Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/1523005/?format=api
{ "id": 1523005, "url": "http://patchwork.ozlabs.org/api/patches/1523005/?format=api", "web_url": "http://patchwork.ozlabs.org/project/openvswitch/patch/1630489288-3526-2-git-send-email-wenxu@ucloud.cn/", "project": { "id": 47, "url": "http://patchwork.ozlabs.org/api/projects/47/?format=api", "name": "Open vSwitch", "link_name": "openvswitch", "list_id": "ovs-dev.openvswitch.org", "list_email": "ovs-dev@openvswitch.org", "web_url": "http://openvswitch.org/", "scm_url": "git@github.com:openvswitch/ovs.git", "webscm_url": "https://github.com/openvswitch/ovs", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1630489288-3526-2-git-send-email-wenxu@ucloud.cn>", "list_archive_url": null, "date": "2021-09-01T09:41:28", "name": "[ovs-dev,v2,2/2] conntrack: limit port clash resolution attempts", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "fdee8116b291983b11b8d7167070af600e0cbdbf", "submitter": { "id": 67928, "url": "http://patchwork.ozlabs.org/api/people/67928/?format=api", "name": "wenxu", "email": "wenxu@ucloud.cn" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/openvswitch/patch/1630489288-3526-2-git-send-email-wenxu@ucloud.cn/mbox/", "series": [ { "id": 260521, "url": "http://patchwork.ozlabs.org/api/series/260521/?format=api", "web_url": "http://patchwork.ozlabs.org/project/openvswitch/list/?series=260521", "date": "2021-09-01T09:41:27", "name": "[ovs-dev,v2,1/2] conntrack: restore the origin port for each round with new address", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/260521/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/1523005/comments/", "check": "warning", "checks": "http://patchwork.ozlabs.org/api/patches/1523005/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<ovs-dev-bounces@openvswitch.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "dev@openvswitch.org" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "ovs-dev@lists.linuxfoundation.org" ], "Authentication-Results": "ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)", "Received": [ "from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 4Gzzbv10Ftz9sf8\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 1 Sep 2021 19:42:02 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id DAE5382560;\n\tWed, 1 Sep 2021 09:41:56 +0000 (UTC)", "from smtp1.osuosl.org ([127.0.0.1])\n\tby localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id e_boOfuZNSCv; Wed, 1 Sep 2021 09:41:52 +0000 (UTC)", "from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp1.osuosl.org (Postfix) with ESMTPS id CA2AC81DE0;\n\tWed, 1 Sep 2021 09:41:50 +0000 (UTC)", "from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id 167AEC0021;\n\tWed, 1 Sep 2021 09:41:49 +0000 (UTC)", "from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n by lists.linuxfoundation.org (Postfix) with ESMTP id C8F4FC000E\n for <dev@openvswitch.org>; Wed, 1 Sep 2021 09:41:47 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id B0D86400F0\n for <dev@openvswitch.org>; Wed, 1 Sep 2021 09:41:46 +0000 (UTC)", "from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n with ESMTP id g38y__beT52m for <dev@openvswitch.org>;\n Wed, 1 Sep 2021 09:41:45 +0000 (UTC)", "from mail-m2456.qiye.163.com (mail-m2456.qiye.163.com\n [220.194.24.56])\n by smtp2.osuosl.org (Postfix) with ESMTPS id EEF1F400C3\n for <dev@openvswitch.org>; Wed, 1 Sep 2021 09:41:44 +0000 (UTC)", "from localhost.localdomain (unknown [117.50.0.204])\n by mail-m2456.qiye.163.com (Hmail) with ESMTPA id C2BCA7002A5;\n Wed, 1 Sep 2021 17:41:28 +0800 (CST)" ], "X-Virus-Scanned": [ "amavisd-new at osuosl.org", "amavisd-new at osuosl.org" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.8.0", "From": "wenxu@ucloud.cn", "To": "i.maximets@ovn.org, dlu998@gmail.com, pvalerio@redhat.com,\n aconole@redhat.com", "Date": "Wed, 1 Sep 2021 17:41:28 +0800", "Message-Id": "<1630489288-3526-2-git-send-email-wenxu@ucloud.cn>", "X-Mailer": "git-send-email 