAT"}, +}; + +static const struct rate_ctr_group_desc bsc_cfg_acc_list_desc = { + .group_name_prefix = "nat.filter", + .group_description = "NAT Access-List Statistics", + .num_ctr = ARRAY_SIZE(acc_list_ctr_description), + .ctr_desc = acc_list_ctr_description, +}; + struct bsc_nat *bsc_nat_alloc(void) { struct bsc_nat *nat = talloc_zero(tall_bsc_ctx, struct bsc_nat); @@ -266,6 +278,7 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) if (lst_check_deny(bsc_lst, mi_string) == 0) { LOGP(DNAT, LOGL_ERROR, "Filtering %s by imsi_deny on bsc nr: %d.\n", mi_string, bsc->cfg->nr); + rate_ctr_inc(&bsc_lst->stats->ctr[ACC_LIST_BSC_FILTER]); return -2; } @@ -279,6 +292,7 @@ static int auth_imsi(struct bsc_connection *bsc, const char *mi_string) if (lst_check_deny(nat_lst, mi_string) == 0) { LOGP(DNAT, LOGL_ERROR, "Filtering %s by nat imsi_deny on bsc nr: %d.\n", mi_string, bsc->cfg->nr); + rate_ctr_inc(&bsc_lst->stats->ctr[ACC_LIST_NAT_FILTER]); return -3; } } @@ -556,6 +570,13 @@ struct bsc_nat_acc_lst *bsc_nat_acc_lst_get(struct bsc_nat *nat, const char *nam return NULL; } + /* TODO: get the index right */ + lst->stats = rate_ctr_group_alloc(lst, &bsc_cfg_acc_list_desc, 0); + if (!lst->stats) { + talloc_free(lst); + return NULL; + } + INIT_LLIST_HEAD(&lst->fltr_list); lst->name = talloc_strdup(lst, name); llist_add_tail(&lst->list, &nat->access_lists); @@ -565,6 +586,7 @@ struct bsc_nat_acc_lst *bsc_nat_acc_lst_get(struct bsc_nat *nat, const char *nam void bsc_nat_acc_lst_delete(struct bsc_nat_acc_lst *lst) { llist_del(&lst->list); + rate_ctr_group_free(lst->stats); talloc_free(lst); } |