1
0
mirror of https://passt.top/passt synced 2024-12-22 05:35:23 +00:00

siphash: Use incremental rather than all-at-once siphash functions

We have a bunch of variants of the siphash functions for different data
sizes.  The callers, in tcp.c, need to pack the various values they want to
hash into a temporary structure, then call the appropriate version.  We can
avoid the copy into the temporary by directly using the incremental
siphash functions.

The length specific hash functions also have an undocumented constraint
that the data pointer they take must, in fact, be aligned to avoid
unaligned accesses, which may cause crashes on some architectures.

So, prefer the incremental approach and remove the length-specific
functions.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson 2023-09-28 11:21:02 +10:00 committed by Stefano Brivio
parent 04b10a8d90
commit fc8f0f8c48
5 changed files with 28 additions and 145 deletions

View File

@ -45,7 +45,7 @@ FLAGS += -DDUAL_STACK_SOCKETS=$(DUAL_STACK_SOCKETS)
PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c icmp.c igmp.c \ PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c icmp.c igmp.c \
isolation.c lineread.c log.c mld.c ndp.c netlink.c packet.c passt.c \ isolation.c lineread.c log.c mld.c ndp.c netlink.c packet.c passt.c \
pasta.c pcap.c siphash.c tap.c tcp.c tcp_splice.c udp.c util.c pasta.c pcap.c tap.c tcp.c tcp_splice.c udp.c util.c
QRAP_SRCS = qrap.c QRAP_SRCS = qrap.c
SRCS = $(PASST_SRCS) $(QRAP_SRCS) SRCS = $(PASST_SRCS) $(QRAP_SRCS)

17
inany.h
View File

@ -14,8 +14,9 @@
* @v4mapped.zero: All zero-bits for an IPv4 address * @v4mapped.zero: All zero-bits for an IPv4 address
* @v4mapped.one: All one-bits for an IPv4 address * @v4mapped.one: All one-bits for an IPv4 address
* @v4mapped.a4: If @a6 is an IPv4 mapped address, the IPv4 address * @v4mapped.a4: If @a6 is an IPv4 mapped address, the IPv4 address
* @u64: As an array of u64s (solely for hashing)
* *
* @v4mapped shouldn't be accessed except via helpers. * @v4mapped and @u64 shouldn't be accessed except via helpers.
*/ */
union inany_addr { union inany_addr {
struct in6_addr a6; struct in6_addr a6;
@ -24,7 +25,10 @@ union inany_addr {
uint8_t one[2]; uint8_t one[2];
struct in_addr a4; struct in_addr a4;
} v4mapped; } v4mapped;
uint32_t u32[4];
}; };
static_assert(sizeof(union inany_addr) == sizeof(struct in6_addr));
static_assert(_Alignof(union inany_addr) == _Alignof(uint32_t));
/** inany_v4 - Extract IPv4 address, if present, from IPv[46] address /** inany_v4 - Extract IPv4 address, if present, from IPv[46] address
* @addr: IPv4 or IPv6 address * @addr: IPv4 or IPv6 address
@ -94,4 +98,15 @@ static inline void inany_from_sockaddr(union inany_addr *aa, in_port_t *port,
} }
} }
/** inany_siphash_feed- Fold IPv[46] address into an in-progress siphash
* @state: siphash state
* @aa: inany to hash
*/
static inline void inany_siphash_feed(struct siphash_state *state,
const union inany_addr *aa)
{
siphash_feed(state, (uint64_t)aa->u32[0] << 32 | aa->u32[1]);
siphash_feed(state, (uint64_t)aa->u32[2] << 32 | aa->u32[3]);
}
#endif /* INANY_H */ #endif /* INANY_H */

