From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id AF8201B5F9 for ; Fri, 29 Jun 2018 18:47:16 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Jun 2018 09:47:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,286,1526367600"; d="scan'208";a="53934860" Received: from irsmsx109.ger.corp.intel.com ([163.33.3.23]) by orsmga006.jf.intel.com with ESMTP; 29 Jun 2018 09:47:12 -0700 Received: from irsmsx156.ger.corp.intel.com (10.108.20.68) by IRSMSX109.ger.corp.intel.com (163.33.3.23) with Microsoft SMTP Server (TLS) id 14.3.319.2; Fri, 29 Jun 2018 17:47:12 +0100 Received: from irsmsx105.ger.corp.intel.com ([169.254.7.126]) by IRSMSX156.ger.corp.intel.com ([169.254.3.252]) with mapi id 14.03.0319.002; Fri, 29 Jun 2018 17:47:12 +0100 From: "Ananyev, Konstantin" To: "Fu, Qiaobin" CC: "dev@dpdk.org" , Michel Machado , "Doucette, Cody, Joseph" Thread-Topic: [PATCH] ip_frag: add function rte_ip_frag_sweep_table() Thread-Index: AQHUDqcD/cj/CAiHW02ogWzuIGfirKR3c5Hg Date: Fri, 29 Jun 2018 16:47:10 +0000 Message-ID: <2601191342CEEE43887BDE71AB977258C0C44FFF@irsmsx105.ger.corp.intel.com> References: <4DB9E2E1-58A9-470C-B866-4F413CD59B09@bu.edu> In-Reply-To: <4DB9E2E1-58A9-470C-B866-4F413CD59B09@bu.edu> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODdiYmY2YzQtODFjNy00NThkLTk4MWEtMzBhMmEyZDA2ZmQxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiOWlydGRsd1hCWnhyclVOSndKdVhmK1RHVngrcE1VQ01rSW5jKzB0QjNrWlJPRjZDNTFreXk5S1Nha3kyeWZXVCJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [163.33.239.180] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] ip_frag: add function rte_ip_frag_sweep_table() X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 16:47:17 -0000 Hi >=20 > Function rte_ip_frag_sweep_table() enables callers to > incrementally sweep IP frament tables for incomplete, expired fragments. >=20 > rte_ip_frag_sweep_table() is needed to identify > never-to-be-completed fragments during DDoS attacks. There is a patch from Alex Kiselev: http://patches.dpdk.org/patch/40601/ doing the same thing, and I think in a better way (as it goes through LRU list, not entire table). So I'd suggest we go ahead with Alex one. Thanks Konstantin >=20 > Signed-off-by: Qiaobin Fu > Reviewed-by: Cody Doucette > Reviewed-by: Michel Machado > --- > lib/librte_ip_frag/ip_frag_common.h | 18 +++++++++++++++++ > lib/librte_ip_frag/ip_frag_internal.c | 18 ----------------- > lib/librte_ip_frag/rte_ip_frag.h | 17 ++++++++++++++++ > lib/librte_ip_frag/rte_ip_frag_common.c | 26 +++++++++++++++++++++++++ > 4 files changed, 61 insertions(+), 18 deletions(-) >=20 > diff --git a/lib/librte_ip_frag/ip_frag_common.h b/lib/librte_ip_frag/ip_= frag_common.h > index 197acf8d8..ef869182d 100644 > --- a/lib/librte_ip_frag/ip_frag_common.h > +++ b/lib/librte_ip_frag/ip_frag_common.h > @@ -25,6 +25,12 @@ > #define IPv6_KEY_BYTES_FMT \ > "%08" PRIx64 "%08" PRIx64 "%08" PRIx64 "%08" PRIx64 >=20 > +#ifdef RTE_LIBRTE_IP_FRAG_TBL_STAT > +#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) ((s)->f +=3D (v)) > +#else > +#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) do {} while (0) > +#endif /* IP_FRAG_TBL_STAT */ > + > /* internal functions declarations */ > struct rte_mbuf * ip_frag_process(struct ip_frag_pkt *fp, > struct rte_ip_frag_death_row *dr, struct rte_mbuf *mb, > @@ -149,4 +155,16 @@ ip_frag_reset(struct ip_frag_pkt *fp, uint64_t tms) > fp->frags[IP_FIRST_FRAG_IDX] =3D zero_frag; > } >=20 > +/* frag table helper functions */ > +static inline void > +ip_frag_tbl_del(struct rte_ip_frag_tbl *tbl, struct rte_ip_frag_death_ro= w *dr, > + struct ip_frag_pkt *fp) > +{ > + ip_frag_free(fp, dr); > + ip_frag_key_invalidate(&fp->key); > + TAILQ_REMOVE(&tbl->lru, fp, lru); > + tbl->use_entries--; > + IP_FRAG_TBL_STAT_UPDATE(&tbl->stat, del_num, 1); > +} > + > #endif /* _IP_FRAG_COMMON_H_ */ > diff --git a/lib/librte_ip_frag/ip_frag_internal.c b/lib/librte_ip_frag/i= p_frag_internal.c > index 2560c7713..97470a872 100644 > --- a/lib/librte_ip_frag/ip_frag_internal.c > +++ b/lib/librte_ip_frag/ip_frag_internal.c > @@ -14,24 +14,6 @@ > #define IP_FRAG_TBL_POS(tbl, sig) \ > ((tbl)->pkt + ((sig) & (tbl)->entry_mask)) >=20 > -#ifdef RTE_LIBRTE_IP_FRAG_TBL_STAT > -#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) ((s)->f +=3D (v)) > -#else > -#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) do {} while (0) > -#endif /* IP_FRAG_TBL_STAT */ > - > -/* local frag table helper functions */ > -static inline void > -ip_frag_tbl_del(struct rte_ip_frag_tbl *tbl, struct rte_ip_frag_death_ro= w *dr, > - struct ip_frag_pkt *fp) > -{ > - ip_frag_free(fp, dr); > - ip_frag_key_invalidate(&fp->key); > - TAILQ_REMOVE(&tbl->lru, fp, lru); > - tbl->use_entries--; > - IP_FRAG_TBL_STAT_UPDATE(&tbl->stat, del_num, 1); > -} > - > static inline void > ip_frag_tbl_add(struct rte_ip_frag_tbl *tbl, struct ip_frag_pkt *fp, > const struct ip_frag_key *key, uint64_t tms) > diff --git a/lib/librte_ip_frag/rte_ip_frag.h b/lib/librte_ip_frag/rte_ip= _frag.h > index b3f3f78df..79443096c 100644 > --- a/lib/librte_ip_frag/rte_ip_frag.h > +++ b/lib/librte_ip_frag/rte_ip_frag.h > @@ -146,6 +146,23 @@ struct rte_ip_frag_tbl * rte_ip_frag_table_create(ui= nt32_t bucket_num, > uint32_t bucket_entries, uint32_t max_entries, > uint64_t max_cycles, int socket_id); >=20 > +/** > + * Sweep the IP fragmentation table for expired segments. > + * > + * @param tbl > + * Fragmentation table to sweep. > + * @param dr > + * Death row to free buffers to > + * @param next > + * Pointer to the bucket iterator. > + * Should be 0 to start sweeping the fragmentation table. > + * Bucket iterator is incremented after each call of this function. > + * @return > + * 0 if successful. -EINVAL if the parameters are invalid. > + */ > +int rte_ip_frag_sweep_table(struct rte_ip_frag_tbl *tbl, > + struct rte_ip_frag_death_row *dr, uint32_t *next); > + > /** > * Free allocated IP fragmentation table. > * > diff --git a/lib/librte_ip_frag/rte_ip_frag_common.c b/lib/librte_ip_frag= /rte_ip_frag_common.c > index 659a17951..53325ddae 100644 > --- a/lib/librte_ip_frag/rte_ip_frag_common.c > +++ b/lib/librte_ip_frag/rte_ip_frag_common.c > @@ -7,6 +7,7 @@ >=20 > #include > #include > +#include >=20 > #include "ip_frag_common.h" >=20 > @@ -93,6 +94,31 @@ rte_ip_frag_table_destroy(struct rte_ip_frag_tbl *tbl) > rte_free(tbl); > } >=20 > +/* Sweep the IP fragmentation table. */ > +int > +rte_ip_frag_sweep_table(struct rte_ip_frag_tbl *tbl, > + struct rte_ip_frag_death_row *dr, uint32_t *next) > +{ > + uint32_t i; > + uint64_t cur_tsc =3D rte_rdtsc(); > + struct ip_frag_pkt *pkt; > + > + if (tbl =3D=3D NULL || dr =3D=3D NULL || next =3D=3D NULL || > + (*next * tbl->bucket_entries >=3D tbl->nb_entries)) > + return -EINVAL; > + > + pkt =3D tbl->pkt + *next * tbl->bucket_entries; > + for (i =3D 0; i < tbl->bucket_entries; i++) { > + if (tbl->max_cycles + pkt[i].start < cur_tsc) > + ip_frag_tbl_del(tbl, dr, pkt + i); > + } > + > + *next =3D (*next + 1) * tbl->bucket_entries >=3D tbl->nb_entries ? > + 0 : *next + 1; > + > + return 0; > +} > + > /* dump frag table statistics to file */ > void > rte_ip_frag_table_statistics_dump(FILE *f, const struct rte_ip_frag_tbl = *tbl) > -- > 2.17.1