summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/dataplane_node.c
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2019-06-13 15:23:21 +0000
committerDamjan Marion <dmarion@me.com>2019-07-24 18:16:41 +0000
commitf995c7122ba0d024b17bc3232e8edd18d5e25088 (patch)
tree1bb44ddff0d009cf5e7fa62c8418b094edcaaa79 /src/plugins/acl/dataplane_node.c
parent025cd9c867bef937724535033ccdb979292b7714 (diff)
acl: implement counters
implement per-acl-number counters in the stats segment. They are created during the ACL creation, the counters are incremented in the dataplane using the new inline function with the extra parameter being the packet size. Counting in shared segment adds a noticeable overhead, so add also an API to turn the counters on. Type: feature Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/dataplane_node.c')
-rw-r--r--src/plugins/acl/dataplane_node.c50
1 files changed, 43 insertions, 7 deletions
diff --git a/src/plugins/acl/dataplane_node.c b/src/plugins/acl/dataplane_node.c
index 0bdcc850054..c738f664571 100644
--- a/src/plugins/acl/dataplane_node.c
+++ b/src/plugins/acl/dataplane_node.c
@@ -565,6 +565,11 @@ acl_fa_inner_node_fn (vlib_main_t * vm,
u32 *sw_if_index;
fa_5tuple_t *fa_5tuple;
u64 *hash;
+ /* for the delayed counters */
+ u32 saved_matched_acl_index = 0;
+ u32 saved_matched_ace_index = 0;
+ u32 saved_packet_count = 0;
+ u32 saved_byte_count = 0;
from = vlib_frame_vector_args (frame);
error_node = vlib_node_get_runtime (vm, node->node_index);
@@ -690,13 +695,34 @@ acl_fa_inner_node_fn (vlib_main_t * vm,
am->output_lc_index_by_sw_if_index[sw_if_index[0]];
action = 0; /* deny by default */
- acl_plugin_match_5tuple_inline (am, lc_index0,
- (fa_5tuple_opaque_t *) &
- fa_5tuple[0], is_ip6, &action,
- &match_acl_pos,
- &match_acl_in_index,
- &match_rule_index,
- &trace_bitmap);
+ int is_match = acl_plugin_match_5tuple_inline (am, lc_index0,
+ (fa_5tuple_opaque_t *) & fa_5tuple[0], is_ip6,
+ &action,
+ &match_acl_pos,
+ &match_acl_in_index,
+ &match_rule_index,
+ &trace_bitmap);
+ if (PREDICT_FALSE
+ (is_match && am->interface_acl_counters_enabled))
+ {
+ u32 buf_len = vlib_buffer_length_in_chain (vm, b[0]);
+ vlib_increment_combined_counter (am->combined_acl_counters +
+ saved_matched_acl_index,
+ thread_index,
+ saved_matched_ace_index,
+ saved_packet_count,
+ saved_byte_count);
+ saved_matched_acl_index = match_acl_in_index;
+ saved_matched_ace_index = match_rule_index;
+ saved_packet_count = 1;
+ saved_byte_count = buf_len;
+ /* prefetch the counter that we are going to increment */
+ vlib_prefetch_combined_counter (am->combined_acl_counters +
+ saved_matched_acl_index,
+ thread_index,
+ saved_matched_ace_index);
+ }
+
b[0]->error = error_node->errors[action];
if (1 == action)
@@ -778,6 +804,16 @@ acl_fa_inner_node_fn (vlib_main_t * vm,
vlib_buffer_enqueue_to_next (vm, node, from, pw->nexts, frame->n_vectors);
+ /*
+ * if we were had an acl match then we have a counter to increment.
+ * else it is all zeroes, so this will be harmless.
+ */
+ vlib_increment_combined_counter (am->combined_acl_counters +
+ saved_matched_acl_index,
+ thread_index,
+ saved_matched_ace_index,
+ saved_packet_count, saved_byte_count);
+
vlib_node_increment_counter (vm, node->node_index,
ACL_FA_ERROR_ACL_CHECK, frame->n_vectors);
vlib_node_increment_counter (vm, node->node_index,