diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2021-08-13 13:59:50 +0000 |
---|---|---|
committer | Ole Tr�an <otroan@employees.org> | 2021-08-19 08:42:00 +0000 |
commit | 1d342b9c8f515eabfb20fe8856ba311769870711 (patch) | |
tree | 8ede30a7dbad94dbb060a95cb58c37fb677edc47 /src/plugins/acl | |
parent | 38071b1331b44746679997f6e66081c4936d087c (diff) |
acl: add API call for setting the toggle to select between linear and bihash-based lookups
In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup
may be more efficient than the hash-based lookup. Expose the API to allow the control plane
to choose what lookup algorithm to use.
Type: improvement
Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r-- | src/plugins/acl/acl.api | 42 | ||||
-rw-r--r-- | src/plugins/acl/acl.c | 41 | ||||
-rw-r--r-- | src/plugins/acl/acl_test.c | 66 |
3 files changed, 148 insertions, 1 deletions
diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api index a4706c3e529..404b512abed 100644 --- a/src/plugins/acl/acl.api +++ b/src/plugins/acl/acl.api @@ -19,7 +19,7 @@ used to control the ACL plugin */ -option version = "2.0.0"; +option version = "2.0.1"; import "plugins/acl/acl_types.api"; import "vnet/interface_types.api"; @@ -497,3 +497,43 @@ autoreply define acl_stats_intf_counters_enable bool enable; option vat_help = "[disable]"; }; + +/** \brief Enable hash-based ACL lookups (default) or disable them (use linear search) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param enable - whether to enable or disable the usage of hash lookup algorithm +*/ + +autoreply define acl_plugin_use_hash_lookup_set +{ + option status="in_progress"; + u32 client_index; + u32 context; + bool enable; +}; + +/** \brief Get if the hash-based ACL lookups are enabled (default) or not (use linear search) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ + + +define acl_plugin_use_hash_lookup_get +{ + option status="in_progress"; + u32 client_index; + u32 context; +}; + + +/** \brief Reply with the previous state of the hash lookup + @param context - returned sender context, to match reply w/ request + @param prev_enable - previous state of the hash lookup use +*/ + +define acl_plugin_use_hash_lookup_get_reply +{ + option status="in_progress"; + u32 context; + bool enable; +}; diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c index e8b5877ab21..24536eb84b7 100644 --- a/src/plugins/acl/acl.c +++ b/src/plugins/acl/acl.c @@ -2451,6 +2451,45 @@ static void } static void +vl_api_acl_plugin_use_hash_lookup_set_t_handler ( + vl_api_acl_plugin_use_hash_lookup_set_t *mp) +{ + acl_main_t *am = &acl_main; + vl_api_acl_plugin_use_hash_lookup_set_reply_t *rmp; + vl_api_registration_t *reg; + int rv = 0; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + am->use_hash_acl_matching = mp->enable; + REPLY_MACRO (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET_REPLY); +} + +static void +vl_api_acl_plugin_use_hash_lookup_get_t_handler ( + vl_api_acl_plugin_use_hash_lookup_get_t *mp) +{ + acl_main_t *am = &acl_main; + vl_api_acl_plugin_use_hash_lookup_get_reply_t *rmp; + int msg_size = sizeof (*rmp); + vl_api_registration_t *reg; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + rmp = vl_msg_api_alloc (msg_size); + clib_memset (rmp, 0, msg_size); + rmp->_vl_msg_id = + ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET_REPLY + am->msg_id_base); + rmp->context = mp->context; + rmp->enable = am->use_hash_acl_matching; + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void acl_set_timeout_sec (int timeout_type, u32 value) { acl_main_t *am = &acl_main; @@ -3432,6 +3471,8 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm, } vlib_cli_output (vm, "Stats counters enabled for interface ACLs: %d", acl_main.interface_acl_counters_enabled); + vlib_cli_output (vm, "Use hash-based lookup for ACLs: %d", + acl_main.use_hash_acl_matching); if (show_mask_type) acl_plugin_show_tables_mask_type (); if (show_acl_hash_info) diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c index 79058cdc268..44abf30923d 100644 --- a/src/plugins/acl/acl_test.c +++ b/src/plugins/acl/acl_test.c @@ -99,6 +99,15 @@ static void vl_api_acl_plugin_get_version_reply_t_handler vam->result_ready = 1; } + static void + vl_api_acl_plugin_use_hash_lookup_get_reply_t_handler ( + vl_api_acl_plugin_use_hash_lookup_get_reply_t *mp) + { + vat_main_t *vam = acl_test_main.vat_main; + clib_warning ("ACL hash lookups enabled: %d", mp->enable); + vam->result_ready = 1; + } + static void vl_api_acl_interface_list_details_t_handler (vl_api_acl_interface_list_details_t * mp) { @@ -551,6 +560,63 @@ static int api_acl_stats_intf_counters_enable (vat_main_t * vam) return ret; } +static int +api_acl_plugin_use_hash_lookup_set (vat_main_t *vam) +{ + acl_test_main_t *sm = &acl_test_main; + unformat_input_t *i = vam->input; + vl_api_acl_plugin_use_hash_lookup_set_t *mp; + u32 msg_size = sizeof (*mp); + int ret; + + vam->result_ready = 0; + mp = vl_msg_api_alloc_as_if_client (msg_size); + memset (mp, 0, msg_size); + mp->_vl_msg_id = + ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET + sm->msg_id_base); + mp->client_index = vam->my_client_index; + mp->enable = 1; + + while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) + { + if (unformat (i, "disable")) + mp->enable = 0; + else if (unformat (i, "enable")) + mp->enable = 1; + else + break; + } + + /* send it... */ + S (mp); + + /* Wait for a reply... */ + W (ret); + return ret; +} + +static int +api_acl_plugin_use_hash_lookup_get (vat_main_t *vam) +{ + acl_test_main_t *sm = &acl_test_main; + vl_api_acl_plugin_use_hash_lookup_set_t *mp; + u32 msg_size = sizeof (*mp); + int ret; + + vam->result_ready = 0; + mp = vl_msg_api_alloc_as_if_client (msg_size); + memset (mp, 0, msg_size); + mp->_vl_msg_id = + ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET + sm->msg_id_base); + mp->client_index = vam->my_client_index; + + /* send it... */ + S (mp); + + /* Wait for a reply... */ + W (ret); + return ret; +} /* * Read the series of ACL entries from file in the following format: |