lib: add bf_hashset

.clang-format

@@ -59,7 +59,7 @@ EmptyLineAfterAccessModifier: Never
 EmptyLineBeforeAccessModifier: Always
 ExperimentalAutoDetectBinPacking: false
 FixNamespaceComments: true
-ForEachMacros: ['bf_list_foreach', 'bf_list_foreach_rev', 'bf_rpack_array_foreach']
+ForEachMacros: ['bf_hashset_foreach', 'bf_list_foreach', 'bf_list_foreach_rev', 'bf_rpack_array_foreach', 'bf_set_foreach', 'bf_vector_foreach']
 IncludeBlocks: Regroup
 IncludeCategories:
   # net/if.h needs to be included BEFORE linux/if.h to avoid conflicts

.github/workflows/ci.yaml

@@ -94,24 +94,25 @@ jobs:
         host:
           - { name: 8-core-ubuntu, arch: x64 }
           - { name: 4-core-ubuntu-arm, arch: arm64 }
+        use_hashset: [ 0, 1 ]
     runs-on: [ "${{ matrix.host.name }}" ]
     container:
       image: ghcr.io/facebook/bpfilter:fedora-43-${{ matrix.host.arch }}
       options: --privileged
-    name: "Test: ${{ matrix.host.arch }}"
+    name: "Test: ${{ matrix.host.arch }}${{ matrix.use_hashset == 1 && ' (hashset)' || '' }}"
     steps:
       - name: Checkout bpfilter
         uses: actions/checkout@v2
       - name: Restore the cached test results
         uses: actions/cache@v4
-        if: matrix.host.arch == 'x64'
+        if: matrix.host.arch == 'x64' && matrix.use_hashset == 0
         with:
           path: build/coverage
           key: tests-results-${{ github.run_id }}
       - name: Mount bpffs
         run: mount bpffs /sys/fs/bpf -t bpf
       - name: Configure the build
-        run: cmake -S $GITHUB_WORKSPACE -B $GITHUB_WORKSPACE/build -DWITH_COVERAGE=1
+        run: cmake -S $GITHUB_WORKSPACE -B $GITHUB_WORKSPACE/build -DWITH_COVERAGE=1 -DUSE_HASHSET=${{ matrix.use_hashset }}
       - name: Build tests
         run: make -C $GITHUB_WORKSPACE/build -j `nproc` test_bin
 
@@ -125,7 +126,7 @@ jobs:
         run: ctest --test-dir $GITHUB_WORKSPACE/build -L fuzzing --verbose
       - name: Upload fuzzer findings
         uses: actions/upload-artifact@v4
-        if: always()
+        if: always() && matrix.use_hashset == 0
         with:
           name: fuzzer-findings-${{ matrix.host.arch }}
           path: ${{ github.workspace }}/build/findings
@@ -136,6 +137,7 @@ jobs:
       - name: Run checks
         run: ctest --test-dir $GITHUB_WORKSPACE/build -L check --verbose
       - name: Generate the coverage report
+        if: matrix.use_hashset == 0
         run: make -C $GITHUB_WORKSPACE/build coverage
 
   benchmark:

CMakeLists.txt

@@ -34,6 +34,7 @@ option(NO_TESTS "Disable unit, end-to-end, and integration tests" 0)
 option(NO_CHECKS "Disable the check target (clang-tidy and clang-format" 0)
 option(NO_BENCHMARKS "Disable the benchmark" 0)
 option(WITH_COVERAGE "Build with code coverage support. Disabled by default" 0)
+option(USE_HASHSET "Use bf_hashset instead of bf_set for set implementation. Disabled by default" 0)
 
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 

src/bfcli/print.c

@@ -148,31 +148,31 @@ void bfc_chain_dump(struct bf_chain *chain, struct bf_hookopts *hookopts,
     bf_list_foreach (&chain->sets, set_node) {
         struct bf_set *set = bf_list_node_get_data(set_node);
 
-        if (!set->name)
+        if (!bf_set_get_name(set))
             continue;
 
