aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2021-08-13 13:59:50 +0000
committerOle Tr�an <otroan@employees.org>2021-08-19 08:42:00 +0000
commit1d342b9c8f515eabfb20fe8856ba311769870711 (patch)
tree8ede30a7dbad94dbb060a95cb58c37fb677edc47 /src/plugins/acl
parent38071b1331b44746679997f6e66081c4936d087c (diff)
acl: add API call for setting the toggle to select between linear and bihash-based lookups
In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup may be more efficient than the hash-based lookup. Expose the API to allow the control plane to choose what lookup algorithm to use. Type: improvement Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/acl.api42
-rw-r--r--src/plugins/acl/acl.c41
-rw-r--r--src/plugins/acl/acl_test.c66
3 files changed, 148 insertions, 1 deletions
diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api
index a4706c3e529..404b512abed 100644
--- a/src/plugins/acl/acl.api
+++ b/src/plugins/acl/acl.api
@@ -19,7 +19,7 @@
used to control the ACL plugin
*/
-option version = "2.0.0";
+option version = "2.0.1";
import "plugins/acl/acl_types.api";
import "vnet/interface_types.api";
@@ -497,3 +497,43 @@ autoreply define acl_stats_intf_counters_enable
bool enable;
option vat_help = "[disable]";
};
+
+/** \brief Enable hash-based ACL lookups (default) or disable them (use linear search)
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param enable - whether to enable or disable the usage of hash lookup algorithm
+*/
+
+autoreply define acl_plugin_use_hash_lookup_set
+{
+ option status="in_progress";
+ u32 client_index;
+ u32 context;
+ bool enable;
+};
+
+/** \brief Get if the hash-based ACL lookups are enabled (default) or not (use linear search)
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+*/
+
+
+define acl_plugin_use_hash_lookup_get
+{
+ option status="in_progress";
+ u32 client_index;
+ u32 context;
+};
+
+
+/** \brief Reply with the previous state of the hash lookup
+ @param context - returned sender context, to match reply w/ request
+ @param prev_enable - previous state of the hash lookup use
+*/
+
+define acl_plugin_use_hash_lookup_get_reply
+{
+ option status="in_progress";
+ u32 context;
+ bool enable;
+};
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index e8b5877ab21..24536eb84b7 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -2451,6 +2451,45 @@ static void
}
static void
+vl_api_acl_plugin_use_hash_lookup_set_t_handler (
+ vl_api_acl_plugin_use_hash_lookup_set_t *mp)
+{
+ acl_main_t *am = &acl_main;
+ vl_api_acl_plugin_use_hash_lookup_set_reply_t *rmp;
+ vl_api_registration_t *reg;
+ int rv = 0;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ am->use_hash_acl_matching = mp->enable;
+ REPLY_MACRO (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET_REPLY);
+}
+
+static void
+vl_api_acl_plugin_use_hash_lookup_get_t_handler (
+ vl_api_acl_plugin_use_hash_lookup_get_t *mp)
+{
+ acl_main_t *am = &acl_main;
+ vl_api_acl_plugin_use_hash_lookup_get_reply_t *rmp;
+ int msg_size = sizeof (*rmp);
+ vl_api_registration_t *reg;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ rmp = vl_msg_api_alloc (msg_size);
+ clib_memset (rmp, 0, msg_size);
+ rmp->_vl_msg_id =
+ ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET_REPLY + am->msg_id_base);
+ rmp->context = mp->context;
+ rmp->enable = am->use_hash_acl_matching;
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+static void
acl_set_timeout_sec (int timeout_type, u32 value)
{
acl_main_t *am = &acl_main;
@@ -3432,6 +3471,8 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm,
}
vlib_cli_output (vm, "Stats counters enabled for interface ACLs: %d",
acl_main.interface_acl_counters_enabled);
+ vlib_cli_output (vm, "Use hash-based lookup for ACLs: %d",
+ acl_main.use_hash_acl_matching);
if (show_mask_type)
acl_plugin_show_tables_mask_type ();
if (show_acl_hash_info)
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index 79058cdc268..44abf30923d 100644
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -99,6 +99,15 @@ static void vl_api_acl_plugin_get_version_reply_t_handler
vam->result_ready = 1;
}
+ static void
+ vl_api_acl_plugin_use_hash_lookup_get_reply_t_handler (
+ vl_api_acl_plugin_use_hash_lookup_get_reply_t *mp)
+ {
+ vat_main_t *vam = acl_test_main.vat_main;
+ clib_warning ("ACL hash lookups enabled: %d", mp->enable);
+ vam->result_ready = 1;
+ }
+
static void vl_api_acl_interface_list_details_t_handler
(vl_api_acl_interface_list_details_t * mp)
{
@@ -551,6 +560,63 @@ static int api_acl_stats_intf_counters_enable (vat_main_t * vam)
return ret;
}
+static int
+api_acl_plugin_use_hash_lookup_set (vat_main_t *vam)
+{
+ acl_test_main_t *sm = &acl_test_main;
+ unformat_input_t *i = vam->input;
+ vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+ u32 msg_size = sizeof (*mp);
+ int ret;
+
+ vam->result_ready = 0;
+ mp = vl_msg_api_alloc_as_if_client (msg_size);
+ memset (mp, 0, msg_size);
+ mp->_vl_msg_id =
+ ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET + sm->msg_id_base);
+ mp->client_index = vam->my_client_index;
+ mp->enable = 1;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "disable"))
+ mp->enable = 0;
+ else if (unformat (i, "enable"))
+ mp->enable = 1;
+ else
+ break;
+ }
+
+ /* send it... */
+ S (mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+static int
+api_acl_plugin_use_hash_lookup_get (vat_main_t *vam)
+{
+ acl_test_main_t *sm = &acl_test_main;
+ vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+ u32 msg_size = sizeof (*mp);
+ int ret;
+
+ vam->result_ready = 0;
+ mp = vl_msg_api_alloc_as_if_client (msg_size);
+ memset (mp, 0, msg_size);
+ mp->_vl_msg_id =
+ ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET + sm->msg_id_base);
+ mp->client_index = vam->my_client_index;
+
+ /* send it... */
+ S (mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
/*
* Read the series of ACL entries from file in the following format: