sonic-utilities icon indicating copy to clipboard operation
sonic-utilities copied to clipboard

Published 20 hours ago verified publisher icon sonic-net

Support to clear ACL counters cache to avoid inconsistency when table is re-created with same name

Open ArthiGovindaraj opened this issue 1 year ago • 0 comments

When clearing ACL counters, the counters are stored in tmp file and the entry in this file is not removed. So if new table, is created with same name then the values stored in this file creates inconsistency.

What I did

Acl counters are cleared using the command aclshow -c.

This stores the current counters in file /tmp/cache/aclshow/0/aclstat. When the table is removed or the rule is removed, the entry in this file remains in tact.

So if user creates new table with the same name and sends traffic, the value from this file is considered as previous counters and the aclshow -a output keeps returning the diff of the current counters and the value stored for the old ACL table with the same name. Added support to remove file created by aclshow -c once the table is deleted.

How I did it

RCA: On executing "aclshow -c", the ACL counters are stored in /tmp folder. This is notcleared on removing the table. So if new ACL table is created with same name, then it creates inconsistency when displaying counter stats using aclshow -a Fix: When removing ACL table or removing ACL rule, the counters in /tmp file should also be cleared. For this new option "aclshow -cc" or "aclshow --clearcache" is introduced. This command is called internally when deleting a rule or a table. This ensures that the entry in /tmp file corresponding to the entry deleted gets cleared. Usage: aclshow -cc -t TABLENAME -r RULENAME

How to verify it

config acl add table -s ingress -p Ethernet1 DATAACL L3 => Create ACL table Counters when 20000 packets sent for RULE_1:

root@sonic:~# aclshow -a
RULE NAME     TABLE NAME      PRIO    PACKETS COUNT    BYTES COUNT
------------  ------------  ------  ---------------  -------------
RULE_1        DATAACL         9999            20000        2000000

Now delete ACL table and then send 30000 packets.

root@sonic:~# aclshow -a
RULE NAME     TABLE NAME      PRIO    PACKETS COUNT    BYTES COUNT
------------  ------------  ------  ---------------  -------------
RULE_1        DATAACL         9999            10000        1000000 ==> shows 10000 instead of 30000

Verified that this issue is fixed and proper counters are displayed when ACL table is deleted and re-created.

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

ArthiGovindaraj avatar Feb 26 '24 11:02 ArthiGovindaraj