-        (void)fprintf(stdout, "    set %s (", set->name);
-        for (size_t i = 0; i < set->n_comps; ++i) {
-            (void)fprintf(stdout, "%s", bf_matcher_type_to_str(set->key[i]));
+        (void)fprintf(stdout, "    set %s (", bf_set_get_name(set));
+        for (size_t i = 0; i < bf_set_get_n_comps(set); ++i) {
+            (void)fprintf(stdout, "%s",
+                          bf_matcher_type_to_str(bf_set_get_key_comp(set, i)));
 
-            if (i != set->n_comps - 1)
+            if (i != bf_set_get_n_comps(set) - 1)
                 (void)fprintf(stdout, ", ");
         }
         (void)fprintf(stdout, ") in {\n");
 
-        bf_list_foreach (&set->elems, elem_node) {
+        bf_set_foreach (set, payload) {
             uint32_t payload_idx = 0;
-            void *payload = bf_list_node_get_data(elem_node);
 
             (void)fprintf(stdout, "        ");
-            for (size_t i = 0; i < set->n_comps; ++i) {
+            for (size_t i = 0; i < bf_set_get_n_comps(set); ++i) {
                 const struct bf_matcher_meta *meta =
-                    bf_matcher_get_meta(set->key[i]);
+                    bf_matcher_get_meta(bf_set_get_key_comp(set, i));
 
                 meta->ops[BF_MATCHER_IN].print(payload + payload_idx);
                 payload_idx += meta->ops[BF_MATCHER_IN].ref_payload_size;
 
-                if (i != set->n_comps - 1)
+                if (i != bf_set_get_n_comps(set) - 1)
                     (void)fprintf(stdout, ", ");
             }
             (void)fprintf(stdout, "\n");
@@ -196,34 +196,35 @@ void bfc_chain_dump(struct bf_chain *chain, struct bf_hookopts *hookopts,
                     bf_chain_get_set_for_matcher(chain, matcher);
 
                 (void)fprintf(stdout, "        (");
-                for (size_t i = 0; i < set->n_comps; ++i) {
-                    (void)fprintf(stdout, "%s",
-                                  bf_matcher_type_to_str(set->key[i]));
+                for (size_t i = 0; i < bf_set_get_n_comps(set); ++i) {
+                    (void)fprintf(
+                        stdout, "%s",
+                        bf_matcher_type_to_str(bf_set_get_key_comp(set, i)));
 
-                    if (i != set->n_comps - 1)
+                    if (i != bf_set_get_n_comps(set) - 1)
                         (void)fprintf(stdout, ", ");
                 }
 
-                if (set->name) {
-                    (void)fprintf(stdout, ") in %s", set->name);
+                if (bf_set_get_name(set)) {
+                    (void)fprintf(stdout, ") in %s", bf_set_get_name(set));
                 } else {
                     (void)fprintf(stdout, ") in {\n");
 
-                    bf_list_foreach (&set->elems, elem_node) {
+                    bf_set_foreach (set, payload) {
                         uint32_t payload_idx = 0;
-                        void *payload = bf_list_node_get_data(elem_node);
 
                         (void)fprintf(stdout, "            ");
-                        for (size_t i = 0; i < set->n_comps; ++i) {
+                        for (size_t i = 0; i < bf_set_get_n_comps(set); ++i) {
                             const struct bf_matcher_meta *meta =
-                                bf_matcher_get_meta(set->key[i]);
+                                bf_matcher_get_meta(
+                                    bf_set_get_key_comp(set, i));
 
                             meta->ops[BF_MATCHER_IN].print(payload +
                                                            payload_idx);
                             payload_idx +=
                                 meta->ops[BF_MATCHER_IN].ref_payload_size;
 
-                            if (i != set->n_comps - 1)
+                            if (i != bf_set_get_n_comps(set) - 1)
                                 (void)fprintf(stdout, ", ");
                         }
                         (void)fprintf(stdout, "\n");

src/bpfilter/cgen/prog/map.c

@@ -221,7 +221,7 @@ int bf_map_new_from_set(struct bf_map **map, const char *name,
     return _bf_map_new(map, name, BF_MAP_TYPE_SET,
                        set->use_trie ? BF_BPF_MAP_TYPE_LPM_TRIE :
                                        BF_BPF_MAP_TYPE_HASH,
-                       set->elem_size, 1, bf_list_size(&set->elems));
+                       set->elem_size, 1, bf_set_size(set));
 }
 
