From f995c7122ba0d024b17bc3232e8edd18d5e25088 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Thu, 13 Jun 2019 15:23:21 +0000 Subject: acl: implement counters implement per-acl-number counters in the stats segment. They are created during the ACL creation, the counters are incremented in the dataplane using the new inline function with the extra parameter being the packet size. Counting in shared segment adds a noticeable overhead, so add also an API to turn the counters on. Type: feature Change-Id: I8af7b0c31a3d986b68089eb52452aed45df66c7b Signed-off-by: Andrew Yourtchenko --- test/test_acl_plugin.py | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) (limited to 'test') diff --git a/test/test_acl_plugin.py b/test/test_acl_plugin.py index 1ca74d186bc..eca02316bf6 100644 --- a/test/test_acl_plugin.py +++ b/test/test_acl_plugin.py @@ -253,7 +253,7 @@ class TestACLplugin(VppTestCase): self.vapi.acl_interface_set_acl_list(sw_if_index=i.sw_if_index, n_input=1, acls=[reply.acl_index]) - return + return reply.acl_index def apply_rules_to(self, rules, tag=b'', sw_if_index=0xFFFFFFFF): reply = self.vapi.acl_add_replace(acl_index=4294967295, r=rules, @@ -264,7 +264,7 @@ class TestACLplugin(VppTestCase): self.vapi.acl_interface_set_acl_list(sw_if_index=sw_if_index, n_input=1, acls=[reply.acl_index]) - return + return reply.acl_index def etype_whitelist(self, whitelist, n_input): # Apply whitelists on all the interfaces @@ -647,10 +647,27 @@ class TestACLplugin(VppTestCase): 0, self.proto[self.IP][self.TCP])) # Apply rules - self.apply_rules(rules, b"permit per-flow") + acl_idx = self.apply_rules(rules, b"permit per-flow") + + # enable counters + reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=1) # Traffic should still pass self.run_verify_test(self.IP, self.IPV4, -1) + + matches = self.statistics.get_counter('/acl/%d/matches' % acl_idx) + self.logger.info("stat segment counters: %s" % repr(matches)) + cli = "show acl-plugin acl" + self.logger.info(self.vapi.ppcli(cli)) + cli = "show acl-plugin tables" + self.logger.info(self.vapi.ppcli(cli)) + + total_hits = matches[0][0]['packets'] + matches[0][1]['packets'] + self.assertEqual(total_hits, 64) + + # disable counters + reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=0) + self.logger.info("ACLP_TEST_FINISH_0002") def test_0003_acl_deny_apply(self): @@ -666,13 +683,26 @@ class TestACLplugin(VppTestCase): self.PORTS_ALL, 0)) # Apply rules - self.apply_rules(rules, b"deny per-flow;permit all") + acl_idx = self.apply_rules(rules, b"deny per-flow;permit all") + + # enable counters + reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=1) # Traffic should not pass self.run_verify_negat_test(self.IP, self.IPV4, self.proto[self.IP][self.UDP]) + + matches = self.statistics.get_counter('/acl/%d/matches' % acl_idx) + self.logger.info("stat segment counters: %s" % repr(matches)) + cli = "show acl-plugin acl" + self.logger.info(self.vapi.ppcli(cli)) + cli = "show acl-plugin tables" + self.logger.info(self.vapi.ppcli(cli)) + self.assertEqual(matches[0][0]['packets'], 64) + # disable counters + reply = self.vapi.papi.acl_stats_intf_counters_enable(enable=0) self.logger.info("ACLP_TEST_FINISH_0003") - # self.assertEqual(1, 0) + # self.assertEqual(, 0) def test_0004_vpp624_permit_icmpv4(self): """ VPP_624 permit ICMPv4 -- cgit 1.2.3-korg