From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <users-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3C7B5A0548
	for <public@inbox.dpdk.org>; Sun, 28 Nov 2021 13:57:31 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id B361F4276F;
	Sun, 28 Nov 2021 13:57:17 +0100 (CET)
Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com
 [209.85.208.180])
 by mails.dpdk.org (Postfix) with ESMTP id 1108A42752
 for <users@dpdk.org>; Fri, 26 Nov 2021 15:56:39 +0100 (CET)
Received: by mail-lj1-f180.google.com with SMTP id k2so19305210lji.4
 for <users@dpdk.org>; Fri, 26 Nov 2021 06:56:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=zbtMC1kmYjIXPjU3QSoaW9+FFo+y92ent961IuOAtnw=;
 b=KwdEiWMBRDMNFKNo2ypaBUSG/ljZ088My0uJscqeMQypxMrJYA0S9meEOl6eEFGGTz
 qsMGH3a/nyhXBokK3LTCWXp1963JKDZg090rm4cvkBKWEy6t3BGr07B/6DZ4V1idOZIZ
 iMTKGvFuZXzHV2B/v61fCwoNtrFToU4kFapItmaH78g9rkw7TnK0Gl0AW/8TNZ+7Jbso
 gazEVEsMPBt4Qw3ndE7yZDnuOpIHYE8abij0nyaNVlGh3wvvrOHKY7KmD/6MT6H77ezW
 ihMqVfxhNirBv+XEODsuft/2ExHtZ4Og2xthZucCEupQVpekSfJcRw75qbnX6B0ma5zX
 WIaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=zbtMC1kmYjIXPjU3QSoaW9+FFo+y92ent961IuOAtnw=;
 b=WgtKk/TMu/UyWwIv2GJKiDQ4SwYRFQ018wD0VBA2Y+BpmGPd+uzFO1FQlKLIcRvIrq
 bMzpZO4lG2EkUTErMhJI49Hu323LaJV+lewF54IA5vqs8ELtGaAhMZ4MnrCv3xNsvy+G
 T6vk7ySwhUhYejeq0imT3riNHxDPIUvqWcRqEETn9jKdw9nKBllcldNqzXjZRZDAErXV
 pxfL8O6wPvq6VpPjC899TrqmGYb5tBodIEdRk+BJAhxNTT8VaRFJk0r2FpVlcRRLMqq9
 xaFlXArwxr6YMDnMQ86K2q4xIf1+HdxcI6LP5qZ7e3kaVDpmjBdC9e/e0w3//dCjHlyW
 WMkA==
X-Gm-Message-State: AOAM532d2GrCrg+PO2lPXcxoq2Ixx4IvRTQkgL0s/eFZY/VvIjwgveKo
 GMvyluQHZyM63aWi6O9UngG7m8WtBa4GUyHS7+s=
X-Google-Smtp-Source: ABdhPJzSbgbSxcMg1WBQXJVWnX3RHGQhDMGzjLnNLsfC647x2WlSlHDunC5HuH/sAQVVrdHWcp23rs1HFRZZBHdU5kw=
X-Received: by 2002:a2e:9843:: with SMTP id e3mr31092635ljj.358.1637938598600; 
 Fri, 26 Nov 2021 06:56:38 -0800 (PST)
MIME-Version: 1.0
References: <CA+-SuJ1G8zBPWgvVCZd_D5KQeXkMyrUkWjHfPXwFkhy08prU-g@mail.gmail.com>
 <CAOBD2Betu-U9hznd3oA0y-Av7dPp2RsvVOrsWUC5Qiqo7j8Jcg@mail.gmail.com>
 <20211124181958.212f1179@sovereign>
 <CA+-SuJ1HQTHKYeTbTGDVYvdnvo9DMV1DwekKCEAvtiFC8mQbSg@mail.gmail.com>
 <20211126171232.401fefca@sovereign>
In-Reply-To: <20211126171232.401fefca@sovereign>
From: =?UTF-8?B?0JTQvNC40YLRgNC40Lkg0KHRgtC10L/QsNC90L7Qsg==?=
 <stepanov.dmit@gmail.com>
Date: Fri, 26 Nov 2021 17:56:27 +0300
Message-ID: <CA+-SuJ3pYHcsNn_4ZhVDERe8FdWM8Qaia+My+Qx8OEkA90kLuQ@mail.gmail.com>
Subject: Re: Find all matches with DPDK ACL
To: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
Cc: Steffen Weise <stweise.linux@gmail.com>, users@dpdk.org
Content-Type: multipart/alternative; boundary="0000000000005562c805d1b24c22"
X-Mailman-Approved-At: Sun, 28 Nov 2021 13:57:15 +0100
X-BeenThere: users@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK usage discussions <users.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/users>,
 <mailto:users-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/users/>
List-Post: <mailto:users@dpdk.org>
List-Help: <mailto:users-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/users>,
 <mailto:users-request@dpdk.org?subject=subscribe>
Errors-To: users-bounces@dpdk.org

