[ovs-dev] [PATCH] datapath-windows: Add an upper limit to conntrack entries
Sairam Venugopal
vsairam at vmware.com
Mon Aug 28 23:56:13 UTC 2017
The current implementation lacked an upper bound of number of entries in
the system. Set the size to ~2M (2^21) for the time being.
Signed-off-by: Sairam Venugopal <vsairam at vmware.com>
---
datapath-windows/ovsext/Conntrack.c | 6 ++++++
datapath-windows/ovsext/Conntrack.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index ce8c1c8..30de806 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -722,6 +722,12 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx,
entry = NULL;
}
+ if (!entry && commit && ctTotalEntries >= CT_MAX_ENTRIES) {
+ /* Don't proceed with processing if the max limit has been hit */
+ NdisReleaseRWLock(ovsConntrackLockObj, &lockState);
+ return NDIS_STATUS_RESOURCES;
+ }
+
if (!entry) {
/* If no matching entry was found, create one and add New state */
entry = OvsCtEntryCreate(fwdCtx, key->ipKey.nwProto,
diff --git a/datapath-windows/ovsext/Conntrack.h b/datapath-windows/ovsext/Conntrack.h
index bca7d90..be5f34d 100644
--- a/datapath-windows/ovsext/Conntrack.h
+++ b/datapath-windows/ovsext/Conntrack.h
@@ -131,6 +131,7 @@ typedef struct OvsConntrackKeyLookupCtx {
BOOLEAN related;
} OvsConntrackKeyLookupCtx;
+#define CT_MAX_ENTRIES 1 << 21
#define CT_HASH_TABLE_SIZE ((UINT32)1 << 10)
#define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1)
#define CT_INTERVAL_SEC 10000000LL //1s
--
2.9.0.windows.1
More information about the dev
mailing list