State table in memory?

Home Forums Discussions Support State table in memory?

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #11804
    nullb
    Participant

      Hi,

      Is there any examples of storing a state table / map or otherwise in memory.

      I’m looking at building a list of trusted IPs in memory then only allowing connections from those IPs for example.

      Not sure how it would work here, in XDP I would obviously use a map.

      #11805
      Vadim Smirnov
      Keymaster

        Hi

        If you are looking for a simple filter table then you could use built-in filters. Please check the filter sample.

        #11806
        nullb
        Participant

          That’s a table of filters, I want to store source IPs I’ve validated somewhere in shared memory that can be checked against. And if the IP isn’t in the array drop the packet basically.

          #11811
          Vadim Smirnov
          Keymaster

            Well, you could create the filter table using your IP list and load it into the driver.

            Alternatively you can implement any kind of filtering logic in user space using one of the packet filtering samples as a base.

            #11812
            nullb
            Participant

              Is there any examples at all about storing data in a filtering function then referring back to it, I’m not even entirely sure how this is implemented is mutex locking required etc?

              #11813
              Vadim Smirnov
              Keymaster

                I’m afraid there is no ready-to-use sample like this… But it is quite easy to do. And sure, if your IP address table is accessed from two or more concurrent threads then some of synchronization is required. For example, you could use std::shared_mutex for this. Packet filtering routine could lock it in shared mode (read lock) and “update table” routine could lock it exclusively.

                #11814
                nullb
                Participant

                  I see, are filters created under the simple_packet_filter type single threaded then? For starters I modified the dnstrace example, to do some drops which works fine.

                  But if I wanted to add the state table to that example I’d have to declare a vector and mutex outside the main class then pass it into the creation function of simple_packet_filter correct?

                  #11815
                  Vadim Smirnov
                  Keymaster

                    Yes, simple_packet_filter is single threaded. And yes, you can declare the table and mutex outside and pass a refences into simple_packet_filter inbound packets processing lambda function.

                    #11816
                    nullb
                    Participant

                      I didn’t realize it was single threaded, I guess I don’t need the mutex then since the simple_packet_filter will be doing all the logic itself.

                      #11817
                      Vadim Smirnov
                      Keymaster

                        Yes, lambdas passed to to simple_packet_filter executed in the context of the single thread (created inside simple_packet_filter). However, please note that if your external code (in main application thread) can modify the IP table then synchronization is needed.

                      Viewing 10 posts - 1 through 10 (of 10 total)
                      • You must be logged in to reply to this topic.