This is a second draft of the first steps in implementing more general
"connection" tracking, as described at:
https://pad.passt.top/p/NewForwardingModel
This series changes the TCP connection table into a more general flow
table that can track other protocols as well (although none are
implemented yet). Each flow uniformly keeps track of all the relevant
addresses and ports, which will allow for more robust control of NAT
and port forwarding.
Caveats:
* We significantly increase the size of a connection/flow entry
- Can probably be mitigated, but I haven't investigated much yet
* We perform a number of extra getsockname() calls to know some of
the socket endpoints
- Haven't yet measured how much performance impact that has
- Can be mitigated in at least some cases, but again, haven't
tried yet
* Only TCP converted so far
Changes since v1:
* Terminology changes
- "Endpoint" address/port instead of "correspondent" address/port
- "flowside" instead of "demiflow"
* Actually move the connection table to a new flow table structure in
new files
* Significant rearrangement of earlier patchs on top of that new
table, to reduce churn
David Gibson (10):
flow, tcp: Generalise connection types
flow, tcp: Move TCP connection table to unified flow table
flow, tcp: Consolidate flow pointer<->index helpers
flow: Make unified version of flow table compaction
flow: Introduce struct flowside, space for uniform tracking of
addresses
tcp: Move guest side address tracking to flow/flowside
tcp, flow: Perform TCP hash calculations based on flowside
tcp: Re-use flowside_hash for initial sequence number generation
tcp: Maintain host flowside for connections
tcp_splice: Fill out flowside information for spliced connections
Makefile | 14 +-
flow.c | 111 ++++++++++++++++
flow.h | 115 +++++++++++++++++
flow_table.h | 45 +++++++
passt.h | 3 +
siphash.c | 1 +
tcp.c | 355 ++++++++++++++++++++++++---------------------------
tcp.h | 5 -
tcp_conn.h | 54 ++------
tcp_splice.c | 78 ++++++-----
tcp_splice.h | 3 +-
11 files changed, 505 insertions(+), 279 deletions(-)
create mode 100644 flow.c
create mode 100644 flow.h
create mode 100644 flow_table.h
--
2.41.0