From c8352bc43dfa02707e8806e1ae5b310bbdb4d302 Mon Sep 17 00:00:00 2001
From: Neale Ranns <neale.ranns@cisco.com>
Date: Wed, 29 Aug 2018 10:23:58 -0700
Subject: [PATCH] Refactor the ARP throttle into a common type so it can be
 reused

Change-Id: Ic7f7af983d5b6d756748023aa0c650f53e9285cf
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
---
 src/vnet.am               |  4 +++
 src/vnet/CMakeLists.txt   |  1 +
 src/vnet/ip/ip4.h         |  5 ++-
 src/vnet/ip/ip4_forward.c | 24 ++------------
 src/vnet/ip/ip4_input.c   | 12 ++-----
 src/vnet/util/throttle.c  | 38 +++++++++++++++++++++++
 src/vnet/util/throttle.h  | 79 +++++++++++++++++++++++++++++++++++++++++++++++
 test/test_neighbor.py     | 31 +++++++++++++++++++
 8 files changed, 161 insertions(+), 33 deletions(-)
 create mode 100644 src/vnet/util/throttle.c
 create mode 100644 src/vnet/util/throttle.h

diff --git a/src/vnet.am b/src/vnet.am
index b9ff17d4739..b9402b11e74 100644
--- a/src/vnet.am
+++ b/src/vnet.am
@@ -1243,8 +1243,12 @@ nobase_include_HEADERS +=			\
 libvnet_la_SOURCES +=                    \
   vnet/util/radix.c			     \
   vnet/util/refcount.c			 \
+  vnet/util/throttle.c			 \
   vnet/util/trajectory.c
 
+nobase_include_HEADERS +=                       \
+  vnet/util/throttle.h
+
 ########################################
 # QoS
 ########################################
diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt
index 9f36e676184..7dde4f7c21f 100644
--- a/src/vnet/CMakeLists.txt
+++ b/src/vnet/CMakeLists.txt
@@ -1263,6 +1263,7 @@ list(APPEND VNET_HEADERS
 list(APPEND VNET_SOURCES
   util/radix.c
   util/refcount.c
+  util/throttle.c
   util/trajectory.c
 )
 
diff --git a/src/vnet/ip/ip4.h b/src/vnet/ip/ip4.h
index e3cbe27dd89..9cb54bdfc41 100644
--- a/src/vnet/ip/ip4.h
+++ b/src/vnet/ip/ip4.h
@@ -45,6 +45,7 @@
 #include <vnet/buffer.h>
 #include <vnet/feature/feature.h>
 #include <vnet/ip/icmp46_packet.h>
+#include <vnet/util/throttle.h>
 
 typedef struct ip4_mfib_t
 {
@@ -156,9 +157,7 @@ typedef struct ip4_main_t
   void *mtrie_mheap;
 
   /** ARP throttling */
-  uword **arp_throttle_bitmaps;
-  u32 *arp_throttle_seeds;
-  f64 *arp_throttle_last_seed_change_time;
+  throttle_t arp_throttle;
 
 } ip4_main_t;
 
diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c
index 614b6e2cb4a..d5cf011b677 100644
--- a/src/vnet/ip/ip4_forward.c
+++ b/src/vnet/ip/ip4_forward.c
@@ -1719,21 +1719,11 @@ ip4_arp_inline (vlib_main_t * vm,
   uword n_left_from, n_left_to_next_drop, next_index;
   u32 thread_index = vm->thread_index;
   u32 seed;
-  f64 time_now;
 
   if (node->flags & VLIB_NODE_FLAG_TRACE)
     ip4_forward_next_trace (vm, node, frame, VLIB_TX);
 
-  time_now = vlib_time_now (vm);
-  if (time_now - im->arp_throttle_last_seed_change_time[thread_index] > 1e-3)
-    {
-      (void) random_u32 (&im->arp_throttle_seeds[thread_index]);
-      memset (im->arp_throttle_bitmaps[thread_index], 0,
-	      ARP_THROTTLE_BITS / BITS (u8));
-
-      im->arp_throttle_last_seed_change_time[thread_index] = time_now;
-    }
-  seed = im->arp_throttle_seeds[thread_index];
+  seed = throttle_seed (&im->arp_throttle, thread_index, vlib_time_now (vm));
 
   from = vlib_frame_vector_args (frame);
   n_left_from = frame->n_vectors;
@@ -1748,8 +1738,7 @@ ip4_arp_inline (vlib_main_t * vm,
 
       while (n_left_from > 0 && n_left_to_next_drop > 0)
 	{
-	  u32 pi0, adj_index0, r0, w0, sw_if_index0, drop0;
-	  uword m0;
+	  u32 pi0, adj_index0, r0, sw_if_index0, drop0;
 	  ip_adjacency_t *adj0;
 	  vlib_buffer_t *p0;
 	  ip4_header_t *ip0;
@@ -1778,14 +1767,7 @@ ip4_arp_inline (vlib_main_t * vm,
 	      r0 = adj0->sub_type.nbr.next_hop.ip4.data_u32;
 	    }
 
