[master] 596c0a4d2 Keep acl-entries in a VRBT instead of a VTAILQ.
Poul-Henning Kamp
phk at FreeBSD.org
Wed Mar 24 10:27:04 UTC 2021
commit 596c0a4d26ab347125c823a89ca86250d4e22c6c
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Wed Mar 24 10:26:08 2021 +0000
Keep acl-entries in a VRBT instead of a VTAILQ.
diff --git a/lib/libvcc/vcc_acl.c b/lib/libvcc/vcc_acl.c
index d3f7efbfc..46d6d2769 100644
--- a/lib/libvcc/vcc_acl.c
+++ b/lib/libvcc/vcc_acl.c
@@ -46,7 +46,7 @@
#define ACL_MAXADDR (sizeof(struct in6_addr) + 1)
struct acl_e {
- VTAILQ_ENTRY(acl_e) list;
+ VRBT_ENTRY(acl_e) branch;
unsigned char data[ACL_MAXADDR];
unsigned mask;
unsigned not;
@@ -94,6 +94,12 @@ vcl_acl_cmp(const struct acl_e *ae1, const struct acl_e *ae2)
return (0);
}
+VRBT_GENERATE_INSERT_COLOR(acl_tree, acl_e, branch, static)
+VRBT_GENERATE_FIND(acl_tree, acl_e, branch, vcl_acl_cmp, static)
+VRBT_GENERATE_INSERT(acl_tree, acl_e, branch, vcl_acl_cmp, static)
+VRBT_GENERATE_MINMAX(acl_tree, acl_e, branch, static)
+VRBT_GENERATE_NEXT(acl_tree, acl_e, branch, static)
+
static char *
vcc_acl_chk(struct vcc *tl, const struct acl_e *ae, const int l,
unsigned char *p, int fam)
@@ -154,7 +160,6 @@ vcc_acl_add_entry(struct vcc *tl, const struct acl_e *ae, int l,
unsigned char *u, int fam)
{
struct acl_e *ae2, *aen;
- int i;
if (fam == PF_INET && ae->mask > 32) {
VSB_printf(tl->sb,
@@ -187,40 +192,18 @@ vcc_acl_add_entry(struct vcc *tl, const struct acl_e *ae, int l,
assert(l + 1UL <= sizeof aen->data);
memcpy(aen->data + 1L, u, l);
- VTAILQ_FOREACH(ae2, &tl->acl, list) {
- i = vcl_acl_cmp(aen, ae2);
- if (i == 0) {
- /*
- * If the two rules agree, silently ignore it
- * XXX: is that counter intuitive ?
- */
- if (aen->not == ae2->not) {
- free(aen);
- return;
- }
+ ae2 = VRBT_FIND(acl_tree, &tl->acl_tree, aen);
+ if (ae2 != NULL) {
+ if (ae2->not != aen->not) {
VSB_cat(tl->sb, "Conflicting ACL entries:\n");
vcc_ErrWhere(tl, ae2->t_addr);
VSB_cat(tl->sb, "vs:\n");
vcc_ErrWhere(tl, aen->t_addr);
- free(aen);
- return;
- }
- /*
- * We could eliminate pointless rules here, for instance in:
- * "10.1.0.1";
- * "10.1";
- * The first rule is clearly pointless, as the second one
- * covers it.
- *
- * We do not do this however, because the shmlog may
- * be used to gather statistics.
- */
- if (i < 0) {
- VTAILQ_INSERT_BEFORE(ae2, aen, list);
- return;
}
+ free(aen);
+ return;
}
- VTAILQ_INSERT_TAIL(&tl->acl, aen, list);
+ VRBT_INSERT(acl_tree, &tl->acl_tree, aen);
}
static void
@@ -483,7 +466,7 @@ vcc_acl_emit(struct vcc *tl, const char *name, const char *rname)
}
depth = -1;
at[0] = 256;
- VTAILQ_FOREACH(ae, &tl->acl, list) {
+ VRBT_FOREACH(ae, acl_tree, &tl->acl_tree) {
/* Find how much common prefix we have */
for (l = 0; l <= depth && l * 8 < (int)ae->mask - 7; l++) {
@@ -561,7 +544,7 @@ vcc_ParseAcl(struct vcc *tl)
struct symbol *sym;
vcc_NextToken(tl);
- VTAILQ_INIT(&tl->acl);
+ VRBT_INIT(&tl->acl_tree);
vcc_ExpectVid(tl, "ACL");
ERRCHK(tl);
diff --git a/lib/libvcc/vcc_compile.h b/lib/libvcc/vcc_compile.h
index 5ed4737bc..b52c53216 100644
--- a/lib/libvcc/vcc_compile.h
+++ b/lib/libvcc/vcc_compile.h
@@ -39,6 +39,7 @@
#include "vrt.h"
#include "vcl.h"
#include "vqueue.h"
+#include "vtree.h"
#include "vsb.h"
#include "vcc_token_defs.h"
@@ -233,6 +234,8 @@ struct inifin {
VTAILQ_HEAD(inifinhead, inifin);
+VRBT_HEAD(acl_tree, acl_e);
+
struct vcc {
unsigned magic;
#define VCC_MAGIC 0x24ad719d
@@ -271,7 +274,7 @@ struct vcc {
struct proc *curproc;
VTAILQ_HEAD(, proc) procs;
- VTAILQ_HEAD(, acl_e) acl;
+ struct acl_tree acl_tree;
int nprobe;
More information about the varnish-commit
mailing list