From a546ef96a8170aeea70d771ee45662cadc628344 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Thu, 7 Sep 2017 13:49:07 +0200 Subject: [PATCH] acl-plugin: add hitcount to applied hash-acl entries Add a counter incremented upon the ACL check, so it is easier to see which kind of traffic is being checked by the policy, add the corresponding output to the debug CLI "show acl-plugin tables" command. Change-Id: Id811dddf204e63eeceabfcc509e3e9c5aae1dbc8 Signed-off-by: Andrew Yourtchenko --- src/plugins/acl/acl.c | 8 ++++---- src/plugins/acl/hash_lookup.c | 2 ++ src/plugins/acl/hash_lookup_types.h | 4 ++++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index 7790b30b669..1ded1afa40c 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -2460,9 +2460,9 @@ acl_show_aclplugin_fn (vlib_main_t * vm, out0 = format(out0, " input lookup applied entries:\n"); for(j=0; jinput_hash_entry_vec_by_sw_if_index[swi]); j++) { applied_hash_ace_entry_t *pae = &am->input_hash_entry_vec_by_sw_if_index[swi][j]; - out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d\n", + out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d hitcount %lld\n", j, pae->acl_index, pae->ace_index, pae->action, pae->hash_ace_info_index, - pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index); + pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index, pae->hitcount); } } @@ -2475,9 +2475,9 @@ acl_show_aclplugin_fn (vlib_main_t * vm, out0 = format(out0, " output lookup applied entries:\n"); for(j=0; joutput_hash_entry_vec_by_sw_if_index[swi]); j++) { applied_hash_ace_entry_t *pae = &am->output_hash_entry_vec_by_sw_if_index[swi][j]; - out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d\n", + out0 = format(out0, " %4d: acl %d rule %d action %d bitmask-ready rule %d next %d prev %d tail %d hitcount %lld\n", j, pae->acl_index, pae->ace_index, pae->action, pae->hash_ace_info_index, - pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index); + pae->next_applied_entry_index, pae->prev_applied_entry_index, pae->tail_applied_entry_index, pae->hitcount); } } diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c index 5dbc3589c98..13bc6b4643f 100644 --- a/src/plugins/acl/hash_lookup.c +++ b/src/plugins/acl/hash_lookup.c @@ -371,6 +371,7 @@ hash_acl_apply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index) pae->acl_index = acl_index; pae->ace_index = ha->rules[i].ace_index; pae->action = ha->rules[i].action; + pae->hitcount = 0; pae->hash_ace_info_index = i; /* we might link it in later */ pae->next_applied_entry_index = ~0; @@ -876,6 +877,7 @@ hash_multi_acl_match_5tuple (u32 sw_if_index, fa_5tuple_t * pkt_5tuple, int is_l u32 match_index = multi_acl_match_get_applied_ace_index(am, pkt_5tuple); if (match_index < vec_len((*applied_hash_aces))) { applied_hash_ace_entry_t *pae = vec_elt_at_index((*applied_hash_aces), match_index); + pae->hitcount++; *acl_match_p = pae->acl_index; *rule_match_p = pae->ace_index; return pae->action; diff --git a/src/plugins/acl/hash_lookup_types.h b/src/plugins/acl/hash_lookup_types.h index f7110007002..1fa197ec978 100644 --- a/src/plugins/acl/hash_lookup_types.h +++ b/src/plugins/acl/hash_lookup_types.h @@ -64,6 +64,10 @@ typedef struct { * chain tail, if this is the first entry */ u32 tail_applied_entry_index; + /* + * number of hits on this entry + */ + u64 hitcount; /* * Action of this applied ACE */ -- 2.16.6