-	  r0 ^= seed;
-	  /* Select bit number */
-	  r0 &= ARP_THROTTLE_BITS - 1;
-	  w0 = r0 / BITS (uword);
-	  m0 = (uword) 1 << (r0 % BITS (uword));
-
-	  drop0 = (im->arp_throttle_bitmaps[thread_index][w0] & m0) != 0;
-	  im->arp_throttle_bitmaps[thread_index][w0] |= m0;
+	  drop0 = throttle_check (&im->arp_throttle, thread_index, r0, seed);
 
 	  from += 1;
 	  n_left_from -= 1;
diff --git a/src/vnet/ip/ip4_input.c b/src/vnet/ip/ip4_input.c
index 1425786a4b1..5a2ae17391f 100644
--- a/src/vnet/ip/ip4_input.c
+++ b/src/vnet/ip/ip4_input.c
@@ -41,6 +41,7 @@
 #include <vnet/ethernet/ethernet.h>
 #include <vnet/ppp/ppp.h>
 #include <vnet/hdlc/hdlc.h>
+#include <vnet/util/throttle.h>
 
 typedef struct
 {
@@ -390,17 +391,10 @@ ip4_main_loop_enter (vlib_main_t * vm)
   ip4_main_t *im = &ip4_main;
   vlib_thread_main_t *tm = &vlib_thread_main;
   u32 n_vlib_mains = tm->n_vlib_mains;
-  int i;
 
+  throttle_init (&im->arp_throttle, n_vlib_mains, 1e-3);
 
-  vec_validate (im->arp_throttle_bitmaps, n_vlib_mains);
-  vec_validate (im->arp_throttle_seeds, n_vlib_mains);
-  vec_validate (im->arp_throttle_last_seed_change_time, n_vlib_mains);
-
-  for (i = 0; i < n_vlib_mains; i++)
-    vec_validate (im->arp_throttle_bitmaps[i],
-		  (ARP_THROTTLE_BITS / BITS (uword)) - 1);
-  return 0;
+  return (NULL);
 }
 
 VLIB_MAIN_LOOP_ENTER_FUNCTION (ip4_main_loop_enter);
diff --git a/src/vnet/util/throttle.c b/src/vnet/util/throttle.c
new file mode 100644
index 00000000000..0985b4a81a3
--- /dev/null
+++ b/src/vnet/util/throttle.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vnet/util/throttle.h>
+
+void
+throttle_init (throttle_t * t, u32 n_threads, f64 time)
+{
+  u32 i;
+
+  t->time = time;
+  vec_validate (t->bitmaps, n_threads);
+  vec_validate (t->seeds, n_threads);
+  vec_validate (t->last_seed_change_time, n_threads);
+
+  for (i = 0; i < n_threads; i++)
+    vec_validate (t->bitmaps[i], (THROTTLE_BITS / BITS (uword)) - 1);
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vnet/util/throttle.h b/src/vnet/util/throttle.h
new file mode 100644
index 00000000000..0c518d3555b
--- /dev/null
+++ b/src/vnet/util/throttle.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __THROTTLE_H__
+#define __THROTTLE_H__
+
+#include <vlib/vlib.h>
+
+/**
+ * @brief A throttle
+ *  Used in the data plane to decide if a given hash should be throttled,
+ *  i.e. that the hash has been seen alreay 'recently'. Recent is the time
+ *  given in the throttle's initialisation.
+ */
+typedef struct throttle_t_
+{
+  f64 time;
+  uword **bitmaps;
+  u32 *seeds;
+  f64 *last_seed_change_time;
+} throttle_t;
+
+#define THROTTLE_BITS	(512)
+
+extern void throttle_init (throttle_t * t, u32 n_threads, f64 time);
+
+always_inline u32
+throttle_seed (throttle_t * t, u32 thread_index, f64 time_now)
+{
+  if (time_now - t->last_seed_change_time[thread_index] > t->time)
+    {
+      (void) random_u32 (&t->seeds[thread_index]);
+      memset (t->bitmaps[thread_index], 0, THROTTLE_BITS / BITS (u8));
+
+      t->last_seed_change_time[thread_index] = time_now;
+    }
+  return t->seeds[thread_index];
+}
+
+always_inline int
+throttle_check (throttle_t * t, u32 thread_index, u32 hash, u32 seed)
+{
+  int drop;
+  uword m;
+  u32 w;
+
+  hash ^= seed;
+  /* Select bit number */
+  hash &= THROTTLE_BITS - 1;
+  w = hash / BITS (uword);
+  m = (uword) 1 << (hash % BITS (uword));
+
+  drop = (t->bitmaps[thread_index][w] & m) != 0;
+  t->bitmaps[thread_index][w] |= m;
+
+  return (drop);
+}
+
+#endif
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/test/test_neighbor.py b/test/test_neighbor.py
index 9d91f031571..f01f5367703 100644
--- a/test/test_neighbor.py
+++ b/test/test_neighbor.py
@@ -1316,6 +1316,37 @@ class ARPTestCase(VppTestCase):
                                   self.pg1.sw_if_index,
                                   self.pg1.remote_hosts[2].ip4))
 
+    def test_arp_incomplete(self):
+
+        #
+        # ensure that we throttle the ARP requests
+        #
+        self.pg0.generate_remote_hosts(2)
+
+        ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
+                                 [VppRoutePath(self.pg0.remote_hosts[1].ip4,
+                                               self.pg0.sw_if_index,
+                                               labels=[55])])
+        ip_10_0_0_1.add_vpp_config()
+
+        p1 = (Ether(dst=self.pg1.local_mac,
+                    src=self.pg1.remote_mac) /
+              IP(src=self.pg1.remote_ip4,
+                 dst="10.0.0.1") /
+              UDP(sport=1234, dport=1234) /
+              Raw())
+
+        self.pg1.add_stream(p1 * 257)
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+        rx = self.pg0._get_capture(1)
+
+        #
+        # how many we get is going to be dependent on the time for packet
+        # processing but it should be small
+        #
+        self.assertTrue(len(rx) < 64)
+
 
 if __name__ == '__main__':
     unittest.main(testRunner=VppTestRunner)
-- 
2.16.6