Also bump paralellism on maps to 512
0x8306 (rate in bytes) or 0x830c (rate in packets), we rate limit the same as 0x8006 or 0x800c
except that the rate limit is applied per source address. The encoding mirrors the non-per-source
encoding in that the last 4 octets are the floating-point rate limit. Instead of a 2 octet
0x8306 (rate in bytes) or 0x830c (rate in packets), we rate limit the same as 0x8006 or 0x800c
except that the rate limit is applied per source address. The encoding mirrors the non-per-source
encoding in that the last 4 octets are the floating-point rate limit. Instead of a 2 octet
-AS/ignored value, the third octet is the maximum number of source IPs tracked (plus one, times 1024)
+AS/ignored value, the third octet is the maximum number of source IPs tracked (plus one, times 4096)
and the fourth octet is a prefix length mask, which is applied to the source IP before rate-limiting.
`install.sh` provides a simple example script which will compile and install a generated XDP program
and the fourth octet is a prefix length mask, which is applied to the source IP before rate-limiting.
`install.sh` provides a simple example script which will compile and install a generated XDP program
continue
first_action += f"const uint32_t srcip = ip->saddr & MASK4({mid_byte});\n"
first_action += f"void *rate_map = &v4_src_rate_{len(v4persrcratelimits)};\n"
continue
first_action += f"const uint32_t srcip = ip->saddr & MASK4({mid_byte});\n"
first_action += f"void *rate_map = &v4_src_rate_{len(v4persrcratelimits)};\n"
- first_action += f"struct persrc_rate4_ptr rate_ptr = get_v4_persrc_ratelimit(srcip, rate_map, {(high_byte + 1) * 1024});\n"
+ first_action += f"struct persrc_rate4_ptr rate_ptr = get_v4_persrc_ratelimit(srcip, rate_map, {(high_byte + 1) * 4096});\n"
first_action += f"struct persrc_rate4_entry *rate = rate_ptr.rate;\n"
first_action += f"struct persrc_rate4_entry *rate = rate_ptr.rate;\n"
- v4persrcratelimits.append((high_byte + 1) * 1024)
+ v4persrcratelimits.append((high_byte + 1) * 4096)
else:
if mid_byte > 128:
continue
first_action += f"const uint128_t srcip = ip6->saddr & MASK6({mid_byte});\n"
first_action += f"void *rate_map = &v6_src_rate_{len(v6persrcratelimits)};\n"
else:
if mid_byte > 128:
continue
first_action += f"const uint128_t srcip = ip6->saddr & MASK6({mid_byte});\n"
first_action += f"void *rate_map = &v6_src_rate_{len(v6persrcratelimits)};\n"
- first_action += f"struct persrc_rate6_ptr rate_ptr = get_v6_persrc_ratelimit(srcip, rate_map, {(high_byte + 1) * 1024});\n"
+ first_action += f"struct persrc_rate6_ptr rate_ptr = get_v6_persrc_ratelimit(srcip, rate_map, {(high_byte + 1) * 4096});\n"
first_action += f"struct persrc_rate6_entry *rate = rate_ptr.rate;\n"
first_action += f"struct persrc_rate6_entry *rate = rate_ptr.rate;\n"
- v6persrcratelimits.append((high_byte + 1) * 1024)
+ v6persrcratelimits.append((high_byte + 1) * 4096)
first_action += "if (rate) {\n"
first_action += f"\t{spin_lock}\n"
first_action += "\tif (likely(rate->sent_rate > 0))" + " {\n"
first_action += "if (rate) {\n"
first_action += f"\t{spin_lock}\n"
first_action += "\tif (likely(rate->sent_rate > 0))" + " {\n"
// Then we build an array of MAX_ENTRIES/2**SRC_HASH_MAX_PARALLELISM_POW entries,
// which are split into buckets of size SRC_HASH_BUCKET_COUNT. An entry can appear
// in any of the SRC_HASH_BUCKET_COUNT buckets at it's hash value.
// Then we build an array of MAX_ENTRIES/2**SRC_HASH_MAX_PARALLELISM_POW entries,
// which are split into buckets of size SRC_HASH_BUCKET_COUNT. An entry can appear
// in any of the SRC_HASH_BUCKET_COUNT buckets at it's hash value.
-#define SRC_HASH_MAX_PARALLELISM_POW 7
+#define SRC_HASH_MAX_PARALLELISM_POW 9
#define SRC_HASH_MAX_PARALLELISM (1 << SRC_HASH_MAX_PARALLELISM_POW)
#define SRC_HASH_BUCKET_COUNT_POW 3
#define SRC_HASH_BUCKET_COUNT (1 << SRC_HASH_BUCKET_COUNT_POW)
#define SRC_HASH_MAX_PARALLELISM (1 << SRC_HASH_MAX_PARALLELISM_POW)
#define SRC_HASH_BUCKET_COUNT_POW 3
#define SRC_HASH_BUCKET_COUNT (1 << SRC_HASH_BUCKET_COUNT_POW)
projects / flowspec-xdp / commitdiff