From f995c7122ba0d024b17bc3232e8edd18d5e25088 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Thu, 13 Jun 2019 15:23:21 +0000 Subject: acl: implement counters implement per-acl-number counters in the stats segment. They are created during the ACL creation, the counters are incremented in the dataplane using the new inline function with the extra parameter being the packet size. Counting in shared segment adds a noticeable overhead, so add also an API to turn the counters on. Type: feature Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b Signed-off-by: Andrew Yourtchenko --- src/plugins/acl/dataplane_node.c | 50 ++++++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 7 deletions(-) (limited to 'src/plugins/acl/dataplane_node.c') diff --git a/src/plugins/acl/dataplane_node.c b/src/plugins/acl/dataplane_node.c index 0bdcc850054..c738f664571 100644 --- a/src/plugins/acl/dataplane_node.c +++ b/src/plugins/acl/dataplane_node.c @@ -565,6 +565,11 @@ acl_fa_inner_node_fn (vlib_main_t * vm, u32 *sw_if_index; fa_5tuple_t *fa_5tuple; u64 *hash; + /* for the delayed counters */ + u32 saved_matched_acl_index = 0; + u32 saved_matched_ace_index = 0; + u32 saved_packet_count = 0; + u32 saved_byte_count = 0; from = vlib_frame_vector_args (frame); error_node = vlib_node_get_runtime (vm, node->node_index); @@ -690,13 +695,34 @@ acl_fa_inner_node_fn (vlib_main_t * vm, am->output_lc_index_by_sw_if_index[sw_if_index[0]]; action = 0; /* deny by default */ - acl_plugin_match_5tuple_inline (am, lc_index0, - (fa_5tuple_opaque_t *) & - fa_5tuple[0], is_ip6, &action, - &match_acl_pos, - &match_acl_in_index, - &match_rule_index, - &trace_bitmap); + int is_match = acl_plugin_match_5tuple_inline (am, lc_index0, + (fa_5tuple_opaque_t *) & fa_5tuple[0], is_ip6, + &action, + &match_acl_pos, + &match_acl_in_index, + &match_rule_index, + &trace_bitmap); + if (PREDICT_FALSE + (is_match && am->interface_acl_counters_enabled)) + { + u32 buf_len = vlib_buffer_length_in_chain (vm, b[0]); + vlib_increment_combined_counter (am->combined_acl_counters + + saved_matched_acl_index, + thread_index, + saved_matched_ace_index, + saved_packet_count, + saved_byte_count); + saved_matched_acl_index = match_acl_in_index; + saved_matched_ace_index = match_rule_index; + saved_packet_count = 1; + saved_byte_count = buf_len; + /* prefetch the counter that we are going to increment */ + vlib_prefetch_combined_counter (am->combined_acl_counters + + saved_matched_acl_index, + thread_index, + saved_matched_ace_index); + } + b[0]->error = error_node->errors[action]; if (1 == action) @@ -778,6 +804,16 @@ acl_fa_inner_node_fn (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, pw->nexts, frame->n_vectors); + /* + * if we were had an acl match then we have a counter to increment. + * else it is all zeroes, so this will be harmless. + */ + vlib_increment_combined_counter (am->combined_acl_counters + + saved_matched_acl_index, + thread_index, + saved_matched_ace_index, + saved_packet_count, saved_byte_count); + vlib_node_increment_counter (vm, node->node_index, ACL_FA_ERROR_ACL_CHECK, frame->n_vectors); vlib_node_increment_counter (vm, node->node_index, -- cgit 1.2.3-korg