--0000000000005562c805d1b24c22
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I have approx 5K-10K (5 000 - 10 000) rules.
On average I have 10-20 matches (60 max).
I don't need to insert/delete/update rules frequently - you can consider
rules being permanent which are loaded once on startup.

=D0=BF=D1=82, 26 =D0=BD=D0=BE=D1=8F=D0=B1. 2021 =D0=B3. =D0=B2 17:12, Dmitr=
y Kozlyuk <dmitry.kozliuk@gmail.com>:

> 2021-11-26 16:53 (UTC+0300), =D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9 =
=D0=A1=D1=82=D0=B5=D0=BF=D0=B0=D0=BD=D0=BE=D0=B2:
> > Hi!
> > I have a big number of IPv4 5-tuple rules, every rule corresponds to so=
me
> > action. I need to find all matched rules and perform all tied actions.
>
> I rather meant the subject field,
> like splitting the flows or access control is a typical application of AC=
L.
> I'm asking partially out of curiosity,
> but also because there may be a better solution then DPDK ACL.
>
> > The search time greatly affects overall system performance, so I can't
> just
> > scan all rules. ACL is based on multi-bit tries and provides great
> > performance, so I'm looking for nearly the same performance with the
> > ability to find all matches within a single request.
>
> Some regex libraries, Hyperscan or DPDK regexdev in particular,
> take a database of rules, compile it to an efficient form
> (Hyperscan generates vector instructions, regexdev may use HW
> acceleration),
> and then allow to match input to the entire database in a single request,
> yielding every match for every expression.
>
> From my experience, performance is decent,
> but of course it depends on the number or rules and their complexity.
> How many rules do you have?
> How many rules are expected to match (avg/max)?
> How often do you need to insert/delete/update rules?
>

--0000000000005562c805d1b24c22
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I have approx 5K-10K (5 000 - 10 000) rules.=C2=A0<div>On =
average I have 10-20 matches (60 max).=C2=A0</div><div>I don&#39;t need to =
insert/delete/update rules frequently - you can consider rules being perman=
ent which are loaded once on startup.=C2=A0</div></div><br><div class=3D"gm=
ail_quote"><div dir=3D"ltr" class=3D"gmail_attr">=D0=BF=D1=82, 26 =D0=BD=D0=
=BE=D1=8F=D0=B1. 2021 =D0=B3. =D0=B2 17:12, Dmitry Kozlyuk &lt;<a href=3D"m=
ailto:dmitry.kozliuk@gmail.com">dmitry.kozliuk@gmail.com</a>&gt;:<br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">2021-11-26 16:53 (UTC+030=
0), =D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9 =D0=A1=D1=82=D0=B5=D0=BF=D0=
=B0=D0=BD=D0=BE=D0=B2:<br>
&gt; Hi!<br>
&gt; I have a big number of IPv4 5-tuple rules, every rule corresponds to s=
ome<br>
&gt; action. I need to find all matched rules and perform all tied actions.=
<br>
<br>
I rather meant the subject field,<br>
like splitting the flows or access control is a typical application of ACL.=
<br>
I&#39;m asking partially out of curiosity,<br>
but also because there may be a better solution then DPDK ACL.<br>
<br>
&gt; The search time greatly affects overall system performance, so I can&#=
39;t just<br>
&gt; scan all rules. ACL is based on multi-bit tries and provides great<br>
&gt; performance, so I&#39;m looking for nearly the same performance with t=
he<br>
&gt; ability to find all matches within a single request.<br>
<br>
Some regex libraries, Hyperscan or DPDK regexdev in particular,<br>
take a database of rules, compile it to an efficient form<br>
(Hyperscan generates vector instructions, regexdev may use HW acceleration)=
,<br>
and then allow to match input to the entire database in a single request,<b=
r>
yielding every match for every expression.<br>
<br>
>From my experience, performance is decent,<br>
but of course it depends on the number or rules and their complexity.<br>
How many rules do you have?<br>
How many rules are expected to match (avg/max)?<br>
How often do you need to insert/delete/update rules?<br>
</blockquote></div>

--0000000000005562c805d1b24c22--