From patchwork Thu Jun 28 06:12:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Fu, Qiaobin" X-Patchwork-Id: 41793 X-Patchwork-Delegate: thomas@monjalon.net Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1C829532C; Thu, 28 Jun 2018 08:12:43 +0200 (CEST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0116.outbound.protection.outlook.com [104.47.42.116]) by dpdk.org (Postfix) with ESMTP id 295A84F9A for ; Thu, 28 Jun 2018 08:12:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bushare.onmicrosoft.com; s=selector1-bu-edu; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HXRHRpQPIz2Z6bQpoZDhEj3zO1JzxTh3wMdbZgx6kx0=; b=ZA6jH4abNpE/eJpOBhvF+jvxoikWJCyOBfGX8VcZzRZt8fexlOfHxMLytuDgbuXg072sT/fk3ckLIGXU4JOvlSx3FYLs9MTDEvRdvNAjnX0DhQHH8I46c1OrpkQ32NFps19nonopcLz0BScA6goQRqlzmVIRr7K1BN+nh8+R1w0= Received: from MWHSPR01MB303.namprd03.prod.outlook.com (10.174.170.167) by MWHPR03MB3101.namprd03.prod.outlook.com (10.174.174.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.23; Thu, 28 Jun 2018 06:12:38 +0000 Received: from MWHSPR01MB303.namprd03.prod.outlook.com ([fe80::d50a:f68a:5de5:42a2]) by MWHSPR01MB303.namprd03.prod.outlook.com ([fe80::d50a:f68a:5de5:42a2%2]) with mapi id 15.20.0906.023; Thu, 28 Jun 2018 06:12:38 +0000 From: "Fu, Qiaobin" To: "konstantin.ananyev@intel.com" CC: "dev@dpdk.org" , Michel Machado , "Fu, Qiaobin" , "Doucette, Cody, Joseph" Thread-Topic: [PATCH] ip_frag: add function rte_ip_frag_sweep_table() Thread-Index: AQHUDqcD/cj/CAiHW02ogWzuIGfirA== Date: Thu, 28 Jun 2018 06:12:37 +0000 Message-ID: <4DB9E2E1-58A9-470C-B866-4F413CD59B09@bu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=qiaobinf@bu.edu; x-originating-ip: [67.180.169.0] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR03MB3101; 7:p+v+ivnCkyTX6PIBmb+H1tUyH+SQ7p8ykMpNdkZMTcn8UiL+OIdd6ZBkS4OYoAP+VSXIXGrzGV63iqAEt0N1Tn1lWAip3sjo5Pj0KoIZrYS1QyZ0MzxE8iFW6mBX66z0e6eREBfnCQlqCpad+EPXkTUu4VhgYB72YiQTKxLgV8z2UGhdnAFDD6WkLerCLo/yVSc4srXFLvU1jLASEPc9Wln9Q7/f9rZg6nng3hZKXl+wDg/O9EpO0Hz8itoztyTK x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 5b476983-cd3f-4550-a9b9-08d5dcbe25e9 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652034)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600026)(711020)(2017052603328)(7153060)(7193020); SRVR:MWHPR03MB3101; x-ms-traffictypediagnostic: MWHPR03MB3101: x-ld-processed: d57d32cc-c121-488f-b07b-dfe705680c71,ExtAddr x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(238701278423138)(166494164430575); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231254)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(149027)(150027)(6041310)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:MWHPR03MB3101; BCL:0; PCL:0; RULEID:; SRVR:MWHPR03MB3101; x-forefront-prvs: 0717E25089 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(376002)(39860400002)(366004)(396003)(346002)(189003)(199004)(66066001)(2906002)(68736007)(478600001)(82746002)(486006)(476003)(25786009)(2616005)(4326008)(5660300001)(54906003)(6916009)(6436002)(36756003)(33656002)(5640700003)(6486002)(6512007)(14444005)(97736004)(75432002)(256004)(83716003)(102836004)(1857600001)(786003)(106356001)(99286004)(5250100002)(105586002)(81156014)(7736002)(86362001)(3846002)(8936002)(316002)(186003)(26005)(81166006)(2351001)(8676002)(6116002)(2900100001)(305945005)(88552002)(53936002)(14454004)(6506007)(2501003)(7756004); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR03MB3101; H:MWHSPR01MB303.