make acl lookup 450x faster by using sblist

tested with 32K acl rules, generated by for x in `seq 128` ; do for y in `seq 255` ; do \ echo "Deny 10.$x.$y.0/24" ; done ; done after loading the config (which is dogslow too), tinyproxy required 9.5 seconds for the acl check on every request. after switching the list implementation to sblist, a request with the full acl check now takes only 0.025 seconds. the time spent for loading the config file is identical for both list implementations, roughly 30 seconds. (in a previous test, 65K acl rules were generated, but every connection required almost 2 minutes to crunch through the list...)
2020-09-07 22:09:35 +01:00 · 2020-09-07 22:09:35 +01:00 · 58cfaf2659
commit 58cfaf2659
parent ebc7f15ec7
2 changed files with 11 additions and 11 deletions
--- a/src/acl.c
+++ b/src/acl.c
@ -28,7 +28,7 @@
 #include "log.h"
 #include "network.h"
 #include "sock.h"
-#include "vector.h"
+#include "sblist.h"

 #include <limits.h>

@ -114,7 +114,7 @@ fill_netmask_array (char *bitmask_string, int v6,
 static int init_access_list(acl_list_t *access_list)
 {
        if (!*access_list) {
-                *access_list = vector_create ();
+                *access_list = sblist_new(sizeof(struct acl_s), 16);
                if (!*access_list) {
                        log_message (LOG_ERR,
                                     "Unable to allocate memory for access list");
@ -207,8 +207,8 @@ insert_acl (char *location, acl_access_t access_type, acl_list_t *access_list)
                }
        }

-        ret = vector_append (*access_list, &acl, sizeof (struct acl_s));
-        return ret;
+        if(!sblist_add(*access_list, &acl)) return -1;
+        return 0;
 }

 /*
@ -353,8 +353,8 @@ int check_acl (const char *ip, union sockaddr_union *addr, acl_list_t access_lis

        is_numeric_addr = (full_inet_pton (ip, &numeric_addr) > 0);

-        for (i = 0; i != (size_t) vector_length (access_list); ++i) {
-                acl = (struct acl_s *) vector_getentry (access_list, i, NULL);
+        for (i = 0; i < sblist_getsize (access_list); ++i) {
+                acl = sblist_get (access_list, i);
                switch (acl->type) {
                case ACL_STRING:
                        perm = acl_string_processing (acl, ip, addr, string_addr);
@ -402,12 +402,12 @@ void flush_access_list (acl_list_t access_list)
         * before we can free the acl entries themselves.
         * A hierarchical memory system would be great...
         */
-        for (i = 0; i != (size_t) vector_length (access_list); ++i) {
-                acl = (struct acl_s *) vector_getentry (access_list, i, NULL);
+        for (i = 0; i < sblist_getsize (access_list); ++i) {
+                acl = sblist_get (access_list, i);
                if (acl->type == ACL_STRING) {
                        safefree (acl->address.string);
                }
        }

-        vector_delete (access_list);
+        sblist_free (access_list);
 }
--- a/src/acl.h
+++ b/src/acl.h
@ -21,11 +21,11 @@
 #ifndef TINYPROXY_ACL_H
 #define TINYPROXY_ACL_H

-#include "vector.h"
+#include "sblist.h"
 #include "sock.h"

 typedef enum { ACL_ALLOW, ACL_DENY } acl_access_t;
-typedef vector_t acl_list_t;
+typedef sblist* acl_list_t;

 extern int insert_acl (char *location, acl_access_t access_type,
                       acl_list_t *access_list);