Adding per user traffic stats using iptables

[Maxim Dounin]

Hello!

On Mon, Jun 17, 2013 at 10:42:21PM +0800, Zorceta Moshak wrote:

> Hi,
> I'm trying to let iptables record different users' traffic.
> Planned to setuid() before worker actually sends out data.
> Read through modules and filter chain in source codes, still can't figure
> out who's the real sender func.
> Could anyone tell?

Sending data is done via c->send() or c->send_chain() functions.  
Assuming no ssl, this will map to ngx_send() or ngx_send_chain() 
macros, defined as:

: #define ngx_send             ngx_io.send
: #define ngx_send_chain       ngx_io.send_chain

The ngx_io structure depends on event method, but in all practical 
cases maps to ngx_os_io.  In it's turn ngx_os_io is a 
platform-dependant structure, which is set during platform init.  
E.g. on Linux it's set to ngx_linux_io, defined as follows:

: static ngx_os_io_t ngx_linux_io = {
:     ngx_unix_recv,
:     ngx_readv_chain,
:     ngx_udp_unix_recv,
:     ngx_unix_send,
: #if (NGX_HAVE_SENDFILE)
:     ngx_linux_sendfile_chain,
:     NGX_IO_SENDFILE
: #else
:     ngx_writev_chain,
:     0
: #endif
: };

That is, ngx_send() maps to ngx_unix_send() (which in turn uses 
send() to actually send data), while c->send_chain() to either 
ngx_linux_sendfile_chain() or ngx_writev_chain().

Overral I would recommend you to do what you need around 
c->send()/c->send_chain() calls (that is, in write filter if you 
are talking about http).  It would be much easier than digging 
into low level and hacking all the function nginx can use.

-- 
Maxim Dounin
http://nginx.org/en/donation.html