summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-09-07 13:49:07 +0200
committerFlorin Coras <florin.coras@gmail.com>2017-09-08 05:44:53 +0000
commita546ef96a8170aeea70d771ee45662cadc628344 (patch)
tree2e63d4408ab29f2c49ca5fbdf23cf28df2912e6a
parent3079a64e19e997e6735b633377285bb5718f4067 (diff)
acl-plugin: add hitcount to applied hash-acl entries
Add a counter incremented upon the ACL check, so it is easier to see which kind of traffic is being checked by the policy, add the corresponding output to the debug CLI "show acl-plugin tables" command. Change-Id: Id811dddf204e63eeceabfcc509e3e9c5aae1dbc8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
-rw-r--r--src/plugins/acl/acl.c8
-rw-r--r--src/plugins/acl/hash_lookup.c2
-rw-r--r--src/plugins/acl/hash_lookup_types.h4
3 files changed, 10 insertions, 4 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 7790b30b669..1ded1afa40c 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -2460,9 +2460,9 @@ acl_show_aclplugin_fn (vlib_main_t * vm,
out0 = format(out0, " input lookup applied entries:\n");
for(j=0; j<vec_len(am->input_hash_entry_vec_by_sw_if_index[swi]); j++) {
applied_hash_ace_entry_t *pae = &am->input_hash_entry_vec_by_sw_if_index[swi][j];
- out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d\n",
+ out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d hitcount %lld\n",
j, pae->acl_index, pae->ace_index, pae->action, pae->hash_ace_info_index,
- pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index);
+ pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index, pae->hitcount);
}
}
@@ -2475,9 +2475,9 @@ acl_show_aclplugin_fn (vlib_main_t * vm,
out0 = format(out0, " output lookup applied entries:\n");
for(j=0; j<vec_len(am->output_hash_entry_vec_by_sw_if_index[swi]); j++) {
applied_hash_ace_entry_t *pae = &am->output_hash_entry_vec_by_sw_if_index[swi][j];
- out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d\n",
+ out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d hitcount %lld\n",
j, pae->acl_index, pae->ace_index, pae->action, pae->hash_ace_info_index,
- pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index);
+ pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index, pae->hitcount);
}
}
diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c
index 5dbc3589c98..13bc6b4643f 100644
--- a/src/plugins/acl/hash_lookup.c
+++ b/src/plugins/acl/hash_lookup.c
@@ -371,6 +371,7 @@ hash_acl_apply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index)
pae->acl_index = acl_index;
pae->ace_index = ha->rules[i].ace_index;
pae->action = ha->rules[i].action;
+ pae->hitcount = 0;
pae->hash_ace_info_index = i;
/* we might link it in later */
pae->next_applied_entry_index = ~0;
@@ -876,6 +877,7 @@ hash_multi_acl_match_5tuple (u32 sw_if_index, fa_5tuple_t * pkt_5tuple, int is_l
u32 match_index = multi_acl_match_get_applied_ace_index(am, pkt_5tuple);
if (match_index < vec_len((*applied_hash_aces))) {
applied_hash_ace_entry_t *pae = vec_elt_at_index((*applied_hash_aces), match_index);
+ pae->hitcount++;
*acl_match_p = pae->acl_index;
*rule_match_p = pae->ace_index;
return pae->action;
diff --git a/src/plugins/acl/hash_lookup_types.h b/src/plugins/acl/hash_lookup_types.h
index f7110007002..1fa197ec978 100644
--- a/src/plugins/acl/hash_lookup_types.h
+++ b/src/plugins/acl/hash_lookup_types.h
@@ -65,6 +65,10 @@ typedef struct {
*/
u32 tail_applied_entry_index;
/*
+ * number of hits on this entry
+ */
+ u64 hitcount;
+ /*
* Action of this applied ACE
*/
u8 action;