From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id 1EDAA5F2C; Mon, 5 Nov 2018 11:27:22 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2018 02:27:22 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,467,1534834800"; d="scan'208";a="278401392" Received: from sivswdev02.ir.intel.com (HELO localhost.localdomain) ([10.237.217.46]) by fmsmga006.fm.intel.com with ESMTP; 05 Nov 2018 02:27:20 -0800 From: Konstantin Ananyev To: dev@dpdk.org Cc: stable@dpdk.org, ryan.e.hall@intel.com, alexander.v.gutkin@intel.com, Konstantin Ananyev Date: Mon, 5 Nov 2018 10:26:43 +0000 Message-Id: <1541413603-4792-3-git-send-email-konstantin.ananyev@intel.com> X-Mailer: git-send-email 1.7.0.7 In-Reply-To: <1541413603-4792-1-git-send-email-konstantin.ananyev@intel.com> References: <1541413603-4792-1-git-send-email-konstantin.ananyev@intel.com> Subject: [dpdk-stable] [PATCH 2/2] ip_frag: use key length for key comparision X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2018 10:27:23 -0000 Right now reassembly code relies on src_dst[] being all zeroes to determine is it free/occupied entry in the fragments table. This is suboptimal and error prone - user can crash DPDK ip_reassembly app by something like the following scapy script: x=Ether(src=...,dst=...)/IP(dst='0.0.0.0',src='0.0.0.0',id=0)/('X'*1000) frags=fragment(x, fragsize=500) sendp(frags, iface=...) To overcome that issue and reduce overhead of 'key invalidate' and 'key is empty' operations - add key_len into keys comparision procedure. Reported-by: Reported-by: Fixes: 4f1a8f633862 ("ip_frag: add IPv6 reassembly") Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev --- lib/librte_ip_frag/ip_frag_common.h | 14 ++++---------- lib/librte_ip_frag/rte_ip_frag.h | 14 +++++++++++--- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/lib/librte_ip_frag/ip_frag_common.h b/lib/librte_ip_frag/ip_frag_common.h index 0f62e2e16..a17a74076 100644 --- a/lib/librte_ip_frag/ip_frag_common.h +++ b/lib/librte_ip_frag/ip_frag_common.h @@ -58,20 +58,14 @@ struct rte_mbuf *ipv6_frag_reassemble(struct ip_frag_pkt *fp); static inline int ip_frag_key_is_empty(const struct ip_frag_key * key) { - uint32_t i; - for (i = 0; i < RTE_MIN(key->key_len, RTE_DIM(key->src_dst)); i++) - if (key->src_dst[i] != 0) - return 0; - return 1; + return (key->key_len == 0); } -/* empty the key */ +/* invalidate the key */ static inline void ip_frag_key_invalidate(struct ip_frag_key * key) { - uint32_t i; - for (i = 0; i < key->key_len; i++) - key->src_dst[i] = 0; + key->key_len = 0; } /* compare two keys */ @@ -80,7 +74,7 @@ ip_frag_key_cmp(const struct ip_frag_key * k1, const struct ip_frag_key * k2) { uint32_t i; uint64_t val; - val = k1->id ^ k2->id; + val = k1->id_key_len ^ k2->id_key_len; for (i = 0; i < k1->key_len; i++) val |= k1->src_dst[i] ^ k2->src_dst[i]; return val; diff --git a/lib/librte_ip_frag/rte_ip_frag.h b/lib/librte_ip_frag/rte_ip_frag.h index 7f425f610..a4ccaf9d1 100644 --- a/lib/librte_ip_frag/rte_ip_frag.h +++ b/lib/librte_ip_frag/rte_ip_frag.h @@ -44,9 +44,17 @@ struct ip_frag { /** @internal to uniquely identify fragmented datagram. */ struct ip_frag_key { - uint64_t src_dst[4]; /**< src address, first 8 bytes used for IPv4 */ - uint32_t id; /**< dst address */ - uint32_t key_len; /**< src/dst key length */ + uint64_t src_dst[4]; + /**< src and dst address, only first 8 bytes used for IPv4 */ + RTE_STD_C11 + union { + uint64_t id_key_len; /**< combined for easy fetch */ + __extension__ + struct { + uint32_t id; /**< packet id */ + uint32_t key_len; /**< src/dst key length */ + }; + }; }; /** -- 2.17.1