 int bf_map_new_from_pack(struct bf_map **map, int dir_fd, bf_rpack_node_t node)

src/bpfilter/cgen/program.c

@@ -697,7 +697,7 @@ static int _bf_program_load_sets_maps(struct bf_program *new_prog)
         _free_bf_map_ struct bf_map *map = NULL;
         _cleanup_free_ uint8_t *values = NULL;
         _cleanup_free_ uint8_t *keys = NULL;
-        size_t nelems = bf_list_size(&set->elems);
+        size_t nelems = bf_set_size(set);
         size_t idx = 0;
 
         if (!nelems) {
@@ -721,9 +721,7 @@ static int _bf_program_load_sets_maps(struct bf_program *new_prog)
         if (!keys)
             return bf_err_r(errno, "failed to allocate map keys");
 
-        bf_list_foreach (&set->elems, elem_node) {
-            void *elem = bf_list_node_get_data(elem_node);
-
+        bf_set_foreach (set, elem) {
             memcpy(keys + (idx * set->elem_size), elem, set->elem_size);
             values[idx] = 1;
             ++idx;

src/libbpfilter/CMakeLists.txt

@@ -15,6 +15,7 @@ set(libbpfilter_srcs
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/dump.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/dynbuf.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/flavor.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/hashset.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/helper.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/hook.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/if.h
@@ -29,6 +30,7 @@ set(libbpfilter_srcs
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/rule.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/runtime.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/set.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/vector.h
     ${CMAKE_CURRENT_SOURCE_DIR}/include/bpfilter/verdict.h
 
     # Private sources and headers
@@ -40,6 +42,7 @@ set(libbpfilter_srcs
     ${CMAKE_CURRENT_SOURCE_DIR}/dump.c
     ${CMAKE_CURRENT_SOURCE_DIR}/dynbuf.c
     ${CMAKE_CURRENT_SOURCE_DIR}/flavor.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/hashset.c
     ${CMAKE_CURRENT_SOURCE_DIR}/helper.c
     ${CMAKE_CURRENT_SOURCE_DIR}/hook.c
     ${CMAKE_CURRENT_SOURCE_DIR}/if.c
@@ -52,7 +55,7 @@ set(libbpfilter_srcs
     ${CMAKE_CURRENT_SOURCE_DIR}/request.c
     ${CMAKE_CURRENT_SOURCE_DIR}/response.c
     ${CMAKE_CURRENT_SOURCE_DIR}/rule.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/set.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/vector.c
     ${CMAKE_CURRENT_SOURCE_DIR}/verdict.c
     ${CMAKE_CURRENT_SOURCE_DIR}/version.c
 
@@ -61,6 +64,15 @@ set(libbpfilter_srcs
     ${CMAKE_SOURCE_DIR}/src/external/mpack.c
 )
 
+if (NOT USE_HASHSET)
+    list(APPEND libbpfilter_srcs ${CMAKE_CURRENT_SOURCE_DIR}/set.c)
+endif ()
+
+set(BF_PC_EXTRA_CFLAGS "")
+if (USE_HASHSET)
+    string(APPEND BF_PC_EXTRA_CFLAGS " -DBF_USE_HASHSET")
+endif ()
+
 configure_file(
     ${CMAKE_CURRENT_SOURCE_DIR}/bpfilter.pc.in
     ${CMAKE_BINARY_DIR}/output/lib/pkgconfig/bpfilter.pc
@@ -82,6 +94,8 @@ target_compile_definitions(libbpfilter
     PRIVATE
         # MPack should use the C standard library API
         MPACK_STDLIB
+    PUBLIC
+        $<$<BOOL:${USE_HASHSET}>:BF_USE_HASHSET>
 )
 
 target_include_directories(libbpfilter

src/libbpfilter/bpfilter.pc.in

@@ -6,5 +6,5 @@ Name: bpfilter
 Description: BPF-based packet filtering framework
 URL: https://github.com/facebook/bpfilter
 Version: @PROJECT_VERSION@@PROJECT_VERSION_SUFFIX@
-Cflags: -I${includedir}
+Cflags: -I${includedir}@BF_PC_EXTRA_CFLAGS@
 Libs: -L${libdir} -lbpfilter