From be5bbb9b06811b98f677460fd2b89001db580582 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Fri, 18 Mar 2022 12:18:19 +0100 Subject: tcp: Rework timers to use timerfd instead of periodic bitmap scan With a lot of concurrent connections, the bitmap scan approach is not really sustainable. Switch to per-connection timerfd timers, set based on events and on two new flags, ACK_FROM_TAP_DUE and ACK_TO_TAP_DUE. Timers are added to the common epoll list, and implement the existing timeouts. While at it, drop the CONN_ prefix from flag names, otherwise they get quite long, and fix the logic to decide if a connection has a local, possibly unreachable endpoint: we shouldn't go through the rest of tcp_conn_from_tap() if we reset the connection due to a successful bind(2), and we'll get EACCES if the port number is low. Suggested by: Stefan Hajnoczi Signed-off-by: Stefano Brivio --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index cd4caa3..906c13a 100644 --- a/README.md +++ b/README.md @@ -287,11 +287,9 @@ speeding up local connections, and usually requiring NAT. _pasta_: * ✅ all capabilities dropped, other than `CAP_NET_BIND_SERVICE` (if granted) * ✅ with default options, user, mount, IPC, UTS, PID namespaces are detached * ✅ no external dependencies (other than a standard C library) -* ✅ restrictive seccomp profiles (22 syscalls allowed for _passt_, 34 for +* ✅ restrictive seccomp profiles (25 syscalls allowed for _passt_, 37 for _pasta_ on x86_64) * ✅ static checkers in continuous integration (clang-tidy, cppcheck) -* 🛠️ rework of TCP state machine (flags instead of states), TCP timers, and code - de-duplication * 🛠️ clearly defined packet abstraction * 🛠️ ~5 000 LoC target * ⌚ [fuzzing](https://bugs.passt.top/show_bug.cgi?id=9), _packetdrill_ tests -- cgit v1.2.3