diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-10-13 16:55:32 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-10-13 16:55:32 +0000 |
commit | 13da34691ce0b5056c00213b80a52b0ba33d55f2 (patch) | |
tree | eb8cbb61f22761f4c5e429a1600f0f2e78f70cad /pkg/tcpip/stack/conntrack.go | |
parent | b2060fe76850dc6decf14ed932b960927f7b406a (diff) | |
parent | b74bbe11e6da5f3ec00bafe4a93ab383bea78af1 (diff) |
Merge release-20210927.0-68-gb74bbe11e (automated)
Diffstat (limited to 'pkg/tcpip/stack/conntrack.go')
-rw-r--r-- | pkg/tcpip/stack/conntrack.go | 57 |
1 files changed, 22 insertions, 35 deletions
diff --git a/pkg/tcpip/stack/conntrack.go b/pkg/tcpip/stack/conntrack.go index c9a8e72a3..046679f76 100644 --- a/pkg/tcpip/stack/conntrack.go +++ b/pkg/tcpip/stack/conntrack.go @@ -37,14 +37,6 @@ import ( // Our hash table has 16K buckets. const numBuckets = 1 << 14 -// Direction of the tuple. -type direction int - -const ( - dirOriginal direction = iota - dirReply -) - // tuple holds a connection's identifying and manipulating data in one // direction. It is immutable. // @@ -56,8 +48,9 @@ type tuple struct { // conn is the connection tracking entry this tuple belongs to. conn *conn - // direction is the direction of the tuple. - direction direction + // reply is true iff the tuple's direction is opposite that of the first + // packet seen on the connection. + reply bool mu sync.RWMutex `state:"nosave"` // +checklocks:mu @@ -155,7 +148,7 @@ func (cn *conn) timedOut(now time.Time) bool { // // TODO(https://gvisor.dev/issue/6590): annotate r/w locking requirements. // +checklocks:cn.mu -func (cn *conn) updateLocked(pkt *PacketBuffer, dir direction) { +func (cn *conn) updateLocked(pkt *PacketBuffer, reply bool) { if pkt.TransportProtocolNumber != header.TCPProtocolNumber { return } @@ -170,13 +163,10 @@ func (cn *conn) updateLocked(pkt *PacketBuffer, dir direction) { return } - switch dir { - case dirOriginal: - cn.tcb.UpdateStateOutbound(tcpHeader) - case dirReply: + if reply { cn.tcb.UpdateStateInbound(tcpHeader) - default: - panic(fmt.Sprintf("unhandled dir = %d", dir)) + } else { + cn.tcb.UpdateStateOutbound(tcpHeader) } } @@ -277,8 +267,8 @@ func (ct *ConnTrack) getConnOrMaybeInsertNoop(pkt *PacketBuffer) *tuple { // for this new connection. conn := &conn{ ct: ct, - original: tuple{tupleID: tid, direction: dirOriginal}, - reply: tuple{tupleID: tid.reply(), direction: dirReply}, + original: tuple{tupleID: tid}, + reply: tuple{tupleID: tid.reply(), reply: true}, lastUsed: now, } conn.original.conn = conn @@ -458,41 +448,38 @@ func (cn *conn) handlePacket(pkt *PacketBuffer, hook Hook, r *Route) bool { // validated if checksum offloading is off. It may require IP defrag if the // packets are fragmented. - dir := pkt.tuple.direction + reply := pkt.tuple.reply tid, performManip := func() (tupleID, bool) { cn.mu.Lock() defer cn.mu.Unlock() var tuple *tuple - switch dir { - case dirOriginal: + if reply { if dnat { - if !cn.destinationManip { + if !cn.sourceManip { return tupleID{}, false } - } else if !cn.sourceManip { + } else if !cn.destinationManip { return tupleID{}, false } - tuple = &cn.reply - case dirReply: + tuple = &cn.original + } else { if dnat { - if !cn.sourceManip { + if !cn.destinationManip { return tupleID{}, false } - } else if !cn.destinationManip { + } else if !cn.sourceManip { return tupleID{}, false } - tuple = &cn.original - default: - panic(fmt.Sprintf("unhandled dir = %d", dir)) + tuple = &cn.reply } // Mark the connection as having been used recently so it isn't reaped. cn.lastUsed = time.Now() // Update connection state. - cn.updateLocked(pkt, dir) + cn.updateLocked(pkt, reply) return tuple.id(), true }() @@ -637,10 +624,10 @@ func (ct *ConnTrack) reapTupleLocked(tuple *tuple, bktID int, bkt *bucket, now t // TODO(https://gvisor.dev/issue/6590): annotate r/w locking requirements. // +checklocks:b.mu func removeConnFromBucket(b *bucket, tuple *tuple) { - if tuple.direction == dirOriginal { - b.tuples.Remove(&tuple.conn.reply) - } else { + if tuple.reply { b.tuples.Remove(&tuple.conn.original) + } else { + b.tuples.Remove(&tuple.conn.reply) } } |