2021-11-26 16:53 (UTC+0300), Дмитрий Степанов:
> Hi!
> I have a big number of IPv4 5-tuple rules, every rule corresponds to some
> action. I need to find all matched rules and perform all tied actions.

I rather meant the subject field,
like splitting the flows or access control is a typical application of ACL.
I'm asking partially out of curiosity,
but also because there may be a better solution then DPDK ACL.

> The search time greatly affects overall system performance, so I can't just
> scan all rules. ACL is based on multi-bit tries and provides great
> performance, so I'm looking for nearly the same performance with the
> ability to find all matches within a single request.

Some regex libraries, Hyperscan or DPDK regexdev in particular,
take a database of rules, compile it to an efficient form
(Hyperscan generates vector instructions, regexdev may use HW acceleration),
and then allow to match input to the entire database in a single request,
yielding every match for every expression.

From my experience, performance is decent,
but of course it depends on the number or rules and their complexity.
How many rules do you have?
How many rules are expected to match (avg/max)?
How often do you need to insert/delete/update rules?