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: bu.edu does not designate permitted sender hosts) x-microsoft-antispam-message-info: ztWOV9B7I1DdG3GI2m2p5L/pq9kk6W+uebuXl3MmWtFJ5TNcHbKcrXYvvkuObcFRVbVIRDwtcJXQ5lShEx7GB9VMb5FpVqyx0iL8xMX3pDYzji/eCjJ85DgdaAdVMWpPUtpWMHqQR2OokSZlXN7R1jgFJAXU6Lzw6kp5t2VhI1naCKpkCerkkTl9OvzDQnJ6sQ0v4mgog25mFEWGIOJhf9pfsjvkFiGGGbMfB94hEKF+8LrhPg9xyq7STI+eTcdcv38RLM4wvLi+z1OaAyKStriE879v0yl75T1YU+e5W5U5hNbkX/4N3gIwtiI8n+2aWgb4Kv5MICZFREfrA3R8Yo3XB0zII9NISy3oDG9c9r8= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: <09B298D45501AA419E3A958BD38BD257@namprd03.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: bu.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 5b476983-cd3f-4550-a9b9-08d5dcbe25e9 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2018 06:12:37.9299 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d57d32cc-c121-488f-b07b-dfe705680c71 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR03MB3101 Subject: [dpdk-dev] [PATCH] ip_frag: add function rte_ip_frag_sweep_table() X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Function rte_ip_frag_sweep_table() enables callers to incrementally sweep IP frament tables for incomplete, expired fragments. rte_ip_frag_sweep_table() is needed to identify never-to-be-completed fragments during DDoS attacks. Signed-off-by: Qiaobin Fu Reviewed-by: Cody Doucette Reviewed-by: Michel Machado --- lib/librte_ip_frag/ip_frag_common.h | 18 +++++++++++++++++ lib/librte_ip_frag/ip_frag_internal.c | 18 ----------------- lib/librte_ip_frag/rte_ip_frag.h | 17 ++++++++++++++++ lib/librte_ip_frag/rte_ip_frag_common.c | 26 +++++++++++++++++++++++++ 4 files changed, 61 insertions(+), 18 deletions(-) diff --git a/lib/librte_ip_frag/ip_frag_common.h b/lib/librte_ip_frag/ip_frag_common.h index 197acf8d8..ef869182d 100644 --- a/lib/librte_ip_frag/ip_frag_common.h +++ b/lib/librte_ip_frag/ip_frag_common.h @@ -25,6 +25,12 @@ #define IPv6_KEY_BYTES_FMT \ "%08" PRIx64 "%08" PRIx64 "%08" PRIx64 "%08" PRIx64 +#ifdef RTE_LIBRTE_IP_FRAG_TBL_STAT +#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) ((s)->f += (v)) +#else +#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) do {} while (0) +#endif /* IP_FRAG_TBL_STAT */ + /* internal functions declarations */ struct rte_mbuf * ip_frag_process(struct ip_frag_pkt *fp, struct rte_ip_frag_death_row *dr, struct rte_mbuf *mb, @@ -149,4 +155,16 @@ ip_frag_reset(struct ip_frag_pkt *fp, uint64_t tms) fp->frags[IP_FIRST_FRAG_IDX] = zero_frag; } +/* frag table helper functions */ +static inline void +ip_frag_tbl_del(struct rte_ip_frag_tbl *tbl, struct rte_ip_frag_death_row *dr, + struct ip_frag_pkt *fp) +{ + ip_frag_free(fp, dr); + ip_frag_key_invalidate(&fp->key); + TAILQ_REMOVE(&tbl->lru, fp, lru); + tbl->use_entries--; + IP_FRAG_TBL_STAT_UPDATE(&tbl->stat, del_num, 