From 0659e96d87fcc6b5321e726b65891b10962731b7 Mon Sep 17 00:00:00 2001 From: Vincent Li Date: Fri, 8 Nov 2024 04:10:42 +0000 Subject: [PATCH] xdp-synproxy: code optimization to reduce latency the XDP synproxy program from kernel selftest seems aiming to test the correctness of BPF infrastructure. not necessarily aiming for production code efficiency, and production performance. Make a few code optimizations to reduce real production latency. see https://github.com/vincentmli/xdp-tools/issues/7 Signed-off-by: Vincent Li --- xdp-synproxy/xdp_synproxy.bpf.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xdp-synproxy/xdp_synproxy.bpf.c b/xdp-synproxy/xdp_synproxy.bpf.c index b5b08971..f0da35a3 100644 --- a/xdp-synproxy/xdp_synproxy.bpf.c +++ b/xdp-synproxy/xdp_synproxy.bpf.c @@ -60,6 +60,7 @@ #define DEFAULT_WSCALE 7 #define DEFAULT_TTL 64 #define MAX_ALLOWED_PORTS 8 +#define MAX_WINDOW_SIZE 65535 #define MAX_PACKET_OFF 0xffff @@ -265,11 +266,8 @@ static int tscookie_tcpopt_parse(struct tcpopt_context *ctx) static int tscookie_tcpopt_parse_batch(__u32 index, void *context) { - int i; - - for (i = 0; i < 7; i++) - if (tscookie_tcpopt_parse(context)) - return 1; + if (tscookie_tcpopt_parse(context)) + return 1; return 0; } @@ -293,7 +291,9 @@ static __always_inline bool tscookie_init(struct tcphdr *tcp_header, }; u32 cookie; - bpf_loop(6, tscookie_tcpopt_parse_batch, &loop_ctx, 0); + /* limit bpf_loop to number of tcp options */ + u32 tcp_opts = tcp_len > 20 ? (tcp_len - 20) : 0; + bpf_loop(tcp_opts, tscookie_tcpopt_parse_batch, &loop_ctx, 0); if (!loop_ctx.option_timestamp) return false; @@ -524,12 +524,12 @@ static __always_inline void tcp_gen_synack(struct tcphdr *tcp_header, swap(tcp_header->source, tcp_header->dest); tcp_header->ack_seq = bpf_htonl(bpf_ntohl(tcp_header->seq) + 1); tcp_header->seq = bpf_htonl(cookie); - tcp_header->window = 0; + tcp_header->window = bpf_htons(MAX_WINDOW_SIZE); /* set window size to max window size */ tcp_header->urg_ptr = 0; tcp_header->check = 0; /* Calculate checksum later. */ tcp_options = (void *)(tcp_header + 1); - tcp_header->doff += tcp_mkoptions(tcp_options, tsopt, mss, wscale); + tcp_header->doff += (tcp_mkoptions(tcp_options, tsopt, mss, wscale)) / 4; } static __always_inline void tcpv4_gen_synack(struct header_pointers *hdr,