Skip to content

Support to clear ACL counters cache to avoid inconsistency when table is re-created with same name #3180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Support to clear ACL counters cache to avoid inconsistency when table is re-created with same name #3180

wants to merge 1 commit into from

Conversation

ArthiGovindaraj
Copy link

When clearing ACL counters, the counters are stored in tmp file and the entry in this file is not removed. So if new table, is created with same name then the values stored in this file creates inconsistency.

What I did

Acl counters are cleared using the command aclshow -c.

This stores the current counters in file /tmp/cache/aclshow/0/aclstat. When the table is removed or the rule is removed, the entry in this file remains in tact.

So if user creates new table with the same name and sends traffic, the value from this file is considered as previous counters and the aclshow -a output keeps returning the diff of the current counters and the value stored for the old ACL table with the same name.
Added support to remove file created by aclshow -c once the table is deleted.

How I did it

RCA: On executing "aclshow -c", the ACL counters are stored in /tmp folder. This is notcleared on removing the table. So if new ACL table is created with same name, then it creates inconsistency when displaying counter stats using aclshow -a
Fix: When removing ACL table or removing ACL rule, the counters in /tmp file should also be cleared. For this new option "aclshow -cc" or "aclshow --clearcache" is introduced. This command is called internally when deleting a rule or a table. This ensures that the entry in /tmp file corresponding to the entry deleted gets cleared.
Usage:
aclshow -cc -t TABLENAME -r RULENAME

How to verify it

config acl add table -s ingress -p Ethernet1 DATAACL L3 => Create ACL table
Counters when 20000 packets sent for RULE_1:

root@sonic:~# aclshow -a
RULE NAME     TABLE NAME      PRIO    PACKETS COUNT    BYTES COUNT
------------  ------------  ------  ---------------  -------------
RULE_1        DATAACL         9999            20000        2000000

Now delete ACL table and then send 30000 packets.

root@sonic:~# aclshow -a
RULE NAME     TABLE NAME      PRIO    PACKETS COUNT    BYTES COUNT
------------  ------------  ------  ---------------  -------------
RULE_1        DATAACL         9999            10000        1000000 ==> shows 10000 instead of 30000

Verified that this issue is fixed and proper counters are displayed when ACL table is deleted and re-created.

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

@ArthiGovindaraj
When clearing ACL counters, the counters are stored in tmp file and t…
dd70748 
…he entry in this file is not removed. So if new table, is created with same name then the values stored in this file creates inconsistency.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ArthiGovindaraj