tcp: Rework timers to use timerfd instead of periodic bitmap scan

With a lot of concurrent connections, the bitmap scan approach is not really sustainable. Switch to per-connection timerfd timers, set based on events and on two new flags, ACK_FROM_TAP_DUE and ACK_TO_TAP_DUE. Timers are added to the common epoll list, and implement the existing timeouts. While at it, drop the CONN_ prefix from flag names, otherwise they get quite long, and fix the logic to decide if a connection has a local, possibly unreachable endpoint: we shouldn't go through the rest of tcp_conn_from_tap() if we reset the connection due to a successful bind(2), and we'll get EACCES if the port number is low. Suggested by: Stefan Hajnoczi <[email protected]> Signed-off-by: Stefano Brivio <[email protected]>
AkihiroSuda · Mar 29, 2022 · be5bbb9 · be5bbb9
1 parent 3eb19cf
commit be5bbb9
Show file tree

Hide file tree

Showing 5 changed files with 288 additions and 241 deletions.
diff --git a/README.md b/README.md
@@ -287,11 +287,9 @@ speeding up local connections, and usually requiring NAT. _pasta_:
 * ✅ all capabilities dropped, other than `CAP_NET_BIND_SERVICE` (if granted)
 * ✅ with default options, user, mount, IPC, UTS, PID namespaces are detached
 * ✅ no external dependencies (other than a standard C library)
-* ✅ restrictive seccomp profiles (22 syscalls allowed for _passt_, 34 for
+* ✅ restrictive seccomp profiles (25 syscalls allowed for _passt_, 37 for
   _pasta_ on x86_64)
 * ✅ static checkers in continuous integration (clang-tidy, cppcheck)
-* 🛠️ rework of TCP state machine (flags instead of states), TCP timers, and code
-  de-duplication
 * 🛠️ clearly defined packet abstraction
 * 🛠️ ~5 000 LoC target
 * ⌚ [fuzzing](https://bugs.passt.top/show_bug.cgi?id=9), _packetdrill_ tests

diff --git a/passt.c b/passt.c
@@ -119,12 +119,12 @@ static void post_handler(struct ctx *c, struct timespec *now)
 #define CALL_PROTO_HANDLER(c, now, lc, uc)				\
 	do {								\
 		extern void						\
-		lc ## _defer_handler (struct ctx *, struct timespec *)	\
+		lc ## _defer_handler (struct ctx *c)			\
 		__attribute__ ((weak));					\
 									\
 		if (!c->no_ ## lc) {					\
 			if (lc ## _defer_handler)			\
-				lc ## _defer_handler(c, now);		\
+				lc ## _defer_handler(c);		\
 									\
 			if (timespec_diff_ms((now), &c->lc.timer_run)	\
 			    >= uc ## _TIMER_INTERVAL) {			\
@@ -134,8 +134,11 @@ static void post_handler(struct ctx *c, struct timespec *now)
 		} 							\
 	} while (0)
 
+	/* NOLINTNEXTLINE(bugprone-branch-clone): intervals can be the same */
 	CALL_PROTO_HANDLER(c, now, tcp, TCP);
+	/* NOLINTNEXTLINE(bugprone-branch-clone): intervals can be the same */
 	CALL_PROTO_HANDLER(c, now, udp, UDP);
+	/* NOLINTNEXTLINE(bugprone-branch-clone): intervals can be the same */
 	CALL_PROTO_HANDLER(c, now, icmp, ICMP);
 
 #undef CALL_PROTO_HANDLER
@@ -380,8 +383,8 @@ int main(int argc, char **argv)
 
 	clock_gettime(CLOCK_MONOTONIC, &now);
 
-	if ((!c.no_udp && udp_sock_init(&c, &now)) ||
-	    (!c.no_tcp && tcp_sock_init(&c, &now)))
+	if ((!c.no_udp && udp_sock_init(&c)) ||
+	    (!c.no_tcp && tcp_sock_init(&c)))
 		exit(EXIT_FAILURE);
 
 	proto_update_l2_buf(c.mac_guest, c.mac, &c.addr4);
@@ -425,6 +428,7 @@ int main(int argc, char **argv)
 	timer_init(&c, &now);
 
 loop:
+	/* NOLINTNEXTLINE(bugprone-branch-clone): intervals can be the same */
 	nfds = epoll_wait(c.epollfd, events, EPOLL_EVENTS, TIMER_INTERVAL);
 	if (nfds == -1 && errno != EINTR) {
 		perror("epoll_wait");

diff --git a/tap.c b/tap.c
@@ -939,7 +939,7 @@ void tap_sock_init(struct ctx *c)
  * @c:		Execution context
  * @fd:		File descriptor where event occurred
  * @events:	epoll events
- * @now:	Current timestamp
+ * @now:	Current timestamp, can be NULL on EPOLLERR
  */
 void tap_handler(struct ctx *c, int fd, uint32_t events, struct timespec *now)
 {