From 58cfaf2659a4daca9bc8933f1ce135ba619557da Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Mon, 7 Sep 2020 22:09:35 +0100
Subject: [PATCH] make acl lookup 450x faster by using sblist

tested with 32K acl rules, generated by

    for x in `seq 128` ; do for y in `seq 255` ; do \
    echo "Deny 10.$x.$y.0/24" ; done ; done

after loading the config (which is dogslow too), tinyproxy
required 9.5 seconds for the acl check on every request.
after switching the list implementation to sblist, a request
with the full acl check now takes only 0.025 seconds.
the time spent for loading the config file is identical for both
list implementations, roughly 30 seconds.

(in a previous test, 65K acl rules were generated, but every
connection required almost 2 minutes to crunch through the list...)
---
 src/acl.c | 18 +++++++++---------
 src/acl.h |  4 ++--
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/acl.c b/src/acl.c
index 9e905d7..75216c3 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -28,7 +28,7 @@
 #include "log.h"
 #include "network.h"
 #include "sock.h"
-#include "vector.h"
+#include "sblist.h"
 
 #include <limits.h>
 
@@ -114,7 +114,7 @@ fill_netmask_array (char *bitmask_string, int v6,
 static int init_access_list(acl_list_t *access_list)
 {
         if (!*access_list) {
-                *access_list = vector_create ();
+                *access_list = sblist_new(sizeof(struct acl_s), 16);
                 if (!*access_list) {
                         log_message (LOG_ERR,
                                      "Unable to allocate memory for access list");
@@ -207,8 +207,8 @@ insert_acl (char *location, acl_access_t access_type, acl_list_t *access_list)
                 }
         }
 
-        ret = vector_append (*access_list, &acl, sizeof (struct acl_s));
-        return ret;
+        if(!sblist_add(*access_list, &acl)) return -1;
+        return 0;
 }
 
 /*
@@ -353,8 +353,8 @@ int check_acl (const char *ip, union sockaddr_union *addr, acl_list_t access_lis
 
         is_numeric_addr = (full_inet_pton (ip, &numeric_addr) > 0);
 
-        for (i = 0; i != (size_t) vector_length (access_list); ++i) {
-                acl = (struct acl_s *) vector_getentry (access_list, i, NULL);
+        for (i = 0; i < sblist_getsize (access_list); ++i) {
+                acl = sblist_get (access_list, i);
                 switch (acl->type) {
                 case ACL_STRING:
                         perm = acl_string_processing (acl, ip, addr, string_addr);
@@ -402,12 +402,12 @@ void flush_access_list (acl_list_t access_list)
          * before we can free the acl entries themselves.
          * A hierarchical memory system would be great...
          */
-        for (i = 0; i != (size_t) vector_length (access_list); ++i) {
-                acl = (struct acl_s *) vector_getentry (access_list, i, NULL);
+        for (i = 0; i < sblist_getsize (access_list); ++i) {
+                acl = sblist_get (access_list, i);
                 if (acl->type == ACL_STRING) {
                         safefree (acl->address.string);
                 }
         }
 
-        vector_delete (access_list);
+        sblist_free (access_list);
 }
diff --git a/src/acl.h b/src/acl.h
index 495a4b3..867e6f0 100644
--- a/src/acl.h
+++ b/src/acl.h
@@ -21,11 +21,11 @@
 #ifndef TINYPROXY_ACL_H
 #define TINYPROXY_ACL_H
 
-#include "vector.h"
+#include "sblist.h"
 #include "sock.h"
 
 typedef enum { ACL_ALLOW, ACL_DENY } acl_access_t;
-typedef vector_t acl_list_t;
+typedef sblist* acl_list_t;
 
 extern int insert_acl (char *location, acl_access_t access_type,
                        acl_list_t *access_list);