config: add a PortSet type (#1106)

hawkw · web-flow · commit 634a5fde1220 · 2021-06-17T15:13:06.000-07:00
This branch adds a `PortSet` type that's a simple wrapper around
`std::collections::HashSet` but specialized for storing ports (`u16`
values). The `PortSet` type overrides the default hasher so that we
don't have to actually hash ports, and just use their numeric value.
diff --git a/Cargo.lock b/Cargo.lock
@@ -705,6 +705,7 @@ dependencies = [
  "linkerd-tracing",
  "linkerd-transport-header",
  "pin-project",
+ "quickcheck",
  "regex",
  "serde_json",
  "thiserror",
diff --git a/linkerd/app/core/Cargo.toml b/linkerd/app/core/Cargo.toml
@@ -82,3 +82,6 @@ features = [
 
 [target.'cfg(target_os = "linux")'.dependencies]
 linkerd-system = { path = "../../system" }
+
+[dev-dependencies]
+quickcheck = { version = "1", default-features = false }
diff --git a/linkerd/app/core/src/config.rs b/linkerd/app/core/src/config.rs
@@ -4,7 +4,11 @@ use crate::{
     svc::Param,
     transport::{Keepalive, ListenAddr},
 };
-use std::time::Duration;
+use std::{
+    collections::HashSet,
+    hash::{BuildHasherDefault, Hasher},
+    time::Duration,
+};
 
 #[derive(Clone, Debug)]
 pub struct ServerConfig {
@@ -33,6 +37,19 @@ pub struct ProxyConfig {
     pub detect_protocol_timeout: Duration,
 }
 
+/// A `HashSet` specialized for ports.
+///
+/// Because ports are `u16` values, this type avoids the overhead of actually
+/// hashing ports.
+pub type PortSet = HashSet<u16, BuildHasherDefault<PortHasher>>;
+
+/// A hasher for ports.
+///
+/// Because ports are single `u16` values, we don't have to hash them; we can just use
+/// the integer values as hashes directly.
+#[derive(Default)]
+pub struct PortHasher(u16);
+
 // === impl ServerConfig ===
 
 impl Param<ListenAddr> for ServerConfig {
@@ -46,3 +63,43 @@ impl Param<Keepalive> for ServerConfig {
         self.keepalive
     }
 }
+
+// === impl PortHasher ===
+
+impl Hasher for PortHasher {
+    fn write(&mut self, _: &[u8]) {
+        unreachable!("hashing a `u16` calls `write_u16`");
+    }
+
+    #[inline]
+    fn write_u16(&mut self, port: u16) {
+        self.0 = port;
+    }
+
+    #[inline]
+    fn finish(&self) -> u64 {
+        self.0 as u64
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use quickcheck::*;
+
+    quickcheck! {
+        fn portset_contains_all_ports(ports: Vec<u16>) -> bool {
+            // Make a port set containing the generated port numbers.
+            let portset = ports.iter().cloned().collect::<PortSet>();
+            for port in ports {
+                // If the port set doesn't contain one of the ports it was
+                // created with, that's bad news!
+                if !portset.contains(&port) {
+                    return false;
+                }
+            }
+
+            true
+        }
+    }
+}
diff --git a/linkerd/app/inbound/src/lib.rs b/linkerd/app/inbound/src/lib.rs
@@ -23,22 +23,22 @@ use self::{
     target::{HttpAccept, TcpAccept},
 };
 use linkerd_app_core::{
-    config::{ConnectConfig, ProxyConfig, ServerConfig},
+    config::{ConnectConfig, PortSet, ProxyConfig, ServerConfig},
     detect, drain, io, metrics, profiles,
     proxy::tcp,
     serve, svc, tls,
     transport::{self, listen::Bind, ClientAddr, Local, OrigDstAddr, Remote, ServerAddr},
     Error, NameMatch, Never, ProxyRuntime,
 };
-use std::{collections::HashSet, convert::TryFrom, fmt::Debug, future::Future, time::Duration};
+use std::{convert::TryFrom, fmt::Debug, future::Future, time::Duration};
 use tracing::{debug_span, info_span};
 
 #[derive(Clone, Debug)]
 pub struct Config {
     pub allow_discovery: NameMatch,
     pub proxy: ProxyConfig,
     pub require_identity_for_inbound_ports: RequireIdentityForPorts,
-    pub disable_protocol_detection_for_ports: HashSet<u16>,
+    pub disable_protocol_detection_for_ports: PortSet,
     pub profile_idle_timeout: Duration,
 }
 
diff --git a/linkerd/app/inbound/src/require_identity.rs b/linkerd/app/inbound/src/require_identity.rs
@@ -1,13 +1,13 @@
 use crate::target::TcpAccept;
-use linkerd_app_core::{svc::stack::Predicate, tls, Conditional, Error};
-use std::{collections::HashSet, sync::Arc};
+use linkerd_app_core::{config::PortSet, svc::stack::Predicate, tls, Conditional, Error};
+use std::sync::Arc;
 use thiserror::Error;
 
 /// A connection policy that fails connections that don't have a client identity
 /// if they target one of the configured local ports.
 #[derive(Clone, Debug)]
 pub struct RequireIdentityForPorts {
-    ports: Arc<HashSet<u16>>,
+    ports: Arc<PortSet>,
 }
 
 #[derive(Debug, Error)]