121
siphash.c
View File

@ -1,121 +0,0 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/* PASST - Plug A Simple Socket Transport
* for qemu/UNIX domain socket mode
*
* PASTA - Pack A Subtle Tap Abstraction
* for network namespace/tap device mode
*
* siphash.c - SipHash routines
*
* Copyright (c) 2020-2021 Red Hat GmbH
* Author: Stefano Brivio <sbrivio@redhat.com>
*/
#include <stddef.h>
#include <stdint.h>
#include "siphash.h"
/**
* siphash_8b() - Table index or timestamp offset for TCP over IPv4 (8 bytes in)
* @in: Input data (remote address and two ports, or two addresses)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See csum_16b() */
/* cppcheck-suppress unusedFunction */
uint64_t siphash_8b(const uint8_t *in, const uint64_t *k)
{
struct siphash_state state = SIPHASH_INIT(k);
siphash_feed(&state, *(uint64_t *)in);
return siphash_final(&state, 8, 0);
}
/**
* siphash_12b() - Initial sequence number for TCP over IPv4 (12 bytes in)
* @in: Input data (two addresses, two ports)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See csum_16b() */
/* cppcheck-suppress unusedFunction */
uint64_t siphash_12b(const uint8_t *in, const uint64_t *k)
{
struct siphash_state state = SIPHASH_INIT(k);
uint32_t *in32 = (uint32_t *)in;
siphash_feed(&state, (uint64_t)(*(in32 + 1)) << 32 | *in32);
return siphash_final(&state, 12, *(in32 + 2));
}
/**
* siphash_20b() - Table index for TCP over IPv6 (20 bytes in)
* @in: Input data (remote address, two ports)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See csum_16b() */
uint64_t siphash_20b(const uint8_t *in, const uint64_t *k)
{
struct siphash_state state = SIPHASH_INIT(k);
uint32_t *in32 = (uint32_t *)in;
int i;
for (i = 0; i < 2; i++, in32 += 2)
siphash_feed(&state, (uint64_t)(*(in32 + 1)) << 32 | *in32);
return siphash_final(&state, 20, *in32);
}
/**
* siphash_32b() - Timestamp offset for TCP over IPv6 (32 bytes in)
* @in: Input data (two addresses)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See csum_16b() */
/* cppcheck-suppress unusedFunction */
uint64_t siphash_32b(const uint8_t *in, const uint64_t *k)
{
struct siphash_state state = SIPHASH_INIT(k);
uint64_t *in64 = (uint64_t *)in;
int i;
for (i = 0; i < 4; i++, in64++)
siphash_feed(&state, *in64);
return siphash_final(&state, 32, 0);
}
/**
* siphash_36b() - Initial sequence number for TCP over IPv6 (36 bytes in)
* @in: Input data (two addresses, two ports)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See csum_16b() */
uint64_t siphash_36b(const uint8_t *in, const uint64_t *k)
{
struct siphash_state state = SIPHASH_INIT(k);
uint32_t *in32 = (uint32_t *)in;
int i;
for (i = 0; i < 4; i++, in32 += 2)
siphash_feed(&state, (uint64_t)(*(in32 + 1)) << 32 | *in32);
return siphash_final(&state, 36, *in32);
}

32
tcp.c
View File

@ -1165,18 +1165,13 @@ static int tcp_hash_match(const struct tcp_tap_conn *conn,
static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr, static unsigned int tcp_hash(const struct ctx *c, const union inany_addr *faddr,
in_port_t eport, in_port_t fport) in_port_t eport, in_port_t fport)
{ {
struct { struct siphash_state state = SIPHASH_INIT(c->tcp.hash_secret);
union inany_addr faddr; uint64_t hash;
in_port_t eport;
in_port_t fport;
} __attribute__((__packed__)) in = {
*faddr, eport, fport
};
uint64_t b = 0;
b = siphash_20b((uint8_t *)&in, c->tcp.hash_secret); inany_siphash_feed(&state, faddr);
hash = siphash_final(&state, 20, (uint64_t)eport << 16 | fport);
return (unsigned int)(b % TCP_HASH_TABLE_SIZE); return (unsigned int)(hash % TCP_HASH_TABLE_SIZE);
} }
/** /**
@ -1815,17 +1810,8 @@ static void tcp_clamp_window(const struct ctx *c, struct tcp_tap_conn *conn,
static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn, static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn,
const struct timespec *now) const struct timespec *now)
{ {
struct siphash_state state = SIPHASH_INIT(c->tcp.hash_secret);
union inany_addr aany; union inany_addr aany;
struct {
union inany_addr src;
in_port_t srcport;
union inany_addr dst;
in_port_t dstport;
} __attribute__((__packed__)) in = {
.src = conn->faddr,
.srcport = conn->fport,
.dstport = conn->eport,
};
uint64_t hash; uint64_t hash;
uint32_t ns; uint32_t ns;
@ -1833,9 +1819,11 @@ static void tcp_seq_init(const struct ctx *c, struct tcp_tap_conn *conn,
inany_from_af(&aany, AF_INET, &c->ip4.addr); inany_from_af(&aany, AF_INET, &c->ip4.addr);
else else
inany_from_af(&aany, AF_INET6, &c->ip6.addr); inany_from_af(&aany, AF_INET6, &c->ip6.addr);
in.dst = aany;
hash = siphash_36b((uint8_t *)&in, c->tcp.hash_secret); inany_siphash_feed(&state, &conn->faddr);
inany_siphash_feed(&state, &aany);
hash = siphash_final(&state, 36,
(uint64_t)conn->fport << 16 | conn->eport);
/* 32ns ticks, overflows 32 bits every 137s */ /* 32ns ticks, overflows 32 bits every 137s */
ns = (now->tv_sec * 1000000000 + now->tv_nsec) >> 5; ns = (now->tv_sec * 1000000000 + now->tv_nsec) >> 5;

View File

@ -52,6 +52,7 @@
#include "passt.h" #include "passt.h"
#include "log.h" #include "log.h"
#include "tcp_splice.h" #include "tcp_splice.h"
#include "siphash.h"
#include "inany.h" #include "inany.h"
#include "tcp_conn.h" #include "tcp_conn.h"