projects
/
flowspec-xdp
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
0ac7dea
)
Optimize per-src v6 matching on <= /64s to avoid always storing 4 0-bytes
author
Matt Corallo
<git@bluematt.me>
Thu, 10 Jun 2021 15:35:31 +0000
(15:35 +0000)
committer
Matt Corallo
<git@bluematt.me>
Thu, 10 Jun 2021 19:23:54 +0000
(19:23 +0000)
genrules.py
patch
|
blob
|
history
xdp.c
patch
|
blob
|
history
diff --git
a/genrules.py
b/genrules.py
index 1ab90b05a80bca0b9d1615cb5276489f9cce85d8..b2bf796af9a86e43218f70e2a7c8f21eda034f01 100755
(executable)
--- a/
genrules.py
+++ b/
genrules.py
@@
-297,6
+297,7
@@
with open("rules.h", "w") as out:
rulecnt = 0
ratelimitcnt = 0
v4persrcratelimits = []
rulecnt = 0
ratelimitcnt = 0
v4persrcratelimits = []
+ v5persrcratelimits = []
v6persrcratelimits = []
lastrule = None
v6persrcratelimits = []
lastrule = None
@@
-422,6
+423,12
@@
with open("rules.h", "w") as out:
first_action += f"struct persrc_rate4_ptr rate_ptr = get_v4_persrc_ratelimit(srcip, rate_map, {(high_byte + 1) * 4096});\n"
first_action += f"struct persrc_rate4_entry *rate = rate_ptr.rate;\n"
v4persrcratelimits.append((high_byte + 1) * 4096)
first_action += f"struct persrc_rate4_ptr rate_ptr = get_v4_persrc_ratelimit(srcip, rate_map, {(high_byte + 1) * 4096});\n"
first_action += f"struct persrc_rate4_entry *rate = rate_ptr.rate;\n"
v4persrcratelimits.append((high_byte + 1) * 4096)
+ elif mid_byte <= 64:
+ first_action += f"const uint64_t srcip = BE128BEHIGH64(ip6->saddr & MASK6({mid_byte}));\n"
+ first_action += f"void *rate_map = &v5_src_rate_{len(v5persrcratelimits)};\n"
+ first_action += f"struct persrc_rate5_ptr rate_ptr = get_v5_persrc_ratelimit(srcip, rate_map, {(high_byte + 1) * 4096});\n"
+ first_action += f"struct persrc_rate5_entry *rate = rate_ptr.rate;\n"
+ v5persrcratelimits.append((high_byte + 1) * 4096)
else:
if mid_byte > 128:
continue
else:
if mid_byte > 128:
continue
@@
-504,5
+511,7
@@
with open("rules.h", "w") as out:
with open("maps.h", "w") as out:
for idx, limit in enumerate(v4persrcratelimits):
out.write(f"SRC_RATE_DEFINE(4, {idx}, {limit})\n")
with open("maps.h", "w") as out:
for idx, limit in enumerate(v4persrcratelimits):
out.write(f"SRC_RATE_DEFINE(4, {idx}, {limit})\n")
+ for idx, limit in enumerate(v5persrcratelimits):
+ out.write(f"SRC_RATE_DEFINE(5, {idx}, {limit})\n")
for idx, limit in enumerate(v6persrcratelimits):
out.write(f"SRC_RATE_DEFINE(6, {idx}, {limit})\n")
for idx, limit in enumerate(v6persrcratelimits):
out.write(f"SRC_RATE_DEFINE(6, {idx}, {limit})\n")
diff --git
a/xdp.c
b/xdp.c
index 29e2cf3e3f716e8f595d5905b00dee62ebdc66d5..95ab7df9743b85e16d701f79463d989c69b0832c 100644
(file)
--- a/
xdp.c
+++ b/
xdp.c
@@
-96,10
+96,15
@@
struct tcphdr {
#define HTON128(a) BIGEND128(a >> 3*32, a >> 2*32, a >> 1*32, a>> 0*32)
// Yes, somehow macro'ing this changes LLVM's view of htons...
#define BE16(a) (((((uint16_t)a) & 0xff00) >> 8) | ((((uint16_t)a) & 0xff) << 8))
#define HTON128(a) BIGEND128(a >> 3*32, a >> 2*32, a >> 1*32, a>> 0*32)
// Yes, somehow macro'ing this changes LLVM's view of htons...
#define BE16(a) (((((uint16_t)a) & 0xff00) >> 8) | ((((uint16_t)a) & 0xff) << 8))
+#define BE128BEHIGH64(val) ((uint64_t)((uint128_t)(val)))
+
#elif defined(__BIG_ENDIAN)
#elif defined(__BIG_ENDIAN)
+
#define BIGEND128(a, b, c, d) ((((uint128_t)(a)) << 3*32) | (((uint128_t)(b)) << 2*32) | (((uint128_t)(c)) << 1*32) | (((uint128_t)(d)) << 0*32))
#define HTON128(a) ((uint128_t)(a))
#define BE16(a) ((uint16_t)(a))
#define BIGEND128(a, b, c, d) ((((uint128_t)(a)) << 3*32) | (((uint128_t)(b)) << 2*32) | (((uint128_t)(c)) << 1*32) | (((uint128_t)(d)) << 0*32))
#define HTON128(a) ((uint128_t)(a))
#define BE16(a) ((uint16_t)(a))
+#define BE128BEHIGH64(val) ((uint64_t)(((uint128_t)(val)) >> 64))
+
#else
#error "Need endian info"
#endif
#else
#error "Need endian info"
#endif
@@
-256,6
+261,7
@@
static inline struct persrc_rate##IPV##_ptr get_v##IPV##_persrc_ratelimit(IP_TYP
}
CREATE_PERSRC_LOOKUP(6, uint128_t)
}
CREATE_PERSRC_LOOKUP(6, uint128_t)
+CREATE_PERSRC_LOOKUP(5, uint64_t) // IPv6 matching no more than a /64
CREATE_PERSRC_LOOKUP(4, uint32_t)
#define SRC_RATE_DEFINE(IPV, n, limit) \
CREATE_PERSRC_LOOKUP(4, uint32_t)
#define SRC_RATE_DEFINE(IPV, n, limit) \