[dpdk-dev] acl: delete/modify rule support

[Anupam Kapoor]

On Tue, Nov 15, 2016 at 10:40 AM, Nikhil Jagtap <nikhil.jagtap at gmail.com>
wrote:

> Is it possible to build the ACL context over a period of time, one rule
> at a time by calling build post each add operation?
> Something like this :
>     rte_acl_add_rules(ctx, rule1, 1);
>     rte_acl_build(ctx, build_cfg);
>     rte_acl_add_rules(ctx, rule2, 1);
>     rte_acl_build(ctx, build_cfg);
>     rte_acl_add_rules(ctx, rule3, 1);
>     rte_acl_build(ctx, build_cfg);
>
> I tried this, and it seems to be working - but still wanted to confirm.
>
​yes this is fine. but building the querying data-structure is not thread
safe. so more often than not, you are better of having a rule-list, and
then building it all in one fell swoop...
​


>
> 2) I did not find any delete-rule API. I understand from one of the email
> archives (http://dpdk.org/ml/archives/dev/2015-June/018868.html) that it
> is
> not supported. Any specific reason why deletion of rule is not supported?
> Any plan to support it?
> Any alternative way other than destroying the whole context, adding the new
> set of rules and building the rules again?
>
current implementation uses multibit-trie​s. to conserve memory, rules are
split into multiple non-overlapping/non-intersecting rules. i would wager
that implementing deletion would be non-trivial :)

better option might be to add/modify/delete your rule-list, and rebuild,
and then re-use...

​--
kind regards
anupam​


In the beginning was the lambda, and the lambda was with Emacs, and Emacs
was the lambda.