aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/acl.c
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-06-08 18:59:24 +0200
committerDamjan Marion <dmarion.lists@gmail.com>2017-06-14 14:12:51 +0000
commit8e60f32c576095fe44b904a9d0a99f5da2c081ab (patch)
tree2386f74ff31c1872fce473c87c55578df55a8227 /src/plugins/acl/acl.c
parent28b70af8e5b4bea004138cfca74e79b44803c5db (diff)
acl-plugin: shrink the L2 classifier tables used for traffic redirect
The previous iteration of the code used the L2 classifier tables for session storage, as a result, the table allocations were pretty big. The new ACL plugin datapath uses the tables just as a redirection mechanism, without adding any entries. Thus, the tables can be much smaller. Change-Id: Ieec4a5abf0abda6e513ab4e675f912f14d47e671 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/acl.c')
-rw-r--r--src/plugins/acl/acl.c34
1 files changed, 17 insertions, 17 deletions
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 8fa7b1db3fe..4174a570183 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -325,13 +325,13 @@ _(ether) __ __ __ __ __ __ v __ __ __ __ __ __ v __ __ v
}
static int
-acl_classify_add_del_table_big (vnet_classify_main_t * cm, u8 * mask,
+acl_classify_add_del_table_tiny (vnet_classify_main_t * cm, u8 * mask,
u32 mask_len, u32 next_table_index,
u32 miss_next_index, u32 * table_index,
int is_add)
{
- u32 nbuckets = 65536;
- u32 memory_size = 2 << 30;
+ u32 nbuckets = 1;
+ u32 memory_size = 2 << 13;
u32 skip = count_skip (mask, mask_len);
u32 match = (mask_len / 16) - skip;
u8 *skip_mask_ptr = mask + 16 * skip;
@@ -394,7 +394,7 @@ acl_unhook_l2_input_classify (acl_main_t * am, u32 sw_if_index)
ip4_table_index =
am->acl_ip4_input_classify_table_by_sw_if_index[sw_if_index];
am->acl_ip4_input_classify_table_by_sw_if_index[sw_if_index] = ~0;
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip4,
&ip4_table_index, 0);
@@ -404,7 +404,7 @@ acl_unhook_l2_input_classify (acl_main_t * am, u32 sw_if_index)
ip6_table_index =
am->acl_ip6_input_classify_table_by_sw_if_index[sw_if_index];
am->acl_ip6_input_classify_table_by_sw_if_index[sw_if_index] = ~0;
- acl_classify_add_del_table_big (cm, ip6_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip6,
&ip6_table_index, 0);
@@ -432,7 +432,7 @@ acl_unhook_l2_output_classify (acl_main_t * am, u32 sw_if_index)
ip4_table_index =
am->acl_ip4_output_classify_table_by_sw_if_index[sw_if_index];
am->acl_ip4_output_classify_table_by_sw_if_index[sw_if_index] = ~0;
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip4,
&ip4_table_index, 0);
@@ -442,7 +442,7 @@ acl_unhook_l2_output_classify (acl_main_t * am, u32 sw_if_index)
ip6_table_index =
am->acl_ip6_output_classify_table_by_sw_if_index[sw_if_index];
am->acl_ip6_output_classify_table_by_sw_if_index[sw_if_index] = ~0;
- acl_classify_add_del_table_big (cm, ip6_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip6,
&ip6_table_index, 0);
@@ -462,20 +462,20 @@ acl_hook_l2_input_classify (acl_main_t * am, u32 sw_if_index)
/* in case there were previous tables attached */
acl_unhook_l2_input_classify (am, sw_if_index);
rv =
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip4,
&ip4_table_index, 1);
if (rv)
return rv;
rv =
- acl_classify_add_del_table_big (cm, ip6_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip6,
&ip6_table_index, 1);
if (rv)
{
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip4,
&ip4_table_index, 0);
@@ -489,11 +489,11 @@ acl_hook_l2_input_classify (acl_main_t * am, u32 sw_if_index)
sw_if_index, ip4_table_index, ip6_table_index);
if (rv)
{
- acl_classify_add_del_table_big (cm, ip6_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip6,
&ip6_table_index, 0);
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_input_classify_next_acl_ip4,
&ip4_table_index, 0);
@@ -520,20 +520,20 @@ acl_hook_l2_output_classify (acl_main_t * am, u32 sw_if_index)
/* in case there were previous tables attached */
acl_unhook_l2_output_classify (am, sw_if_index);
rv =
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip4,
&ip4_table_index, 1);
if (rv)
return rv;
rv =
- acl_classify_add_del_table_big (cm, ip6_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip6,
&ip6_table_index, 1);
if (rv)
{
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip4,
&ip4_table_index, 0);
@@ -547,11 +547,11 @@ acl_hook_l2_output_classify (acl_main_t * am, u32 sw_if_index)
sw_if_index, ip4_table_index, ip6_table_index);
if (rv)
{
- acl_classify_add_del_table_big (cm, ip6_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip6_5tuple_mask,
sizeof (ip6_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip6,
&ip6_table_index, 0);
- acl_classify_add_del_table_big (cm, ip4_5tuple_mask,
+ acl_classify_add_del_table_tiny (cm, ip4_5tuple_mask,
sizeof (ip4_5tuple_mask) - 1, ~0,
am->l2_output_classify_next_acl_ip4,
&ip4_table_index, 0);