aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/vnet.am4
-rw-r--r--src/vnet/CMakeLists.txt1
-rw-r--r--src/vnet/ip/ip4.h5
-rw-r--r--src/vnet/ip/ip4_forward.c24
-rw-r--r--src/vnet/ip/ip4_input.c12
-rw-r--r--src/vnet/util/throttle.c38
-rw-r--r--src/vnet/util/throttle.h79
-rw-r--r--test/test_neighbor.py31
8 files changed, 161 insertions, 33 deletions
diff --git a/src/vnet.am b/src/vnet.am
index b9ff17d4739..b9402b11e74 100644
--- a/src/vnet.am
+++ b/src/vnet.am
@@ -1243,8 +1243,12 @@ nobase_include_HEADERS += \
libvnet_la_SOURCES += \
vnet/util/radix.c \
vnet/util/refcount.c \
+ vnet/util/throttle.c \
vnet/util/trajectory.c
+nobase_include_HEADERS += \
+ vnet/util/throttle.h
+
########################################
# QoS
########################################
diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt
index 9f36e676184..7dde4f7c21f 100644
--- a/src/vnet/CMakeLists.txt
+++ b/src/vnet/CMakeLists.txt
@@ -1263,6 +1263,7 @@ list(APPEND VNET_HEADERS
list(APPEND VNET_SOURCES
util/radix.c
util/refcount.c
+ util/throttle.c
util/trajectory.c
)
diff --git a/src/vnet/ip/ip4.h b/src/vnet/ip/ip4.h
index e3cbe27dd89..9cb54bdfc41 100644
--- a/src/vnet/ip/ip4.h
+++ b/src/vnet/ip/ip4.h
@@ -45,6 +45,7 @@
#include <vnet/buffer.h>
#include <vnet/feature/feature.h>
#include <vnet/ip/icmp46_packet.h>
+#include <vnet/util/throttle.h>
typedef struct ip4_mfib_t
{
@@ -156,9 +157,7 @@ typedef struct ip4_main_t
void *mtrie_mheap;
/** ARP throttling */
- uword **arp_throttle_bitmaps;
- u32 *arp_throttle_seeds;
- f64 *arp_throttle_last_seed_change_time;
+ throttle_t arp_throttle;
} ip4_main_t;
diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c
index 614b6e2cb4a..d5cf011b677 100644
--- a/src/vnet/ip/ip4_forward.c
+++ b/src/vnet/ip/ip4_forward.c
@@ -1719,21 +1719,11 @@ ip4_arp_inline (vlib_main_t * vm,
uword n_left_from, n_left_to_next_drop, next_index;
u32 thread_index = vm->thread_index;
u32 seed;
- f64 time_now;
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
- time_now = vlib_time_now (vm);
- if (time_now - im->arp_throttle_last_seed_change_time[thread_index] > 1e-3)
- {
- (void) random_u32 (&im->arp_throttle_seeds[thread_index]);
- memset (im->arp_throttle_bitmaps[thread_index], 0,
- ARP_THROTTLE_BITS / BITS (u8));
-
- im->arp_throttle_last_seed_change_time[thread_index] = time_now;
- }
- seed = im->arp_throttle_seeds[thread_index];
+ seed = throttle_seed (&im->arp_throttle, thread_index, vlib_time_now (vm));
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -1748,8 +1738,7 @@ ip4_arp_inline (vlib_main_t * vm,
while (n_left_from > 0 && n_left_to_next_drop > 0)
{
- u32 pi0, adj_index0, r0, w0, sw_if_index0, drop0;
- uword m0;
+ u32 pi0, adj_index0, r0, sw_if_index0, drop0;
ip_adjacency_t *adj0;
vlib_buffer_t *p0;
ip4_header_t *ip0;
@@ -1778,14 +1767,7 @@ ip4_arp_inline (vlib_main_t * vm,
r0 = adj0->sub_type.nbr.next_hop.ip4.data_u32;
}
- r0 ^= seed;
- /* Select bit number */
- r0 &= ARP_THROTTLE_BITS - 1;
- w0 = r0 / BITS (uword);
- m0 = (uword) 1 << (r0 % BITS (uword));
-
- drop0 = (im->arp_throttle_bitmaps[thread_index][w0] & m0) != 0;
- im->arp_throttle_bitmaps[thread_index][w0] |= m0;
+ drop0 = throttle_check (&im->arp_throttle, thread_index, r0, seed);
from += 1;
n_left_from -= 1;
diff --git a/src/vnet/ip/ip4_input.c b/src/vnet/ip/ip4_input.c
index 1425786a4b1..5a2ae17391f 100644
--- a/src/vnet/ip/ip4_input.c
+++ b/src/vnet/ip/ip4_input.c
@@ -41,6 +41,7 @@
#include <vnet/ethernet/ethernet.h>
#include <vnet/ppp/ppp.h>
#include <vnet/hdlc/hdlc.h>
+#include <vnet/util/throttle.h>
typedef struct
{
@@ -390,17 +391,10 @@ ip4_main_loop_enter (vlib_main_t * vm)
ip4_main_t *im = &ip4_main;
vlib_thread_main_t *tm = &vlib_thread_main;
