{"id":807887,"url":"http://patchwork.ozlabs.org/api/1.2/patches/807887/?format=json","web_url":"http://patchwork.ozlabs.org/project/openvswitch/patch/20170830202634.243620-1-vsairam@vmware.com/","project":{"id":47,"url":"http://patchwork.ozlabs.org/api/1.2/projects/47/?format=json","name":"Open vSwitch","link_name":"openvswitch","list_id":"ovs-dev.openvswitch.org","list_email":"ovs-dev@openvswitch.org","web_url":"http://openvswitch.org/","scm_url":"git@github.com:openvswitch/ovs.git","webscm_url":"https://github.com/openvswitch/ovs","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170830202634.243620-1-vsairam@vmware.com>","list_archive_url":null,"date":"2017-08-30T20:26:34","name":"[ovs-dev,v2] datapath-windows: Add an upper limit to conntrack entries","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"90d56880e7450e7d71db9d38b2651f6ee6ddb59f","submitter":{"id":67182,"url":"http://patchwork.ozlabs.org/api/1.2/people/67182/?format=json","name":"Sairam Venugopal","email":"vsairam@vmware.com"},"delegate":{"id":60372,"url":"http://patchwork.ozlabs.org/api/1.2/users/60372/?format=json","username":"shettyg","first_name":"Guru","last_name":"Shetty","email":"guru@ovn.org"},"mbox":"http://patchwork.ozlabs.org/project/openvswitch/patch/20170830202634.243620-1-vsairam@vmware.com/mbox/","series":[{"id":698,"url":"http://patchwork.ozlabs.org/api/1.2/series/698/?format=json","web_url":"http://patchwork.ozlabs.org/project/openvswitch/list/?series=698","date":"2017-08-30T20:26:34","name":"[ovs-dev,v2] datapath-windows: Add an upper limit to conntrack entries","version":2,"mbox":"http://patchwork.ozlabs.org/series/698/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/807887/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/807887/checks/","tags":{},"related":[],"headers":{"Return-Path":"<ovs-dev-bounces@openvswitch.org>","X-Original-To":["incoming@patchwork.ozlabs.org","dev@openvswitch.org"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","ovs-dev@mail.linuxfoundation.org"],"Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=openvswitch.org\n\t(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;\n\tenvelope-from=ovs-dev-bounces@openvswitch.org;\n\treceiver=<UNKNOWN>)","Received":["from mail.linuxfoundation.org (mail.linuxfoundation.org\n\t[140.211.169.12])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xjH9947M3z9sNw\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 31 Aug 2017 06:26:53 +1000 (AEST)","from mail.linux-foundation.org (localhost [127.0.0.1])\n\tby mail.linuxfoundation.org (Postfix) with ESMTP id C41F9BFF;\n\tWed, 30 Aug 2017 20:26:37 +0000 (UTC)","from smtp1.linuxfoundation.org (smtp1.linux-foundation.org\n\t[172.17.192.35])\n\tby mail.linuxfoundation.org (Postfix) with ESMTPS id 8DC34BC6\n\tfor <dev@openvswitch.org>; Wed, 30 Aug 2017 20:26:37 +0000 (UTC)","from EX13-EDG-OU-001.vmware.com (ex13-edg-ou-001.vmware.com\n\t[208.91.0.189])\n\tby smtp1.linuxfoundation.org (Postfix) with ESMTPS id F3BB5499\n\tfor <dev@openvswitch.org>; Wed, 30 Aug 2017 20:26:36 +0000 (UTC)","from sc9-mailhost3.vmware.com (10.113.161.73) by\n\tEX13-EDG-OU-001.vmware.com (10.113.208.155) with Microsoft SMTP\n\tServer id 15.0.1156.6; Wed, 30 Aug 2017 13:26:36 -0700","from vsairam-w01.vmware.com (htb-1s-eng-dhcp42.eng.vmware.com\n\t[10.33.78.42])\n\tby