Add "+table" flag to ACL's
The +table flag causes all overlapped ACL entries to be compiled as usual, and non-overlapped entries to be emitted as a table of bytes. When testing the ACL the compiled code is run before VPI_acl_table() is used to do a binary search on the table. Even with a binary search, the table is approx 3 times slower than the regular compiled ACLs (ie: only "blindingly fast" as oppposed to "lighting fast"). The advantage of +table is that C-compilers literally take no time, no matter the size of the ACL, where they will take seconds or even minutes compiling large ACLs as code.
Showing
Please register or sign in to comment