acl-plugin: add startup-config section "acl-plugin" and heap/hash parameters

This adds the ability to tweak the memory allocation parameters of the ACL plugin
from the startup config. It may be useful in the cases involving higher limit
of the connections than the default 1M, or the high number of cores.

Change-Id: I2b6fb3f61126ff3ee998424b762b6aefe8fb1b8e
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

diff --git a/src/plugins/acl/acl.c b/src/plugins/acl/acl.c
index 611efbb..cdfe068 100644 (file)
--- a/src/plugins/acl/acl.c
+++ b/src/plugins/acl/acl.c
@@ -91,7 +91,7 @@ static void *
 acl_set_heap(acl_main_t *am)
 {
   if (0 == am->acl_mheap) {
-    am->acl_mheap = mheap_alloc (0 /* use VM */ , 2 << 29);
+    am->acl_mheap = mheap_alloc (0 /* use VM */ , am->acl_mheap_size);
     mheap_t *h = mheap_header (am->acl_mheap);
     h->flags |= MHEAP_FLAG_THREAD_SAFE;
   }
@@ -2596,7 +2596,47 @@ VLIB_CLI_COMMAND (aclplugin_clear_command, static) = {
 };
 /* *INDENT-ON* */
 
-
+static clib_error_t *
+acl_plugin_config (vlib_main_t * vm, unformat_input_t * input)
+{
+  acl_main_t *am = &acl_main;
+  u32 conn_table_hash_buckets;
+  u32 conn_table_hash_memory_size;
+  u32 conn_table_max_entries;
+  u32 main_heap_size;
+  u32 hash_heap_size;
+  u32 hash_lookup_hash_buckets;
+  u32 hash_lookup_hash_memory;
+
+  while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (input, "connection hash buckets %d", &conn_table_hash_buckets))
+        am->fa_conn_table_hash_num_buckets = conn_table_hash_buckets;
+      else if (unformat (input, "connection hash memory %d",
+                         &conn_table_hash_memory_size))
+        am->fa_conn_table_hash_memory_size = conn_table_hash_memory_size;
+      else if (unformat (input, "connection count max %d",
+                         &conn_table_max_entries))
+        am->fa_conn_table_max_entries = conn_table_max_entries;
+      else if (unformat (input, "main heap size %d",
+                         &main_heap_size))
+        am->acl_mheap_size = main_heap_size;
+      else if (unformat (input, "hash lookup heap size %d",
+                         &hash_heap_size))
+        am->hash_lookup_mheap_size = hash_heap_size;
+      else if (unformat (input, "hash lookup hash buckets %d",
+                         &hash_lookup_hash_buckets))
+        am->hash_lookup_hash_buckets = hash_lookup_hash_buckets;
+      else if (unformat (input, "hash lookup hash memory %d",
+                         &hash_lookup_hash_memory))
+        am->hash_lookup_hash_memory = hash_lookup_hash_memory;
+      else
+        return clib_error_return (0, "unknown input '%U'",
+                                  format_unformat_error, input);
+    }
+  return 0;
+}
+VLIB_CONFIG_FUNCTION (acl_plugin_config, "acl-plugin");
 
 static clib_error_t *
 acl_init (vlib_main_t * vm)
@@ -2622,6 +2662,12 @@ acl_init (vlib_main_t * vm)
 
   acl_setup_fa_nodes();
 
