Fix/better handling of no-stats-tracking rules

[flowspec-xdp] / xdp.c

diff --git a/xdp.c b/xdp.c
index ad6ab82db97feedc53f88f9f9f3f067d65bcbb7f..e63bec379ee143672211c59c9bb4aaab19af9c2a 100644 (file)
--- a/xdp.c
+++ b/xdp.c
@@ -151,7 +151,7 @@ struct xdp_md {
 static const int XDP_PASS = 0;
 static const int XDP_DROP = 1;
 
-static long drop_cnt_map[RULECNT + STATIC_RULE_CNT];
+static long drop_cnt_map[STATS_RULECNT + STATIC_RULE_CNT];
 #define INCREMENT_MATCH(reason) { drop_cnt_map[reason] += 1; drop_cnt_map[reason] += data_end - pktdata; }
 
 #else /* TEST */
@@ -164,7 +164,7 @@ struct match_counter {
 };
 struct {
        __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
-       __uint(max_entries, RULECNT + STATIC_RULE_CNT);
+       __uint(max_entries, STATS_RULECNT + STATIC_RULE_CNT);
        __u32 *key;
        struct match_counter *value;
 } drop_cnt_map SEC(".maps");
@@ -213,9 +213,17 @@ struct {
 // Then we build an array of MAX_ENTRIES/2**SRC_HASH_MAX_PARALLELISM_POW entries,
 // which are split into buckets of size SRC_HASH_BUCKET_COUNT. An entry can appear
 // in any of the SRC_HASH_BUCKET_COUNT buckets at it's hash value.
-#define SRC_HASH_MAX_PARALLELISM_POW 9
+//
+// Because we use buckets of size 16, see collision_prob.py, the number of
+// elements we can hold with only a 1% probability of overflowing a bucket is:
+//
+// 128K-entry hash table (2MiB): ~33K sources
+// 256K-entry hash table (4MiB): ~63K sources
+// 512K-entry hash table (8MiB): ~119K sources
+// 1M-entry hash table (16MiB): ~227K sources
+#define SRC_HASH_MAX_PARALLELISM_POW 8
 #define SRC_HASH_MAX_PARALLELISM (1 << SRC_HASH_MAX_PARALLELISM_POW)
-#define SRC_HASH_BUCKET_COUNT_POW 3
+#define SRC_HASH_BUCKET_COUNT_POW 4
 #define SRC_HASH_BUCKET_COUNT (1 << SRC_HASH_BUCKET_COUNT_POW)
 
 #include "rand.h"