From d4220a76da95b6e6e9ade9c867bd3e104ceac7fb Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Sun, 16 Jun 2024 09:10:05 -0700
Subject: [PATCH] wgengine/filter: add TCP non-SYN benchmarks

To show performance during heavy flows on established connections.

    BenchmarkFilterMatch/tcp-not-syn-v4-8           52125848                21.46 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-8           52388781                21.43 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-8           52916954                21.32 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-8           52590730                21.43 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-8           53015923                21.32 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-no-logs-8   122795029                9.783 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-no-logs-8   100000000               10.09 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-no-logs-8   120090948                9.747 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-no-logs-8   122350448               10.55 ns/op
    BenchmarkFilterMatch/tcp-not-syn-v4-no-logs-8   122943025                9.813 ns/op

Updates #12486

Change-Id: I8e7c9380bf969ad646851d53f8a4c287717694ea
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 wgengine/filter/filter_test.go | 38 +++++++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/wgengine/filter/filter_test.go b/wgengine/filter/filter_test.go
index 3353c2807..568e2dd4b 100644
--- a/wgengine/filter/filter_test.go
+++ b/wgengine/filter/filter_test.go
@@ -988,11 +988,31 @@ func BenchmarkFilterMatch(b *testing.B) {
 	b.Run("no-match-v6", func(b *testing.B) {
 		benchmarkFile(b, "testdata/matches-1.json", benchOpt{v4: false, validLocalDst: true})
 	})
+	b.Run("tcp-not-syn-v4", func(b *testing.B) {
+		benchmarkFile(b, "testdata/matches-1.json", benchOpt{
+			v4:            true,
+			validLocalDst: true,
+			tcpNotSYN:     true,
+			wantAccept:    true,
+		})
+	})
+	b.Run("tcp-not-syn-v4-no-logs", func(b *testing.B) {
+		benchmarkFile(b, "testdata/matches-1.json", benchOpt{
+			v4:            true,
+			validLocalDst: true,
+			tcpNotSYN:     true,
+			wantAccept:    true,
+			noLogs:        true,
+		})
+	})
 }
 
 type benchOpt struct {
 	v4            bool
 	validLocalDst bool
+	tcpNotSYN     bool
+	noLogs        bool
+	wantAccept    bool
 }
 
 func benchmarkFile(b *testing.B, file string, opt benchOpt) {
@@ -1032,11 +1052,23 @@ func benchmarkFile(b *testing.B, file string, opt benchOpt) {
 		dstIP = dstIP.Next() // to make it not in localNets
 	}
 	pkt := parsed(ipproto.TCP, srcIP, dstIP.String(), 33123, 443)
+	if opt.tcpNotSYN {
+		pkt.TCPFlags = packet.TCPPsh // anything that's not SYN
+	}
+
+	want := Drop
+	if opt.wantAccept {
+		want = Accept
+	}
+	runFlags := LogDrops | LogAccepts
+	if opt.noLogs {
+		runFlags = 0
+	}
 
 	for range b.N {
-		got := f.RunIn(&pkt, 0)
-		if got != Drop {
-			b.Fatalf("got %v; want Drop", got)
+		got := f.RunIn(&pkt, runFlags)
+		if got != want {
+			b.Fatalf("got %v; want %v", got, want)
 		}
 	}
 }