1.8.3.1", "In-Reply-To": "<1630489288-3526-1-git-send-email-wenxu@ucloud.cn>", "References": "<1630489288-3526-1-git-send-email-wenxu@ucloud.cn>", "X-HM-Spam-Status": "e1kfGhgUHx5ZQUtXWQgPGg8OCBgUHx5ZQUlOS1dZCBgUCR5ZQVlLVUtZV1\n kWDxoPAgseWUFZKDYvK1lXWShZQUlCN1dZLVlBSVdZDwkaFQgSH1lBWUJJQ0lWGElJSRhOSh9MTh\n 8aVRkRExYaEhckFA4PWVdZFhoPEhUdFFlBWVVLWQY+", "X-HM-Sender-Digest": "e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6ODI6TRw6FzNNPx4wGSkPKgkZ\n TU0aFElVSlVKTUhLT0NCSUNCS09MVTMWGhIXVQweFQMOOw4YFxQOH1UYFUVZV1kSC1lBWUpKTFVO\n S1VLVUlLT1lXWQgBWUFPS0xONwY+", "X-HM-Tid": "0a7ba0bc20718c15kuqtc2bca7002a5", "Cc": "dev@openvswitch.org", "Subject": "[ovs-dev] [PATCH v2 2/2] conntrack: limit port clash resolution\n\tattempts", "X-BeenThere": "ovs-dev@openvswitch.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "<ovs-dev.openvswitch.org>", "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>", "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>", "List-Post": "<mailto:ovs-dev@openvswitch.org>", "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>", "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "ovs-dev-bounces@openvswitch.org", "Sender": "\"dev\" <ovs-dev-bounces@openvswitch.org>" }, "content": "From: wenxu <wenxu@ucloud.cn>\n\nIn case almost or all available ports are taken, clash resolution can\ntake a very long time, resulting in soft lockup.\n\nThis can happen when many to-be-natted hosts connect to same\ndestination:port (e.g. a proxy) and all connections pass the same SNAT.\n\nPick a random offset in the acceptable range, then try ever smaller\nnumber of adjacent port numbers, until either the limit is reached or a\nuseable port was found. This results in at most 248 attempts\n(128 + 64 + 32 + 16 + 8, i.e. 4 restarts with new search offset)\ninstead of 64000+.\n\nSigned-off-by: wenxu <wenxu@ucloud.cn>\n---\n lib/conntrack.c | 35 +++++++++++++++++++++++++++++++----\n 1 file changed, 31 insertions(+), 4 deletions(-)", "diff": "diff --git a/lib/conntrack.c b/lib/conntrack.c\nindex 2d14205..bc7de17 100644\n--- a/lib/conntrack.c\n+++ b/lib/conntrack.c\n@@ -2414,6 +2414,10 @@ nat_get_unique_tuple(struct conntrack *ct, const struct conn *conn,\n conn->key.nw_proto == IPPROTO_UDP;\n uint16_t min_dport, max_dport, curr_dport, orig_dport;\n uint16_t min_sport, max_sport, curr_sport, orig_sport;\n+ static const unsigned int max_attempts = 128;\n+ uint16_t range_src, range_dst, range_max;\n+ unsigned int attempts;\n+ unsigned int i;\n \n min_addr = conn->nat_info->min_addr;\n max_addr = conn->nat_info->max_addr;\n@@ -2430,6 +2434,10 @@ nat_get_unique_tuple(struct conntrack *ct, const struct conn *conn,\n set_dport_range(conn->nat_info, &conn->key, hash, &orig_dport,\n &min_dport, &max_dport);\n \n+ range_src = max_sport - min_sport + 1;\n+ range_dst = max_dport - min_dport + 1;\n+ range_max = range_src > range_dst ? range_src : range_dst;\n+\n another_round:\n store_addr_to_key(&curr_addr, &nat_conn->rev_key,\n conn->nat_info->nat_action);\n@@ -2446,17 +2454,36 @@ another_round:\n curr_sport = orig_sport;\n curr_dport = orig_dport;\n \n+ attempts = range_max;\n+ if (attempts > max_attempts) {\n+ attempts = max_attempts;\n+ }\n+\n+another_port_round:\n+ i = 0;\n FOR_EACH_PORT_IN_RANGE(curr_dport, min_dport, max_dport) {\n nat_conn->rev_key.src.port = htons(curr_dport);\n FOR_EACH_PORT_IN_RANGE(curr_sport, min_sport, max_sport) {\n- nat_conn->rev_key.dst.port = htons(curr_sport);\n- if (!conn_lookup(ct, &nat_conn->rev_key,\n- time_msec(), NULL, NULL)) {\n- return true;\n+ if (i++ < attempts) {\n+ nat_conn->rev_key.dst.port = htons(curr_sport);\n+ if (!conn_lookup(ct, &nat_conn->rev_key,\n+ time_msec(), NULL, NULL)) {\n+ return true;\n+ }\n }\n }\n }\n \n+ if (attempts >= range_max || attempts < 16) {\n+ goto next_addr;\n+ }\n+\n+ attempts /= 2;\n+ curr_dport = random_uint32() % range_dst;\n+ curr_sport = random_uint32() % range_src;\n+\n+ goto another_port_round;\n+\n /* Check if next IP is in range and respin. Otherwise, notify\n * exhaustion to the caller. */\n next_addr:\n", "prefixes": [ "ovs-dev", "v2", "2/2" ] }