public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v2 07/10] tcp, flow: Perform TCP hash calculations based on flowside
Date: Mon, 28 Aug 2023 15:41:43 +1000	[thread overview]
Message-ID: <20230828054146.48673-8-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20230828054146.48673-1-david@gibson.dropbear.id.au>

Currently we match TCP packets received on the tap connection to a TCP
connection via a hash table based on the forwarding address and both
ports.  We hope in future to allow for multiple guest side addresses,
which means we may need to distinguish based on the endpoint address
as well.

Extend the hash function to include this information.  Since this now
exactly matches the contents of the guest flowside, we can base our hash
functions on that, rather than a group of individual parameters.

We also put some of the helpers in flow.h, because we hope to be able to
re-use the hashing logic for other cases in future as well.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 flow.c       |  1 +
 flow.h       | 27 ++++++++++++++++++++++
 siphash.c    |  1 +
 tcp.c        | 65 +++++++++++++---------------------------------------
 tcp_splice.c |  1 +
 5 files changed, 46 insertions(+), 49 deletions(-)

diff --git a/flow.c b/flow.c
index d7264f8..4521a43 100644
--- a/flow.c
+++ b/flow.c
@@ -12,6 +12,7 @@
 #include "util.h"
 #include "passt.h"
 #include "inany.h"
+#include "siphash.h"
 #include "flow.h"
 #include "tcp_conn.h"
 #include "flow_table.h"
diff --git a/flow.h b/flow.h
index 9891fcb..b4f042b 100644
--- a/flow.h
+++ b/flow.h
@@ -63,6 +63,33 @@ static inline bool flowside_complete(const struct flowside *fs)
 
 const char *flowside_fmt(const struct flowside *fs, char *buf, size_t size);
 
+/**
+ * flowside_eq() - Check if two flowsides are equal
+ * @left, @right:	Flowsides to compare
+ *
+ * Return: true if equal, false otherwise
+ */
+static inline bool flowside_eq(const struct flowside *left,
+			       const struct flowside *right)
+{
+	return memcmp(left, right, sizeof(struct flowside)) == 0;
+}
+
+/**
+ * flowside_hash() - Calculate hash value for a flowside
+ * @fs:		Flowside
+ * @k:		Hash secret (128-bits as array of 2 64-bit words)
+ *
+ * Return: hash value
+ */
+static inline unsigned int flowside_hash(const struct flowside *fs,
+					 const uint64_t *k)
+{
+	ASSERT(flowside_complete(fs));
+	return siphash_36b((uint8_t *)fs, k);
+}
+
+
 /**
  * struct flow_common - Common fields for packet flows
  * @side[]:	Information on the flow for each side.  Flow types can have
diff --git a/siphash.c b/siphash.c
index e266e15..1f424d8 100644
--- a/siphash.c
+++ b/siphash.c
@@ -163,6 +163,7 @@ uint32_t siphash_12b(const uint8_t *in, const uint64_t *k)
  */
 /* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
 __attribute__((optimize("-fno-strict-aliasing")))	/* See siphash_8b() */
+/* cppcheck-suppress unusedFunction */
 uint64_t siphash_20b(const uint8_t *in, const uint64_t *k)
 {
 	uint32_t *in32 = (uint32_t *)in;
diff --git a/tcp.c b/tcp.c
index 16b930e..27cdd15 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1133,49 +1133,15 @@ static int tcp_opt_get(const char *opts, size_t len, uint8_t type_find,
 }
 
 /**
- * tcp_hash_match() - Check if a connection entry matches address and ports
- * @conn:	Connection entry to match against
- * @faddr:	Guest side forwarding address
- * @eport:	Guest side endpoint port
- * @fport:	Guest side forwarding port
- *
- * Return: 1 on match, 0 otherwise
- */
-static int tcp_hash_match(const struct tcp_tap_conn *conn,
-			  const union inany_addr *faddr,
-			  in_port_t eport, in_port_t fport)
-{
-	if (inany_equals(&TAPSIDE(conn)->faddr, faddr) &&
-	    TAPSIDE(conn)->eport == eport && TAPSIDE(conn)->fport == fport)
-		return 1;
-
-	return 0;
-}
-
-/**
- * tcp_hash() - Calculate hash value for connection given address and ports
+ * tcp_hash() - Calculate hash value for a TCP guest flowside
  * @c:		Execution context
- * @faddr:	Guest side forwarding address
- * @eport:	Guest side endpoint port
- * @fport:	Guest side forwarding port
+ * @fs:		Guest flowside
  *
  * Return: hash value, already modulo size of the hash table
  */
-static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr,
-			     in_port_t eport, in_port_t fport)
+static unsigned int tcp_hash(const struct ctx *c, const struct flowside *fs)
 {
-	struct {
-		union inany_addr faddr;
-		in_port_t eport;
-		in_port_t fport;
-	} __attribute__((__packed__)) in = {
-		*faddr, eport, fport
-	};
-	uint64_t b = 0;
-
-	b = siphash_20b((uint8_t *)&in, c->tcp.hash_secret);
-
-	return (unsigned int)(b % TCP_HASH_TABLE_SIZE);
+	return flowside_hash(fs, c->tcp.hash_secret) % TCP_HASH_TABLE_SIZE;
 }
 
 /**
@@ -1188,8 +1154,7 @@ static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr,
 static unsigned int tcp_conn_hash(const struct ctx *c,
 				  const struct tcp_tap_conn *conn)
 {
-	return tcp_hash(c, &TAPSIDE(conn)->faddr,
-			TAPSIDE(conn)->eport, TAPSIDE(conn)->fport);
+	return tcp_hash(c, TAPSIDE(conn));
 }
 