sc9-mailhost3.vmware.com (Postfix) with ESMTP id 76EBB406B7;\n\tWed, 30 Aug 2017 13:26:36 -0700 (PDT)"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","From":"Sairam Venugopal <vsairam@vmware.com>","To":"<dev@openvswitch.org>","Date":"Wed, 30 Aug 2017 13:26:34 -0700","Message-ID":"<20170830202634.243620-1-vsairam@vmware.com>","X-Mailer":"git-send-email 2.9.0.windows.1","MIME-Version":"1.0","Received-SPF":"None (EX13-EDG-OU-001.vmware.com: vsairam@vmware.com does not\n\tdesignate permitted sender hosts)","X-Spam-Status":"No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,\n\tRP_MATCHES_RCVD autolearn=disabled version=3.3.1","X-Spam-Checker-Version":"SpamAssassin 3.3.1 (2010-03-16) on\n\tsmtp1.linux-foundation.org","Subject":"[ovs-dev] [PATCH v2] datapath-windows: Add an upper limit to\n\tconntrack entries","X-BeenThere":"ovs-dev@openvswitch.org","X-Mailman-Version":"2.1.12","Precedence":"list","List-Id":"<ovs-dev.openvswitch.org>","List-Unsubscribe":"<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n\t<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>","List-Archive":"<http://mail.openvswitch.org/pipermail/ovs-dev/>","List-Post":"<mailto:ovs-dev@openvswitch.org>","List-Help":"<mailto:ovs-dev-request@openvswitch.org?subject=help>","List-Subscribe":"<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n\t<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"ovs-dev-bounces@openvswitch.org","Errors-To":"ovs-dev-bounces@openvswitch.org"},"content":"The current implementation lacked an upper bound of number of entries in\nthe system. Set the size to ~2M (2^21) for the time being.\n\nSigned-off-by: Sairam Venugopal <vsairam@vmware.com>\n---\n datapath-windows/ovsext/Conntrack.c | 10 ++++++++++\n datapath-windows/ovsext/Conntrack.h |  1 +\n 2 files changed, 11 insertions(+)","diff":"diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c\nindex ce8c1c8..8bcda05 100644\n--- a/datapath-windows/ovsext/Conntrack.c\n+++ b/datapath-windows/ovsext/Conntrack.c\n@@ -722,6 +722,16 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx,\n         entry = NULL;\n     }\n \n+    if (!entry && commit && ctTotalEntries >= CT_MAX_ENTRIES) {\n+        /* Don't proceed with processing if the max limit has been hit.\n+         * This blocks only new entries from being created and doesn't\n+         * affect existing connections.\n+         */\n+        NdisReleaseRWLock(ovsConntrackLockObj, &lockState);\n+        OVS_LOG_ERROR(\"Conntrack Limit hit: %lu\", ctTotalEntries);\n+        return NDIS_STATUS_RESOURCES;\n+    }\n+\n     if (!entry) {\n         /* If no matching entry was found, create one and add New state */\n         entry = OvsCtEntryCreate(fwdCtx, key->ipKey.nwProto,\ndiff --git a/datapath-windows/ovsext/Conntrack.h b/datapath-windows/ovsext/Conntrack.h\nindex bca7d90..be5f34d 100644\n--- a/datapath-windows/ovsext/Conntrack.h\n+++ b/datapath-windows/ovsext/Conntrack.h\n@@ -131,6 +131,7 @@ typedef struct OvsConntrackKeyLookupCtx {\n     BOOLEAN         related;\n } OvsConntrackKeyLookupCtx;\n \n+#define CT_MAX_ENTRIES 1 << 21\n #define CT_HASH_TABLE_SIZE ((UINT32)1 << 10)\n #define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1)\n #define CT_INTERVAL_SEC 10000000LL //1s\n","prefixes":["ovs-dev","v2"]}