diff options
| author |   Andrew Yourtchenko <ayourtch@gmail.com> | 2019-06-13 15:23:21 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-07-24 18:16:41 +0000 |
| commit | f995c7122ba0d024b17bc3232e8edd18d5e25088 (patch) | |
| tree | 1bb44ddff0d009cf5e7fa62c8418b094edcaaa79 /src/plugins/acl/dataplane_node.c | |
| parent | 025cd9c867bef937724535033ccdb979292b7714 (diff) | |
acl: implement counters
implement per-acl-number counters in the stats segment.
They are created during the ACL creation,
the counters are incremented in the dataplane using
the new inline function with the extra parameter being
the packet size. Counting in shared segment adds
a noticeable overhead, so add also an API to
turn the counters on.
Type: feature
Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/dataplane_node.c')
| -rw-r--r-- | src/plugins/acl/dataplane_node.c | 50 |
1 files changed, 43 insertions, 7 deletions
diff --git a/src/plugins/acl/dataplane_node.c b/src/plugins/acl/dataplane_node.c index 0bdcc850054..c738f664571 100644 --- a/src/plugins/acl/dataplane_node.c +++ b/src/plugins/acl/dataplane_node.c @@ -565,6 +565,11 @@ acl_fa_inner_node_fn (vlib_main_t * vm, u32 *sw_if_index; fa_5tuple_t *fa_5tuple; u64 *hash; + /* for the delayed counters */ + u32 saved_matched_acl_index = 0; + u32 saved_matched_ace_index = 0; + u32 saved_packet_count = 0; + u32 saved_byte_count = 0; from = vlib_frame_vector_args (frame); error_node = vlib_node_get_runtime (vm, node->node_index); @@ -690,13 +695,34 @@ acl_fa_inner_node_fn (vlib_main_t * vm, am->output_lc_index_by_sw_if_index[sw_if_index[0]]; action = 0; /* deny by default */ - acl_plugin_match_5tuple_inline (am, lc_index0, - (fa_5tuple_opaque_t *) & - fa_5tuple[0], is_ip6, &action, - &match_acl_pos, - &match_acl_in_index, - &match_rule_index, - &trace_bitmap); + int is_match = acl_plugin_match_5tuple_inline (am, lc_index0, + (fa_5tuple_opaque_t *) & fa_5tuple[0], is_ip6, + &action, + &match_acl_pos, + &match_acl_in_index, + &match_rule_index, + &trace_bitmap); + if (PREDICT_FALSE + (is_match && am->interface_acl_counters_enabled)) + { + u32 buf_len = vlib_buffer_length_in_chain (vm, b[0]); + vlib_increment_combined_counter (am->combined_acl_counters + + saved_matched_acl_index, + thread_index, + saved_matched_ace_index, + saved_packet_count, + saved_byte_count); + saved_matched_acl_index = match_acl_in_index; + saved_matched_ace_index = match_rule_index; + saved_packet_count = 1; + saved_byte_count = buf_len; + /* prefetch the counter that we are going to increment */ + vlib_prefetch_combined_counter (am->combined_acl_counters + + saved_matched_acl_index, + thread_index, + saved_matched_ace_index); + } + b[0]->error = error_node->errors[action]; if (1 == action) @@ -778,6 +804,16 @@ acl_fa_inner_node_fn (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, pw->nexts, frame->n_vectors); + /* + * if we were had an acl match then we have a counter to increment. + * else it is all zeroes, so this will be harmless. + */ + vlib_increment_combined_counter (am->combined_acl_counters + + saved_matched_acl_index, + thread_index, + saved_matched_ace_index, + saved_packet_count, saved_byte_count); + vlib_node_increment_counter (vm, node->node_index, ACL_FA_ERROR_ACL_CHECK, frame->n_vectors); vlib_node_increment_counter (vm, node->node_index, |