State table in memory?

Home Forums Discussions Support Portal State table in memory?

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #11804
    nullb
    Participant

    Hi,

    Is there any examples of storing a state table / map or otherwise in memory.

    I’m looking at building a list of trusted IPs in memory then only allowing connections from those IPs for example.

    Not sure how it would work here, in XDP I would obviously use a map.

    #11805
    Vadim Smirnov
    Moderator

    Hi

    If you are looking for a simple filter table then you could use built-in filters. Please check the filter sample.

    #11806
    nullb
    Participant

    That’s a table of filters, I want to store source IPs I’ve validated somewhere in shared memory that can be checked against. And if the IP isn’t in the array drop the packet basically.

    #11811
    Vadim Smirnov
    Moderator

    Well, you could create the filter table using your IP list and load it into the driver.

    Alternatively you can implement any kind of filtering logic in user space using one of the packet filtering samples as a base.

    #11812
    nullb
    Participant

    Is there any examples at all about storing data in a filtering function then referring back to it, I’m not even entirely sure how this is implemented is mutex locking required etc?

    #11813
    Vadim Smirnov
    Moderator

    I’m afraid there is no ready-to-use sample like this… But it is quite easy to do. And sure, if your IP address table is accessed from two or more concurrent threads then some of synchronization is required. For example, you could use std::shared_mutex for this. Packet filtering routine could lock it in shared mode (read lock) and “update table” routine could lock it exclusively.

    #11814
    nullb
    Participant

    I see, are filters created under the simple_packet_filter type single threaded then? For starters I modified the dnstrace example, to do some drops which works fine.

    But if I wanted to add the state table to that example I’d have to declare a vector and mutex outside the main class then pass it into the creation function of simple_packet_filter correct?

    #11815
    Vadim Smirnov
    Moderator

    Yes, simple_packet_filter is single threaded. And yes, you can declare the table and mutex outside and pass a refences into simple_packet_filter inbound packets processing lambda function.

    #11816
    nullb
    Participant

    I didn’t realize it was single threaded, I guess I don’t need the mutex then since the simple_packet_filter will be doing all the logic itself.

    #11817
    Vadim Smirnov
    Moderator

    Yes, lambdas passed to to simple_packet_filter executed in the context of the single thread (created inside simple_packet_filter). However, please note that if your external code (in main application thread) can modify the IP table then synchronization is needed.

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.