o Remove at compile time the HASH_ALL code, that was never

tested and is unfinished. However, I've tested my version, it works okay. As before it is unfinished: timeout aren't driven by TCP session state. To enable the HASH_ALL mode, one needs in kernel config: options FLOWTABLE_HASH_ALL o Reduce the alignment on flentry to 64 bytes. Without the FLOWTABLE_HASH_ALL option, twice less memory would be consumed by flows. o API to ip_output()/ip6_output() got even more thin: 1 liner. o Remove unused unions. Simply use fle->f_key[]. o Merge all IPv4 code into flowtable_lookup_ipv4(), and do same flowtable_lookup_ipv6(). Stop copying data to on stack sockaddr structures, simply use key[] on stack. o Move code from flowtable_lookup_common() that actually works on insertion into flowtable_insert(). Sponsored by: Netflix Sponsored by: Nginx, Inc.
2026-05-28 04:12:45 -04:00 · 2014-02-17 11:50:56 +00:00 · 2014-02-17 11:50:56 +00:00 · 0ff96b4f55
commit 0ff96b4f55
parent f37fafddd6
5 changed files with 393 additions and 713 deletions
--- a/sys/conf/options
+++ b/sys/conf/options
@ -440,6 +440,7 @@ TCP_SIGNATURE		opt_inet.h
 VLAN_ARRAY		opt_vlan.h
 XBONEHACK
 FLOWTABLE		opt_route.h
+FLOWTABLE_HASH_ALL	opt_route.h

 #
 # SCTP
--- a/sys/net/flowtable.c
+++ b/sys/net/flowtable.c
--- a/sys/net/flowtable.h
+++ b/sys/net/flowtable.h
@ -45,34 +45,12 @@ struct flowtable_stat {

 #ifdef	_KERNEL

-#define	FL_HASH_ALL	(1<<0)	/* hash 4-tuple + protocol */
-#define FL_IPV6  	(1<<9)
-
-#define	FL_TCP		(1<<11)
-#define	FL_SCTP		(1<<12)
-#define	FL_UDP		(1<<13)
-#define	FL_DEBUG	(1<<14)
-#define	FL_DEBUG_ALL	(1<<15)
-
-struct flowtable;
-struct flentry;
-struct route;
-struct route_in6;
-
 /*
- * Given a flow table, look up the L3 and L2 information and
- * return it in the route.
- *
+ * Given a flow table, look up the L3 and L2 information
+ * and return it in the route.
 */
-struct flentry *flowtable_lookup(sa_family_t, struct mbuf *);
+int flowtable_lookup(sa_family_t, struct mbuf *, struct route *);
 void flowtable_route_flush(sa_family_t, struct rtentry *);

-#ifdef INET
-void flow_to_route(struct flentry *fl, struct route *ro);
-#endif
-#ifdef INET6
-void flow_to_route_in6(struct flentry *fl, struct route_in6 *ro);
-#endif
-
 #endif /* _KERNEL */
 #endif /* !_NET_FLOWTABLE_H_ */
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@ -154,19 +154,8 @@ ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags,
 	}

 #ifdef FLOWTABLE
-	if (ro->ro_rt == NULL) {
-		struct flentry *fle;
-
-		/*
-		 * The flow table returns route entries valid for up to 30
-		 * seconds; we rely on the remainder of ip_output() taking no
-		 * longer than that long for the stability of ro_rt. The
-		 * flow ID assignment must have happened before this point.
-		 */
-		fle = flowtable_lookup(AF_INET, m);
-		if (fle != NULL)
-			flow_to_route(fle, ro);
-	}
+	if (ro->ro_rt == NULL)
+		(void )flowtable_lookup(AF_INET, m, ro);
 #endif

 	if (opt) {
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@ -522,19 +522,8 @@ skip_ipsec2:;
 		ro = &opt->ip6po_route;
 	dst = (struct sockaddr_in6 *)&ro->ro_dst;
 #ifdef FLOWTABLE
-	if (ro->ro_rt == NULL) {
-		struct flentry *fle;
-
-		/*
-		 * The flow table returns route entries valid for up to 30
-		 * seconds; we rely on the remainder of ip_output() taking no
-		 * longer than that long for the stability of ro_rt.  The
-		 * flow ID assignment must have happened before this point.
-		 */
-		fle = flowtable_lookup(AF_INET6, m);
-		if (fle != NULL)
-			flow_to_route_in6(fle, ro);
-	}
+	if (ro->ro_rt == NULL)
+		(void )flowtable_lookup(AF_INET6, m, (struct route *)ro);
 #endif
 again:
 	/*