summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl/acl.h
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2018-06-20 15:28:15 +0200
committerDamjan Marion <dmarion@me.com>2018-06-26 13:35:24 +0000
commit8d2e9bd8d80e7bcc703189f5796733be24c6d0a6 (patch)
tree64a0c1300994df719639e5415c9df2eab3193ba0 /src/plugins/acl/acl.h
parentd16ba6295b666a1b3d92c3b043ea1c008d2722c6 (diff)
acl-plugin: tm: optimize multi-lookups and prepare to add tuplemerge
- instantiate the per-use mask type entry for a given hash ACE this prepares to adding tuplemerge where the applied ACE may have a different mask type due to relaxing of the tuples - store the vector of the colliding rules for linear lookups rather than traversing the linked list. - store the lowest rule index for a given mask type inside the structure. This allows to skip looking up at the later mask types if we already matched an entry that is in front of the very first entry in the new candidate mask type, thus saving a worthless hash table lookup. - use a vector of mask type indices rather than bitmap, in the sorted order (by construction) of ascending lowest rule index - this allows to terminate the lookups early. - adapt the debug cli outputs accordingly to show the data - propagate the is_ip6 into the inner calls Change-Id: I7a67b271e66785c6eab738b632b432d5886a0a8a Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/acl.h')
-rw-r--r--src/plugins/acl/acl.h24
1 files changed, 4 insertions, 20 deletions
diff --git a/src/plugins/acl/acl.h b/src/plugins/acl/acl.h
index f63771f4dac..733d785d886 100644
--- a/src/plugins/acl/acl.h
+++ b/src/plugins/acl/acl.h
@@ -28,6 +28,7 @@
#include <vppinfra/bihash_40_8.h>
#include <vppinfra/bihash_16_8.h>
+#include "types.h"
#include "fa_node.h"
#include "hash_lookup_types.h"
#include "lookup_context.h"
@@ -72,26 +73,6 @@ typedef struct
} addr;
} address_t;
-/*
- * ACL rules
- */
-typedef struct
-{
- u8 is_permit;
- u8 is_ipv6;
- ip46_address_t src;
- u8 src_prefixlen;
- ip46_address_t dst;
- u8 dst_prefixlen;
- u8 proto;
- u16 src_port_or_type_first;
- u16 src_port_or_type_last;
- u16 dst_port_or_code_first;
- u16 dst_port_or_code_last;
- u8 tcp_flags_value;
- u8 tcp_flags_mask;
-} acl_rule_t;
-
typedef struct
{
u8 is_permit;
@@ -216,6 +197,9 @@ typedef struct {
/* a pool of all mask types present in all ACEs */
ace_mask_type_entry_t *ace_mask_type_pool;
+ /* vec of vectors of all info of all mask types present in ACEs contained in each lc_index */
+ hash_applied_mask_info_t **hash_applied_mask_info_vec_by_lc_index;
+
/*
* Classify tables used to grab the packets for the ACL check,
* and serving as the 5-tuple session tables at the same time