u32 n_vlib_mains = tm->n_vlib_mains;
- int i;
+ throttle_init (&im->arp_throttle, n_vlib_mains, 1e-3);
- vec_validate (im->arp_throttle_bitmaps, n_vlib_mains);
- vec_validate (im->arp_throttle_seeds, n_vlib_mains);
- vec_validate (im->arp_throttle_last_seed_change_time, n_vlib_mains);
-
- for (i = 0; i < n_vlib_mains; i++)
- vec_validate (im->arp_throttle_bitmaps[i],
- (ARP_THROTTLE_BITS / BITS (uword)) - 1);
- return 0;
+ return (NULL);
}
VLIB_MAIN_LOOP_ENTER_FUNCTION (ip4_main_loop_enter);
diff --git a/src/vnet/util/throttle.c b/src/vnet/util/throttle.c
new file mode 100644
index 00000000000..0985b4a81a3
--- /dev/null
+++ b/src/vnet/util/throttle.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vnet/util/throttle.h>
+
+void
+throttle_init (throttle_t * t, u32 n_threads, f64 time)
+{
+ u32 i;
+
+ t->time = time;
+ vec_validate (t->bitmaps, n_threads);
+ vec_validate (t->seeds, n_threads);
+ vec_validate (t->last_seed_change_time, n_threads);
+
+ for (i = 0; i < n_threads; i++)
+ vec_validate (t->bitmaps[i], (THROTTLE_BITS / BITS (uword)) - 1);
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vnet/util/throttle.h b/src/vnet/util/throttle.h
new file mode 100644
index 00000000000..0c518d3555b
--- /dev/null
+++ b/src/vnet/util/throttle.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __THROTTLE_H__
+#define __THROTTLE_H__
+
+#include <vlib/vlib.h>
+
+/**
+ * @brief A throttle
+ * Used in the data plane to decide if a given hash should be throttled,
+ * i.e. that the hash has been seen alreay 'recently'. Recent is the time
+ * given in the throttle's initialisation.
+ */
+typedef struct throttle_t_
+{
+ f64 time;
+ uword **bitmaps;
+ u32 *seeds;
+ f64 *last_seed_change_time;
+} throttle_t;
+
+#define THROTTLE_BITS (512)
+
+extern void throttle_init (throttle_t * t, u32 n_threads, f64 time);
+
+always_inline u32
+throttle_seed (throttle_t * t, u32 thread_index, f64 time_now)
+{
+ if (time_now - t->last_seed_change_time[thread_index] > t->time)
+ {
+ (void) random_u32 (&t->seeds[thread_index]);
+ memset (t->bitmaps[thread_index], 0, THROTTLE_BITS / BITS (u8));
+
+ t->last_seed_change_time[thread_index] = time_now;
+ }
+ return t->seeds[thread_index];
+}
+
+always_inline int
+throttle_check (throttle_t * t, u32 thread_index, u32 hash, u32 seed)
+{
+ int drop;
+ uword m;
+ u32 w;
+
+ hash ^= seed;
+ /* Select bit number */
+ hash &= THROTTLE_BITS - 1;
+ w = hash / BITS (uword);
+ m = (uword) 1 << (hash % BITS (uword));
+
+ drop = (t->bitmaps[thread_index][w] & m) != 0;
+ t->bitmaps[thread_index][w] |= m;
+
+ return (drop);
+}
+
+#endif
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/test/test_neighbor.py b/test/test_neighbor.py
index 9d91f031571..f01f5367703 100644
--- a/test/test_neighbor.py
+++ b/test/test_neighbor.py
@@ -1316,6 +1316,37 @@ class ARPTestCase(VppTestCase):
self.pg1.sw_if_index,
self.pg1.remote_hosts[2].ip4))
+ def test_arp_incomplete(self):
+
+ #
+ # ensure that we throttle the ARP requests
+ #
+ self.pg0.generate_remote_hosts(2)
+
+ ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
+ [VppRoutePath(self.pg0.remote_hosts[1].ip4,
+ self.pg0.sw_if_index,
+ labels=[55])])
+ ip_10_0_0_1.add_vpp_config()
+
+ p1 = (Ether(dst=self.pg1.local_mac,
+ src=self.pg1.remote_mac) /
+ IP(src=self.pg1.remote_ip4,
+ dst="10.0.0.1") /
+ UDP(sport=1234, dport=1234) /
+ Raw())
+
+ self.pg1.add_stream(p1 * 257)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ rx = self.pg0._get_capture(1)
+
+ #
+ # how many we get is going to be dependent on the time for packet
+ # processing but it should be small
+ #
+ self.assertTrue(len(rx) < 64)
+
if __name__ == '__main__':
unittest.main(testRunner=VppTestRunner)