perf: Replace internal SHA256 hashing with xxhash for 4-6x performance improvement (#676)

* perf(internal): Use FastHash for internal hashing docs: Add xxhash performance improvement to changelog entry feat(hash): Add fast non-cryptographic hash function Signed-off-by: Jason Cameron <git@jasoncameron.dev> * test(hash): add xxhash benchmarks and collision tests Signed-off-by: Jason Cameron <git@jasoncameron.dev> * Update metadata check-spelling run (pull_request) for json/hash Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com> on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev> --------- Signed-off-by: Jason Cameron <git@jasoncameron.dev> Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
2025-06-16 22:53:53 -04:00 · 2025-06-16 22:53:53 -04:00 · e2b46fc5e7
commit e2b46fc5e7
parent 3437e575d4
11 changed files with 291 additions and 16 deletions
--- a/lib/policy/bot.go
+++ b/lib/policy/bot.go
@ -17,5 +17,5 @@ type Bot struct {
 }

 func (b Bot) Hash() string {
-	return internal.SHA256sum(fmt.Sprintf("%s::%s", b.Name, b.Rules.Hash()))
+	return internal.FastHash(fmt.Sprintf("%s::%s", b.Name, b.Rules.Hash()))
 }
--- a/lib/policy/celchecker.go
+++ b/lib/policy/celchecker.go
@ -63,7 +63,7 @@ func NewCELChecker(cfg *config.ExpressionOrList) (*CELChecker, error) {
 }

 func (cc *CELChecker) Hash() string {
-	return internal.SHA256sum(cc.src)
+	return internal.FastHash(cc.src)
 }

 func (cc *CELChecker) Check(r *http.Request) (bool, error) {
--- a/lib/policy/checker.go
+++ b/lib/policy/checker.go
@ -28,7 +28,7 @@ func (staticHashChecker) Check(r *http.Request) (bool, error) {
 func (s staticHashChecker) Hash() string { return s.hash }

 func NewStaticHashChecker(hashable string) checker.Impl {
-	return staticHashChecker{hash: internal.SHA256sum(hashable)}
+	return staticHashChecker{hash: internal.FastHash(hashable)}
 }

 type RemoteAddrChecker struct {
@ -55,7 +55,7 @@ func NewRemoteAddrChecker(cidrs []string) (checker.Impl, error) {

 	return &RemoteAddrChecker{
 		ranger: ranger,
-		hash:   internal.SHA256sum(sb.String()),
+		hash:   internal.FastHash(sb.String()),
 	}, nil
 }

@ -101,7 +101,7 @@ func NewHeaderMatchesChecker(header, rexStr string) (checker.Impl, error) {
 	if err != nil {
 		return nil, fmt.Errorf("%w: regex %s failed parse: %w", ErrMisconfiguration, rexStr, err)
 	}
-	return &HeaderMatchesChecker{strings.TrimSpace(header), rex, internal.SHA256sum(header + ": " + rexStr)}, nil
+	return &HeaderMatchesChecker{strings.TrimSpace(header), rex, internal.FastHash(header + ": " + rexStr)}, nil
 }

 func (hmc *HeaderMatchesChecker) Check(r *http.Request) (bool, error) {
@ -126,7 +126,7 @@ func NewPathChecker(rexStr string) (checker.Impl, error) {
 	if err != nil {
 		return nil, fmt.Errorf("%w: regex %s failed parse: %w", ErrMisconfiguration, rexStr, err)
 	}
-	return &PathChecker{rex, internal.SHA256sum(rexStr)}, nil
+	return &PathChecker{rex, internal.FastHash(rexStr)}, nil
 }

 func (pc *PathChecker) Check(r *http.Request) (bool, error) {
@ -158,7 +158,7 @@ func (hec headerExistsChecker) Check(r *http.Request) (bool, error) {
 }

 func (hec headerExistsChecker) Hash() string {
-	return internal.SHA256sum(hec.header)
+	return internal.FastHash(hec.header)
 }

 func NewHeadersChecker(headermap map[string]string) (checker.Impl, error) {
@ -177,7 +177,7 @@ func NewHeadersChecker(headermap map[string]string) (checker.Impl, error) {
 			continue
 		}

-		result = append(result, &HeaderMatchesChecker{key, rex, internal.SHA256sum(key + ": " + rexStr)})
+		result = append(result, &HeaderMatchesChecker{key, rex, internal.FastHash(key + ": " + rexStr)})
 	}

 	if len(errs) != 0 {
--- a/lib/policy/checker/checker.go
+++ b/lib/policy/checker/checker.go
@ -37,5 +37,5 @@ func (l List) Hash() string {
 		fmt.Fprintln(&sb, c.Hash())
 	}

-	return internal.SHA256sum(sb.String())
+	return internal.FastHash(sb.String())
 }