 /**
@@ -1201,8 +1166,7 @@ static void tcp_hash_insert(const struct ctx *c, struct tcp_tap_conn *conn)
 {
 	int b;
 
-	b = tcp_hash(c, &TAPSIDE(conn)->faddr,
-		     TAPSIDE(conn)->eport, TAPSIDE(conn)->fport);
+	b = tcp_hash(c, TAPSIDE(conn));
 	conn->next_index = tc_hash[b] ? FLOW_IDX(tc_hash[b]) : -1U;
 	tc_hash[b] = conn;
 
@@ -1271,24 +1235,26 @@ void tcp_tap_conn_update(struct ctx *c, struct tcp_tap_conn *old,
  * tcp_hash_lookup() - Look up connection given remote address and ports
  * @c:		Execution context
  * @af:		Address family, AF_INET or AF_INET6
+ * @eaddr:	Guest side endpoint address (guest local address)
  * @faddr:	Guest side forwarding address (guest remote address)
  * @eport:	Guest side endpoint port (guest local port)
  * @fport:	Guest side forwarding port (guest remote port)
  *
  * Return: connection pointer, if found, -ENOENT otherwise
  */
-static struct tcp_tap_conn *tcp_hash_lookup(const struct ctx *c,
-					    int af, const void *faddr,
+static struct tcp_tap_conn *tcp_hash_lookup(const struct ctx *c, int af,
+					    const void *eaddr, const void *faddr,
 					    in_port_t eport, in_port_t fport)
 {
-	union inany_addr aany;
+	struct flowside fs;
 	struct tcp_tap_conn *conn;
 	int b;
 
-	inany_from_af(&aany, af, faddr);
-	b = tcp_hash(c, &aany, eport, fport);
+	flowside_from_af(&fs, af, faddr, fport, eaddr, eport);
+
+	b = tcp_hash(c, &fs);
 	for (conn = tc_hash[b]; conn; conn = conn_at_idx(conn->next_index)) {
-		if (tcp_hash_match(conn, &aany, eport, fport))
+		if (flowside_eq(TAPSIDE(conn), &fs))
 			return conn;
 	}
 
@@ -2523,7 +2489,8 @@ int tcp_tap_handler(struct ctx *c, int af, const void *saddr, const void *daddr,
 	optlen = MIN(optlen, ((1UL << 4) /* from doff width */ - 6) * 4UL);
 	opts = packet_get(p, 0, sizeof(*th), optlen, NULL);
 
-	conn = tcp_hash_lookup(c, af, daddr, htons(th->source), htons(th->dest));
+	conn = tcp_hash_lookup(c, af, saddr, daddr,
+			       htons(th->source), htons(th->dest));
 
 	/* New connection from tap */
 	if (!conn) {
diff --git a/tcp_splice.c b/tcp_splice.c
index 34cb774..676e7e8 100644
--- a/tcp_splice.c
+++ b/tcp_splice.c
@@ -51,6 +51,7 @@
 #include "util.h"
 #include "passt.h"
 #include "log.h"
+#include "siphash.h"
 #include "tcp_splice.h"
 #include "inany.h"
 #include "flow.h"
-- 
@@ -51,6 +51,7 @@
 #include "util.h"
 #include "passt.h"
 #include "log.h"
+#include "siphash.h"
 #include "tcp_splice.h"
 #include "inany.h"
 #include "flow.h"
-- 
2.41.0


  parent reply	other threads:[~2023-08-28  5:42 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-28  5:41 [PATCH v2 00/10] RFC: Convert TCP connection table to generalisable flow table David Gibson
2023-08-28  5:41 ` [PATCH v2 01/10] flow, tcp: Generalise connection types David Gibson
2023-08-28  5:41 ` [PATCH v2 02/10] flow, tcp: Move TCP connection table to unified flow table David Gibson
2023-08-28  5:41 ` [PATCH v2 03/10] flow, tcp: Consolidate flow pointer<->index helpers David Gibson
2023-09-07  1:01   ` Stefano Brivio
2023-09-07  3:48     ` David Gibson
2023-08-28  5:41 ` [PATCH v2 04/10] flow: Make unified version of flow table compaction David Gibson
2023-08-28  5:41 ` [PATCH v2 05/10] flow: Introduce struct flowside, space for uniform tracking of addresses David Gibson
2023-09-07  1:01   ` Stefano Brivio
2023-09-07  4:05     ` David Gibson
2023-09-07  7:55       ` Stefano Brivio
2023-08-28  5:41 ` [PATCH v2 06/10] tcp: Move guest side address tracking to flow/flowside David Gibson
2023-08-28  5:41 ` David Gibson [this message]
2023-08-28  5:41 ` [PATCH v2 08/10] tcp: Re-use flowside_hash for initial sequence number generation David Gibson
2023-08-28  5:41 ` [PATCH v2 09/10] tcp: Maintain host flowside for connections David Gibson
2023-08-28  5:41 ` [PATCH v2 10/10] tcp_splice: Fill out flowside information for spliced connections David Gibson
2023-09-07  1:02   ` Stefano Brivio
2023-09-07  4:14     ` David Gibson
2023-09-07  7:55       ` Stefano Brivio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230828054146.48673-8-david@gibson.dropbear.id.au \
    --to=david@gibson.dropbear.id.au \
    --cc=passt-dev@passt.top \
    --cc=sbrivio@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).