Currently we match TCP packets received on the tap connection to a TCP connection via a hash table based on the forwarding address and both ports. We hope in future to allow for multiple guest side addresses, which means we may need to distinguish based on the correspondent address as well. Extend the hash function to include this information. Since this now exactly corresponds to the contents of the guest-side demiflow, we can base our hash functions on that, rather than a group of individual parameters. We also put some of the helpers in flow.h, because we hope to be able to re-use the hashing logic for other cases in future as well. Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au> --- flow.h | 25 ++++++++++++++++++++ siphash.c | 1 + tcp.c | 65 +++++++++++++--------------------------------------- tcp_splice.c | 1 + 4 files changed, 43 insertions(+), 49 deletions(-) diff --git a/flow.h b/flow.h index f7c0981..bb8e314 100644 --- a/flow.h +++ b/flow.h @@ -38,4 +38,29 @@ static inline void demiflow_from_af(struct demiflow *df, int af, df->cport = cport; } +/** + * demiflow_eq() - Check if two demiflows are equal + * @left, @right: Demiflows to compare + * + * Return: true if equal, false otherwise + */ +static inline bool demiflow_eq(const struct demiflow *left, + const struct demiflow *right) +{ + return memcmp(left, right, sizeof(struct demiflow)) == 0; +} + +/** + * demiflow_hash() - Calculate hash value for a demiflow + * @df: Demiflow + * @k: Hash secret (128-bits as array of 2 64-bit words) + * + * Return: hash value + */ +static inline unsigned int demiflow_hash(const struct demiflow *df, + const uint64_t *k) +{ + return siphash_36b((uint8_t *)df, k); +} + #endif /* FLOW_H */ diff --git a/siphash.c b/siphash.c index e266e15..1f424d8 100644 --- a/siphash.c +++ b/siphash.c @@ -163,6 +163,7 @@ uint32_t siphash_12b(const uint8_t *in, const uint64_t *k) */ /* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */ __attribute__((optimize("-fno-strict-aliasing"))) /* See siphash_8b() */ +/* cppcheck-suppress unusedFunction */ uint64_t siphash_20b(const uint8_t *in, const uint64_t *k) { uint32_t *in32 = (uint32_t *)in; diff --git a/tcp.c b/tcp.c index c1875c3..92aa956 100644 --- a/tcp.c +++ b/tcp.c @@ -1140,49 +1140,15 @@ static int tcp_opt_get(const char *opts, size_t len, uint8_t type_find, } /** - * tcp_hash_match() - Check if a connection entry matches address and ports - * @conn: Connection entry to match against - * @faddr: Guest side forwarding address - * @cport: Guest side correspondent port - * @fport: Guest side forwarding port - * - * Return: 1 on match, 0 otherwise - */ -static int tcp_hash_match(const struct tcp_tap_conn *conn, - const union inany_addr *faddr, - in_port_t cport, in_port_t fport) -{ - if (inany_equals(&conn->tapflow.faddr, faddr) && - conn->tapflow.cport == cport && conn->tapflow.fport == fport) - return 1; - - return 0; -} - -/** - * tcp_hash() - Calculate hash value for connection given address and ports + * tcp_hash() - Calculate hash value for a TCP guest-side demiflow * @c: Execution context - * @faddr: Guest side forwarding address - * @cport: Guest side correspondent port - * @fport: Guest side forwarding port + * @df: Guest side demiflow * * Return: hash value, already modulo size of the hash table */ -static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr, - in_port_t cport, in_port_t fport) +static unsigned int tcp_hash(const struct ctx *c, const struct demiflow *df) { - struct { - union inany_addr faddr; - in_port_t cport; - in_port_t fport; - } __attribute__((__packed__)) in = { - *faddr, cport, fport - }; - uint64_t b = 0; - - b = siphash_20b((uint8_t *)&in, c->tcp.hash_secret); - - return (unsigned int)(b % TCP_HASH_TABLE_SIZE); + return demiflow_hash(df, c->tcp.hash_secret) % TCP_HASH_TABLE_SIZE; } /** @@ -1195,8 +1161,7 @@ static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr, static unsigned int tcp_conn_hash(const struct ctx *c, const struct tcp_tap_conn *conn) { - return tcp_hash(c, &conn->tapflow.faddr, - conn->tapflow.cport, conn->tapflow.fport); + return tcp_hash(c, &conn->tapflow); } /** @@ -1208,8 +1173,7 @@ static void tcp_hash_insert(const struct ctx *c, struct tcp_tap_conn *conn) { int b; - b = tcp_hash(c, &conn->tapflow.faddr, - conn->tapflow.cport, conn->tapflow.fport); + b = tcp_hash(c, &conn->tapflow); conn->next_index = tc_hash[b] ? CONN_IDX(tc_hash[b]) : -1; tc_hash[b] = conn; @@ -1278,24 +1242,26 @@ static void tcp_tap_conn_update(struct ctx *c, struct tcp_tap_conn *old, * tcp_hash_lookup() - Look up connection given remote address and ports * @c: Execution context * @af: Address family, AF_INET or AF_INET6 + * @caddr: Guest side correspondent address (guest local address) * @faddr: Guest side forwarding address (guest remote address) * @cport: Guest side correspondent port (guest local port) * @fport: Guest side forwarding port (guest remote port) * * Return: connection pointer, if found, -ENOENT otherwise */ -static struct tcp_tap_conn *tcp_hash_lookup(const struct ctx *c, - int af, const void *faddr, +static struct tcp_tap_conn *tcp_hash_lookup(const struct ctx *c, int af, + const void *caddr, const void *faddr, in_port_t cport, in_port_t fport) { - union inany_addr aany; + struct demiflow df; struct tcp_tap_conn *conn; int b; - inany_from_af(&aany, af, faddr); - b = tcp_hash(c, &aany, cport, fport); + demiflow_from_af(&df, af, faddr, fport, caddr, cport); + + b = tcp_hash(c, &df); for (conn = tc_hash[b]; conn; conn = conn_at_idx(conn->next_index)) { - if (tcp_hash_match(conn, &aany, cport, fport)) + if (demiflow_eq(&conn->tapflow, &df)) return conn; } @@ -2556,7 +2522,8 @@ int tcp_tap_handler(struct ctx *c, int af, const void *saddr, const void *daddr, optlen = MIN(optlen, ((1UL << 4) /* from doff width */ - 6) * 4UL); opts = packet_get(p, 0, sizeof(*th), optlen, NULL); - conn = tcp_hash_lookup(c, af, daddr, htons(th->source), htons(th->dest)); + conn = tcp_hash_lookup(c, af, saddr, daddr, + htons(th->source), htons(th->dest)); /* New connection from tap */ if (!conn) { diff --git a/tcp_splice.c b/tcp_splice.c index a1aeff7..15abc0c 100644 --- a/tcp_splice.c +++ b/tcp_splice.c @@ -51,6 +51,7 @@ #include "util.h" #include "passt.h" #include "log.h" +#include "siphash.h" #include "tcp_splice.h" #include "inany.h" #include "flow.h" -- 2.41.0