From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTP id B5F8B5A026D for ; Thu, 18 Jan 2024 16:42:43 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1705592562; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WdyxVdk6xgK+AlP/OLQCsFX67T59dhY/p9CV2Ysr8Xo=; b=V5rdGrX8ar0i7D0N88Cah2T6Tnc0tmC/RnemHRiD7veZUctyuUgSEZKshIf/wiiyA3kLDW UCjR4oJgBVhSSm3115XP5e/k6Y3dCYWAb5VmLZEI7nRJjadJM+sFUQ7nuolIMCmFROeWdk 525ByAUtEuFIzic3ucejPsHOVrwfb/k= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-671-yjt75pC4MaushTPPVVgnlg-1; Thu, 18 Jan 2024 10:42:39 -0500 X-MC-Unique: yjt75pC4MaushTPPVVgnlg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3B77884AEEC; Thu, 18 Jan 2024 15:42:39 +0000 (UTC) Received: from elisabeth (unknown [10.39.208.27]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 65F15111FF; Thu, 18 Jan 2024 15:42:38 +0000 (UTC) Date: Thu, 18 Jan 2024 16:42:34 +0100 From: Stefano Brivio To: David Gibson Subject: Re: [PATCH v3 06/15] tcp, flow: Replace TCP specific hash function with general flow hash Message-ID: <20240118164234.1db14655@elisabeth> In-Reply-To: References: <20231221070237.1422557-1-david@gibson.dropbear.id.au> <20231221070237.1422557-7-david@gibson.dropbear.id.au> <20240117205934.4b7d7043@elisabeth> Organization: Red Hat MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: WBWDEDJPAEJ7BM3TADP7GIS5DXE7BRAF X-Message-ID-Hash: WBWDEDJPAEJ7BM3TADP7GIS5DXE7BRAF X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Thu, 18 Jan 2024 12:15:12 +1100 David Gibson wrote: > On Wed, Jan 17, 2024 at 08:59:34PM +0100, Stefano Brivio wrote: > > On Thu, 21 Dec 2023 18:02:28 +1100 > > David Gibson wrote: > > > > > Currently we match TCP packets received on the tap connection to a TCP > > > connection via a hash table based on the forwarding address and both > > > ports. We hope in future to allow for multiple guest side addresses, or > > > for multiple interfaces which means we may need to distinguish based on > > > the endpoint address and pif as well. We also want a unified hash table > > > to cover multiple protocols, not just TCP. > > > > > > Replace the TCP specific hash function with one suitable for general flows, > > > or rather for one side of a general flow. This includes all the > > > information from struct flowside, plus the L4 protocol number. > > > > > > Signed-off-by: David Gibson > > > --- > > > flow.c | 21 +++++++++++++++++++++ > > > flow.h | 19 +++++++++++++++++++ > > > tcp.c | 59 +++++++++++----------------------------------------------- > > > 3 files changed, 51 insertions(+), 48 deletions(-) > > > > > > diff --git a/flow.c b/flow.c > > > index bc8cfc6..263633e 100644 > > > --- a/flow.c > > > +++ b/flow.c > > > @@ -229,6 +229,27 @@ void flow_alloc_cancel(union flow *flow) > > > flow_first_free = FLOW_IDX(flow); > > > } > > > > > > +/** > > > + * flow_hash() - Calculate hash value for one side of a flow > > > + * @c: Execution context > > > + * @proto: Protocol of this flow (IP L4 protocol number) > > > + * @fside: Flowside > > > + * > > > + * Return: hash value > > > + */ > > > +uint64_t flow_hash(const struct ctx *c, uint8_t proto, > > > + const struct flowside *fside) > > > +{ > > > + struct siphash_state state = SIPHASH_INIT(c->hash_secret); > > > + > > > + ASSERT(flowside_complete(fside)); > > > + inany_siphash_feed(&state, &fside->faddr); > > > + inany_siphash_feed(&state, &fside->eaddr); > > > > Customary newline here. > > Done. > > > > + return siphash_final(&state, 38, (uint64_t)proto << 40 | > > > + (uint64_t)fside->pif << 32 | > > > + fside->fport << 16 | fside->eport); > > > > If we add the fields from the 'tail' part (not the whole fside) to an > > anonymous struct in a similar way to what we had before fc8f0f8c48ef > > ("siphash: Use incremental rather than all-at-once siphash functions"), > > then we could drop those shift and masks, and use sizeof(that) + > > sizeof(fside->faddr) + sizeof(fside->eaddr) instead of '38'. > > Hrm, I guess so. There are some wrinkles: > * we'd need a union so we can get the actual u64 value we need to > pass I haven't tried, but I guess you can just cast a (packed) struct. > * we'd need to make sure that the the remaining (64-38 == 26) bytes > of that union are consistently initialised Where do the 64 _bytes_ come from? > * the struct part would need to be packed, or padding will mess with > us Right, yes, just see tcp_seq_init() before fc8f0f8c48ef. > * the exact value would now depend on the host endianness, which is > probably fine, but worth noting Oh, I didn't even think of that when I wrote the old tcp_seq_init(). Anyway, yes, it doesn't matter. > > > +} > > > + > > > /** > > > * flow_defer_handler() - Handler for per-flow deferred and timed tasks > > > * @c: Execution context > > > diff --git a/flow.h b/flow.h > > > index e7c4484..72ded54 100644 > > > --- a/flow.h > > > +++ b/flow.h > > > @@ -81,6 +81,22 @@ static inline bool flowside_complete(const struct flowside *fside) > > > > > > #define SIDES 2 > > > > > > +/** > > > + * flowside_eq() - Check if two flowsides are equal > > > > ...this raises the question: if the protocol number is now used in the > > hash, shouldn't it eventually become part of struct flowside -- and > > compared here, too? > > > I guess it's useful iff we allow flowsides for the same flow to have > > different protocol numbers. > > Right, which is not something I'm planning on doing, or at least not > very soon. > > > Now, forwarding between TCP and UDP endpoints might not make a lot of > > sense, because we would have to make so many arbitrary assumptions as > > to make it probably not generic enough to be useful. > > Exactly. > > > But TCP to stream-oriented UNIX domain socket makes sense, and we also > > had user requests in that sense. Oh and... what would be the second > > protocol number in that case? > > Right, that's a possible future extension. But if we're going outside > the realm of IP, a number of things need to be changed. I think > that's something for another day. I'm not suggesting to support that right away, I was just wondering if it actually makes sense, right from the beginning, to keep the hash information "consistent" with the flow table information, including having the protocol number in the flow table. But I didn't really think it through, you know better. -- Stefano