X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Facl%2Facl.c;h=24dd53bd7496c9703456989b1adb831745550d71;hb=f995c7122;hp=63aafec6daf0600aa96a7f50d219f6cac021137c;hpb=2e1c8967faf4e9f7b45471df02e4e5b07fbb520a;p=vpp.git

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 63aafec6daf..24dd53bd749 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -86,13 +86,14 @@ _(MACIP_ACL_INTERFACE_GET, macip_acl_interface_get) \
 _(MACIP_ACL_INTERFACE_LIST_DUMP, macip_acl_interface_list_dump) \
 _(ACL_INTERFACE_SET_ETYPE_WHITELIST, acl_interface_set_etype_whitelist) \
 _(ACL_INTERFACE_ETYPE_WHITELIST_DUMP, acl_interface_etype_whitelist_dump) \
-_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES,acl_plugin_get_conn_table_max_entries)
+_(ACL_PLUGIN_GET_CONN_TABLE_MAX_ENTRIES,acl_plugin_get_conn_table_max_entries) \
+_(ACL_STATS_INTF_COUNTERS_ENABLE, acl_stats_intf_counters_enable)
 
 
 /* *INDENT-OFF* */
 VLIB_PLUGIN_REGISTER () = {
     .version = VPP_BUILD_VER,
-    .description = "Access Control Lists",
+    .description = "Access Control Lists (ACL)",
 };
 /* *INDENT-ON* */
 
@@ -373,6 +374,33 @@ policy_notify_acl_change (acl_main_t * am, u32 acl_num)
 }
 
 
+static void
+validate_and_reset_acl_counters (acl_main_t * am, u32 acl_index)
+{
+  int i;
+  /* counters are set as vectors [acl#] pointing to vectors of [acl rule] */
+  acl_plugin_counter_lock (am);
+
+  int old_len = vec_len (am->combined_acl_counters);
+
+  vec_validate (am->combined_acl_counters, acl_index);
+
+  for (i = old_len; i < vec_len (am->combined_acl_counters); i++)
+    {
+      am->combined_acl_counters[i].name = 0;
+      /* filled in once only */
+      am->combined_acl_counters[i].stat_segment_name = (void *)
+	format (0, "/acl/%d/matches%c", i, 0);
+      clib_warning ("add stats segment: %s",
+		    am->combined_acl_counters[i].stat_segment_name);
+      i32 rule_count = vec_len (am->acls[acl_index].rules);
+      /* Validate one extra so we always have at least one counter for an ACL */
+      vlib_validate_combined_counter (&am->combined_acl_counters[i],
+				      rule_count);
+      vlib_zero_combined_counter (&am->combined_acl_counters[i], rule_count);
+    }
+  acl_plugin_counter_unlock (am);
+}
 
 static int
 acl_add_list (u32 count, vl_api_acl_rule_t rules[],
@@ -465,6 +493,11 @@ acl_add_list (u32 count, vl_api_acl_rule_t rules[],
       policy_notify_acl_change (am, *acl_list_index);
     }
 
+  /* stats segment expects global heap, so restore it temporarily */
+  clib_mem_set_heap (oldheap);
+  validate_and_reset_acl_counters (am, *acl_list_index);
+  oldheap = acl_set_heap (am);
+
   /* notify the lookup contexts about the ACL changes */
   acl_plugin_lookup_context_notify_acl_change (*acl_list_index);
   clib_mem_set_heap (oldheap);
@@ -661,6 +694,16 @@ acl_interface_out_enable_disable (acl_main_t * am, u32 sw_if_index,
   return rv;
 }
 
+static int
+acl_stats_intf_counters_enable_disable (acl_main_t * am, int enable_disable)
+{
+  int rv = 0;
+
+  am->interface_acl_counters_enabled = enable_disable;
+
+  return rv;
+}
+
 static int
 acl_interface_inout_enable_disable (acl_main_t * am, u32 sw_if_index,
 				    int is_input, int enable_disable)
@@ -789,10 +832,6 @@ acl_interface_set_inout_acl_list (acl_main_t * am, u32 sw_if_index,
       u32 lc_index = (*pinout_lc_index_by_sw_if_index)[sw_if_index];
       if (~0 == lc_index)
 	{
-	  if (~0 == am->interface_acl_user_id)
-	    am->interface_acl_user_id =
-	      acl_plugin.register_user_module ("interface ACL", "sw_if_index",
-					       "is_input");
 	  lc_index =
 	    acl_plugin.get_lookup_context_index (am->interface_acl_user_id,
 						 sw_if_index, is_input);
@@ -1897,6 +1936,21 @@ vl_api_acl_del_t_handler (vl_api_acl_del_t * mp)
   REPLY_MACRO (VL_API_ACL_DEL_REPLY);
 }
 
+
+static void
+  vl_api_acl_stats_intf_counters_enable_t_handler
+  (vl_api_acl_stats_intf_counters_enable_t * mp)
+{
+  acl_main_t *am = &acl_main;
+  vl_api_acl_stats_intf_counters_enable_reply_t *rmp;
+  int rv;
+
+  rv = acl_stats_intf_counters_enable_disable (am, ntohl (mp->enable));
+
+  REPLY_MACRO (VL_API_ACL_DEL_REPLY);
+}
+
+
 static void
 vl_api_acl_interface_add_del_t_handler (vl_api_acl_interface_add_del_t * mp)
 {
@@ -3394,6 +3448,8 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm,
       show_applied_info = 1;
       show_bihash = 1;
     }
+  vlib_cli_output (vm, "Stats counters enabled for interface ACLs: %d",
+		   acl_main.interface_acl_counters_enabled);
   if (show_mask_type)
     acl_plugin_show_tables_mask_type ();
   if (show_acl_hash_info)
@@ -3659,7 +3715,13 @@ acl_init (vlib_main_t * vm)
   /* Set the default threshold */
   am->tuple_merge_split_threshold = TM_SPLIT_THRESHOLD;
 
-  am->interface_acl_user_id = ~0;	/* defer till the first use */
+  am->interface_acl_user_id =
+    acl_plugin.register_user_module ("interface ACL", "sw_if_index",
+				     "is_input");
+
+  am->acl_counter_lock = clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES,
+						 CLIB_CACHE_LINE_BYTES);
+  am->acl_counter_lock[0] = 0;	/* should be no need */
 
   return error;
 }