+  am->acl_mheap_size = ACL_FA_DEFAULT_HEAP_SIZE;
+  am->hash_lookup_mheap_size = ACL_PLUGIN_HASH_LOOKUP_HEAP_SIZE;
+
+  am->hash_lookup_hash_buckets = ACL_PLUGIN_HASH_LOOKUP_HASH_BUCKETS;
+  am->hash_lookup_hash_memory = ACL_PLUGIN_HASH_LOOKUP_HASH_MEMORY;
+
   am->session_timeout_sec[ACL_TIMEOUT_TCP_TRANSIENT] = TCP_SESSION_TRANSIENT_TIMEOUT_SEC;
   am->session_timeout_sec[ACL_TIMEOUT_TCP_IDLE] = TCP_SESSION_IDLE_TIMEOUT_SEC;
   am->session_timeout_sec[ACL_TIMEOUT_UDP_IDLE] = UDP_SESSION_IDLE_TIMEOUT_SEC;

diff --git a/src/plugins/acl/acl.h b/src/plugins/acl/acl.h
index 26084a6..bed22e5 100644 (file)
--- a/src/plugins/acl/acl.h
+++ b/src/plugins/acl/acl.h
@@ -37,6 +37,12 @@
 #define TCP_SESSION_IDLE_TIMEOUT_SEC (3600*24)
 #define TCP_SESSION_TRANSIENT_TIMEOUT_SEC 120
 
+#define ACL_FA_DEFAULT_HEAP_SIZE (2 << 29)
+
+#define ACL_PLUGIN_HASH_LOOKUP_HEAP_SIZE (2 << 25)
+#define ACL_PLUGIN_HASH_LOOKUP_HASH_BUCKETS 65536
+#define ACL_PLUGIN_HASH_LOOKUP_HASH_MEMORY (2 << 25)
+
 extern vlib_node_registration_t acl_in_node;
 extern vlib_node_registration_t acl_out_node;
 
@@ -125,6 +131,7 @@ typedef struct
 typedef struct {
   /* mheap to hold all the ACL module related allocations, other than hash */
   void *acl_mheap;
+  u32 acl_mheap_size;
 
   /* API message ID base */
   u16 msg_id_base;
@@ -132,9 +139,12 @@ typedef struct {
   acl_list_t *acls;    /* Pool of ACLs */
   hash_acl_info_t *hash_acl_infos; /* corresponding hash matching housekeeping info */
   clib_bihash_48_8_t acl_lookup_hash; /* ACL lookup hash table. */
+  u32 hash_lookup_hash_buckets;
+  u32 hash_lookup_hash_memory;
 
   /* mheap to hold all the miscellaneous allocations related to hash-based lookups */
   void *hash_lookup_mheap;
+  u32 hash_lookup_mheap_size;
   int acl_lookup_hash_initialized;
   applied_hash_ace_entry_t **input_hash_entry_vec_by_sw_if_index;
   applied_hash_ace_entry_t **output_hash_entry_vec_by_sw_if_index;

diff --git a/src/plugins/acl/hash_lookup.c b/src/plugins/acl/hash_lookup.c
index 13bc6b4..7869027 100644 (file)
--- a/src/plugins/acl/hash_lookup.c
+++ b/src/plugins/acl/hash_lookup.c
@@ -264,7 +264,7 @@ static void *
 hash_acl_set_heap(acl_main_t *am)
 {
   if (0 == am->hash_lookup_mheap) {
-    am->hash_lookup_mheap = mheap_alloc (0 /* use VM */ , 2 << 25);
+    am->hash_lookup_mheap = mheap_alloc (0 /* use VM */ , am->hash_lookup_mheap_size);
     mheap_t *h = mheap_header (am->hash_lookup_mheap);
     h->flags |= MHEAP_FLAG_THREAD_SAFE;
   }
@@ -307,7 +307,7 @@ hash_acl_apply(acl_main_t *am, u32 sw_if_index, u8 is_input, int acl_index)
   DBG0("HASH ACL apply: sw_if_index %d is_input %d acl %d", sw_if_index, is_input, acl_index);
   if (!am->acl_lookup_hash_initialized) {
     BV (clib_bihash_init) (&am->acl_lookup_hash, "ACL plugin rule lookup bihash",
-                           65536, 2 << 25);
+                           am->hash_lookup_hash_buckets, am->hash_lookup_hash_memory);
     am->acl_lookup_hash_initialized = 1;
   }