acl-plugin: store sessions in a single hash table instead of a per-interface

A bihash-per-interface is convenient, but turns out tricky difficult from the maintenance standpoint with the large number of interfaces. This patch makes the sessions reside in a single hash table for all the interfaces, adding the lower 16 bit of sw_if_index as part of the key into the previously unused space. There is a tradeoff, that a session with an identical 5-tuple and the same sw_if_index modulo 65536 will match on either of the interfaces. The probability of that is deemed sufficiently small to not worry about it. In case it still happens before the heat death of the universe, there is a clib_warning and the colliding packet will be dropped, at which point we will need to bump the hash key size by another u64, but rather not pay the cost of doing that right now. Change-Id: I2747839cfcceda73e597cbcafbe1e377fb8f1889 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
author: Andrew Yourtchenko <ayourtch@gmail.com> 2017-06-08 20:03:35 +0200
committer: Ole Trøan <otroan@employees.org> 2017-06-15 20:27:39 +0000
commit: 779c3e3a632f887a7249a5cae8cce6eeacb67e3f (patch)
tree: f240f028618e3a064302823b45d75085387c862e /src/plugins/acl/fa_node.h
parent: b2d5ff349d2c6cb2b733375dca4952cdeab2e7d3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/acl/fa_node.h b/src/plugins/acl/fa_node.h
index a94e7db9eea..671593a8c99 100644
--- a/src/plugins/acl/fa_node.h
+++ b/src/plugins/acl/fa_node.h
@@ -36,7 +36,7 @@ typedef union {
   struct {
     u16 port[2];
     u16 proto;
-    u16 rsvd;
+    u16 lsb_of_sw_if_index;
   };
 } fa_session_l4_key_t;
author	Andrew Yourtchenko <ayourtch@gmail.com>	2017-06-08 20:03:35 +0200
committer	Ole Trøan <otroan@employees.org>	2017-06-15 20:27:39 +0000
commit	779c3e3a632f887a7249a5cae8cce6eeacb67e3f (patch)
tree	f240f028618e3a064302823b45d75085387c862e /src/plugins/acl/fa_node.h
parent	b2d5ff349d2c6cb2b733375dca4952cdeab2e7d3 (diff)