1 files changed, 43 insertions, 7 deletions

diff --git a/src/plugins/acl/dataplane_node.c b/src/plugins/acl/dataplane_node.c
index 0bdcc850054..c738f664571 100644
--- a/src/plugins/acl/dataplane_node.c
+++ b/src/plugins/acl/dataplane_node.c
@@ -565,6 +565,11 @@ acl_fa_inner_node_fn (vlib_main_t * vm,
   u32 *sw_if_index;
   fa_5tuple_t *fa_5tuple;
   u64 *hash;
+  /* for the delayed counters */
+  u32 saved_matched_acl_index = 0;
+  u32 saved_matched_ace_index = 0;
+  u32 saved_packet_count = 0;
+  u32 saved_byte_count = 0;
 
   from = vlib_frame_vector_args (frame);
   error_node = vlib_node_get_runtime (vm, node->node_index);
@@ -690,13 +695,34 @@ acl_fa_inner_node_fn (vlib_main_t * vm,
 		  am->output_lc_index_by_sw_if_index[sw_if_index[0]];
 
 	      action = 0;	/* deny by default */
-	      acl_plugin_match_5tuple_inline (am, lc_index0,
-					      (fa_5tuple_opaque_t *) &
-					      fa_5tuple[0], is_ip6, &action,
-					      &match_acl_pos,
-					      &match_acl_in_index,
-					      &match_rule_index,
-					      &trace_bitmap);
+	      int is_match = acl_plugin_match_5tuple_inline (am, lc_index0,
+							     (fa_5tuple_opaque_t *) & fa_5tuple[0], is_ip6,
+							     &action,
+							     &match_acl_pos,
+							     &match_acl_in_index,
+							     &match_rule_index,
+							     &trace_bitmap);
+	      if (PREDICT_FALSE
+		  (is_match && am->interface_acl_counters_enabled))
+		{
+		  u32 buf_len = vlib_buffer_length_in_chain (vm, b[0]);
+		  vlib_increment_combined_counter (am->combined_acl_counters +
+						   saved_matched_acl_index,
+						   thread_index,
+						   saved_matched_ace_index,
+						   saved_packet_count,
+						   saved_byte_count);
+		  saved_matched_acl_index = match_acl_in_index;
+		  saved_matched_ace_index = match_rule_index;
+		  saved_packet_count = 1;
+		  saved_byte_count = buf_len;
+		  /* prefetch the counter that we are going to increment */
+		  vlib_prefetch_combined_counter (am->combined_acl_counters +
+						  saved_matched_acl_index,
+						  thread_index,
+						  saved_matched_ace_index);
+		}
+
 	      b[0]->error = error_node->errors[action];
 
 	      if (1 == action)
@@ -778,6 +804,16 @@ acl_fa_inner_node_fn (vlib_main_t * vm,
 
   vlib_buffer_enqueue_to_next (vm, node, from, pw->nexts, frame->n_vectors);
 
+  /*
+   * if we were had an acl match then we have a counter to increment.
+   * else it is all zeroes, so this will be harmless.
+   */
+  vlib_increment_combined_counter (am->combined_acl_counters +
+				   saved_matched_acl_index,
+				   thread_index,
+				   saved_matched_ace_index,
+				   saved_packet_count, saved_byte_count);
+
   vlib_node_increment_counter (vm, node->node_index,
 			       ACL_FA_ERROR_ACL_CHECK, frame->n_vectors);
   vlib_node_increment_counter (vm, node->node_index,