diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2023-09-28 11:21:02 +1000 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-09-30 12:40:53 +0200 |
| commit | fc8f0f8c48ef12edbf60f74f37024917f5812385 (patch) | |
| tree | 470cc57b733611a8447b725635fa5d9e18b7315d /tcp.c | |
| parent | 04b10a8d907d8ceb09e3adb4885c02f546841bbc (diff) | |
| download | passt-fc8f0f8c48ef12edbf60f74f37024917f5812385.tar passt-fc8f0f8c48ef12edbf60f74f37024917f5812385.tar.gz passt-fc8f0f8c48ef12edbf60f74f37024917f5812385.tar.bz2 passt-fc8f0f8c48ef12edbf60f74f37024917f5812385.tar.lz passt-fc8f0f8c48ef12edbf60f74f37024917f5812385.tar.xz passt-fc8f0f8c48ef12edbf60f74f37024917f5812385.tar.zst passt-fc8f0f8c48ef12edbf60f74f37024917f5812385.zip | |
siphash: Use incremental rather than all-at-once siphash functions
We have a bunch of variants of the siphash functions for different data
sizes. The callers, in tcp.c, need to pack the various values they want to
hash into a temporary structure, then call the appropriate version. We can
avoid the copy into the temporary by directly using the incremental
siphash functions.
The length specific hash functions also have an undocumented constraint
that the data pointer they take must, in fact, be aligned to avoid
unaligned accesses, which may cause crashes on some architectures.
So, prefer the incremental approach and remove the length-specific
functions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tcp.c')
| -rw-r--r-- | tcp.c | 32 |
1 files changed, 10 insertions, 22 deletions
@@ -1165,18 +1165,13 @@ static int tcp_hash_match(const struct tcp_tap_conn *conn, static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr, in_port_t eport, in_port_t fport) { - struct { - union inany_addr faddr; - in_port_t eport; - in_port_t fport; - } __attribute__((__packed__)) in = { - *faddr, eport, fport - }; - uint64_t b = 0; + struct siphash_state state = SIPHASH_INIT(c->tcp.hash_secret); + uint64_t hash; - b = siphash_20b((uint8_t *)&in, c->tcp.hash_secret); + inany_siphash_feed(&state, faddr); + hash = siphash_final(&state, 20, (uint64_t)eport << 16 | fport); - return (unsigned int)(b % TCP_HASH_TABLE_SIZE); + return (unsigned int)(hash % TCP_HASH_TABLE_SIZE); } /** @@ -1815,17 +1810,8 @@ static void tcp_clamp_window(const struct ctx *c, struct tcp_tap_conn *conn, static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn, const struct timespec *now) { + struct siphash_state state = SIPHASH_INIT(c->tcp.hash_secret); union inany_addr aany; - struct { - union inany_addr src; - in_port_t srcport; - union inany_addr dst; - in_port_t dstport; - } __attribute__((__packed__)) in = { - .src = conn->faddr, - .srcport = conn->fport, - .dstport = conn->eport, - }; uint64_t hash; uint32_t ns; @@ -1833,9 +1819,11 @@ static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn, inany_from_af(&aany, AF_INET, &c->ip4.addr); else inany_from_af(&aany, AF_INET6, &c->ip6.addr); - in.dst = aany; - hash = siphash_36b((uint8_t *)&in, c->tcp.hash_secret); + inany_siphash_feed(&state, &conn->faddr); + inany_siphash_feed(&state, &aany); + hash = siphash_final(&state, 36, + (uint64_t)conn->fport << 16 | conn->eport); /* 32ns ticks, overflows 32 bits every 137s */ ns = (now->tv_sec * 1000000000 + now->tv_nsec) >> 5; |