1); +} + #endif /* _IP_FRAG_COMMON_H_ */ diff --git a/lib/librte_ip_frag/ip_frag_internal.c b/lib/librte_ip_frag/ip_frag_internal.c index 2560c7713..97470a872 100644 --- a/lib/librte_ip_frag/ip_frag_internal.c +++ b/lib/librte_ip_frag/ip_frag_internal.c @@ -14,24 +14,6 @@ #define IP_FRAG_TBL_POS(tbl, sig) \ ((tbl)->pkt + ((sig) & (tbl)->entry_mask)) -#ifdef RTE_LIBRTE_IP_FRAG_TBL_STAT -#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) ((s)->f += (v)) -#else -#define IP_FRAG_TBL_STAT_UPDATE(s, f, v) do {} while (0) -#endif /* IP_FRAG_TBL_STAT */ - -/* local frag table helper functions */ -static inline void -ip_frag_tbl_del(struct rte_ip_frag_tbl *tbl, struct rte_ip_frag_death_row *dr, - struct ip_frag_pkt *fp) -{ - ip_frag_free(fp, dr); - ip_frag_key_invalidate(&fp->key); - TAILQ_REMOVE(&tbl->lru, fp, lru); - tbl->use_entries--; - IP_FRAG_TBL_STAT_UPDATE(&tbl->stat, del_num, 1); -} - static inline void ip_frag_tbl_add(struct rte_ip_frag_tbl *tbl, struct ip_frag_pkt *fp, const struct ip_frag_key *key, uint64_t tms) diff --git a/lib/librte_ip_frag/rte_ip_frag.h b/lib/librte_ip_frag/rte_ip_frag.h index b3f3f78df..79443096c 100644 --- a/lib/librte_ip_frag/rte_ip_frag.h +++ b/lib/librte_ip_frag/rte_ip_frag.h @@ -146,6 +146,23 @@ struct rte_ip_frag_tbl * rte_ip_frag_table_create(uint32_t bucket_num, uint32_t bucket_entries, uint32_t max_entries, uint64_t max_cycles, int socket_id); +/** + * Sweep the IP fragmentation table for expired segments. + * + * @param tbl + * Fragmentation table to sweep. + * @param dr + * Death row to free buffers to + * @param next + * Pointer to the bucket iterator. + * Should be 0 to start sweeping the fragmentation table. + * Bucket iterator is incremented after each call of this function. + * @return + * 0 if successful. -EINVAL if the parameters are invalid. + */ +int rte_ip_frag_sweep_table(struct rte_ip_frag_tbl *tbl, + struct rte_ip_frag_death_row *dr, uint32_t *next); + /** * Free allocated IP fragmentation table. * diff --git a/lib/librte_ip_frag/rte_ip_frag_common.c b/lib/librte_ip_frag/rte_ip_frag_common.c index 659a17951..53325ddae 100644 --- a/lib/librte_ip_frag/rte_ip_frag_common.c +++ b/lib/librte_ip_frag/rte_ip_frag_common.c @@ -7,6 +7,7 @@ #include #include +#include #include "ip_frag_common.h" @@ -93,6 +94,31 @@ rte_ip_frag_table_destroy(struct rte_ip_frag_tbl *tbl) rte_free(tbl); } +/* Sweep the IP fragmentation table. */ +int +rte_ip_frag_sweep_table(struct rte_ip_frag_tbl *tbl, + struct rte_ip_frag_death_row *dr, uint32_t *next) +{ + uint32_t i; + uint64_t cur_tsc = rte_rdtsc(); + struct ip_frag_pkt *pkt; + + if (tbl == NULL || dr == NULL || next == NULL || + (*next * tbl->bucket_entries >= tbl->nb_entries)) + return -EINVAL; + + pkt = tbl->pkt + *next * tbl->bucket_entries; + for (i = 0; i < tbl->bucket_entries; i++) { + if (tbl->max_cycles + pkt[i].start < cur_tsc) + ip_frag_tbl_del(tbl, dr, pkt + i); + } + + *next = (*next + 1) * tbl->bucket_entries >= tbl->nb_entries ? + 0 : *next + 1; + + return 0; +} + /* dump frag table statistics to file */ void rte_ip_frag_table_statistics_dump(FILE *f, const struct rte_ip_frag_tbl *tbl)