acl: add API call for setting the toggle to select between linear and bihash-based lookups

In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup
may be more efficient than the hash-based lookup. Expose the API to allow the control plane
to choose what lookup algorithm to use.

Type: improvement
Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

3 files changed, 148 insertions, 1 deletions

diff --git a/src/plugins/acl/acl.api b/src/plugins/acl/acl.api
index a4706c3e529..404b512abed 100644
--- a/src/plugins/acl/acl.api
+++ b/src/plugins/acl/acl.api
@@ -19,7 +19,7 @@
     used to control the ACL plugin
 */
 
-option version = "2.0.0";
+option version = "2.0.1";
 
 import "plugins/acl/acl_types.api";
 import "vnet/interface_types.api";
@@ -497,3 +497,43 @@ autoreply define acl_stats_intf_counters_enable
   bool enable;
   option vat_help = "[disable]";
 };
+
+/** \brief Enable hash-based ACL lookups (default) or disable them (use linear search)
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+    @param enable - whether to enable or disable the usage of hash lookup algorithm
+*/
+
+autoreply define acl_plugin_use_hash_lookup_set
+{
+  option status="in_progress";
+  u32 client_index;
+  u32 context;
+  bool enable;
+};
+
+/** \brief Get if the hash-based ACL lookups are enabled (default) or not (use linear search)
+    @param client_index - opaque cookie to identify the sender
+    @param context - sender context, to match reply w/ request
+*/
+
+
+define acl_plugin_use_hash_lookup_get
+{
+  option status="in_progress";
+  u32 client_index;
+  u32 context;
+};
+
+
+/** \brief Reply with the previous state of the hash lookup
+    @param context - returned sender context, to match reply w/ request
+    @param prev_enable - previous state of the hash lookup use
+*/
+
+define acl_plugin_use_hash_lookup_get_reply
+{
+  option status="in_progress";
+  u32 context;
+  bool enable;
+};
diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index e8b5877ab21..24536eb84b7 100644
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -2451,6 +2451,45 @@ static void
 }
 
 static void
+vl_api_acl_plugin_use_hash_lookup_set_t_handler (
+  vl_api_acl_plugin_use_hash_lookup_set_t *mp)
+{
+  acl_main_t *am = &acl_main;
+  vl_api_acl_plugin_use_hash_lookup_set_reply_t *rmp;
+  vl_api_registration_t *reg;
+  int rv = 0;
+
+  reg = vl_api_client_index_to_registration (mp->client_index);
+  if (!reg)
+    return;
+
+  am->use_hash_acl_matching = mp->enable;
+  REPLY_MACRO (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET_REPLY);
+}
+
+static void
+vl_api_acl_plugin_use_hash_lookup_get_t_handler (
+  vl_api_acl_plugin_use_hash_lookup_get_t *mp)
+{
+  acl_main_t *am = &acl_main;
+  vl_api_acl_plugin_use_hash_lookup_get_reply_t *rmp;
+  int msg_size = sizeof (*rmp);
+  vl_api_registration_t *reg;
+
+  reg = vl_api_client_index_to_registration (mp->client_index);
+  if (!reg)
+    return;
+
+  rmp = vl_msg_api_alloc (msg_size);
+  clib_memset (rmp, 0, msg_size);
+  rmp->_vl_msg_id =
+    ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET_REPLY + am->msg_id_base);
+  rmp->context = mp->context;
+  rmp->enable = am->use_hash_acl_matching;
+  vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+static void
 acl_set_timeout_sec (int timeout_type, u32 value)
 {
   acl_main_t *am = &acl_main;
@@ -3432,6 +3471,8 @@ acl_show_aclplugin_tables_fn (vlib_main_t * vm,
     }
   vlib_cli_output (vm, "Stats counters enabled for interface ACLs: %d",
 		   acl_main.interface_acl_counters_enabled);
+  vlib_cli_output (vm, "Use hash-based lookup for ACLs: %d",
+		   acl_main.use_hash_acl_matching);
   if (show_mask_type)
     acl_plugin_show_tables_mask_type ();
   if (show_acl_hash_info)
diff --git a/src/plugins/acl/acl_test.c b/src/plugins/acl/acl_test.c
index 79058cdc268..44abf30923d 100644
--- a/src/plugins/acl/acl_test.c
+++ b/src/plugins/acl/acl_test.c
@@ -99,6 +99,15 @@ static void vl_api_acl_plugin_get_version_reply_t_handler
         vam->result_ready = 1;
     }
 
+    static void
+    vl_api_acl_plugin_use_hash_lookup_get_reply_t_handler (
+      vl_api_acl_plugin_use_hash_lookup_get_reply_t *mp)
+    {
+      vat_main_t *vam = acl_test_main.vat_main;
+      clib_warning ("ACL hash lookups enabled: %d", mp->enable);
+      vam->result_ready = 1;
+    }
+
 static void vl_api_acl_interface_list_details_t_handler
     (vl_api_acl_interface_list_details_t * mp)
     {
@@ -551,6 +560,63 @@ static int api_acl_stats_intf_counters_enable (vat_main_t * vam)
     return ret;
 }
 
+static int
+api_acl_plugin_use_hash_lookup_set (vat_main_t *vam)
+{
+  acl_test_main_t *sm = &acl_test_main;
+  unformat_input_t *i = vam->input;
+  vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+  u32 msg_size = sizeof (*mp);
+  int ret;
+
+  vam->result_ready = 0;
+  mp = vl_msg_api_alloc_as_if_client (msg_size);
+  memset (mp, 0, msg_size);
+  mp->_vl_msg_id =
+    ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_SET + sm->msg_id_base);
+  mp->client_index = vam->my_client_index;
+  mp->enable = 1;
+
+  while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (i, "disable"))
+	mp->enable = 0;
+      else if (unformat (i, "enable"))
+	mp->enable = 1;
+      else
+	break;
+    }
+
+  /* send it... */
+  S (mp);
+
+  /* Wait for a reply... */
+  W (ret);
+  return ret;
+}
+
+static int
+api_acl_plugin_use_hash_lookup_get (vat_main_t *vam)
+{
+  acl_test_main_t *sm = &acl_test_main;
+  vl_api_acl_plugin_use_hash_lookup_set_t *mp;
+  u32 msg_size = sizeof (*mp);
+  int ret;
+
+  vam->result_ready = 0;
+  mp = vl_msg_api_alloc_as_if_client (msg_size);
+  memset (mp, 0, msg_size);
+  mp->_vl_msg_id =
+    ntohs (VL_API_ACL_PLUGIN_USE_HASH_LOOKUP_GET + sm->msg_id_base);
+  mp->client_index = vam->my_client_index;
+
+  /* send it... */
+  S (mp);
+
+  /* Wait for a reply... */
+  W (ret);
+  return ret;
+}
 
 /*
  * Read the series of ACL entries from file in the following format: