[ovs-dev] Openvswitch patch doubts:conntrack: Fix missed 'conn' lookup checks.

Ben Pfaff blp at ovn.org
Fri Jun 25 18:40:48 UTC 2021


On Fri, Jun 25, 2021 at 11:36:12AM +0800, user wrote:
> Hi Darrell,
>       I'm currently doing some tests on OVS-DPDK and trying to optimize it, in the process I found your patch(28274f7 conntrack: Fix missed 'conn' lookup checks.) made OVS check for the presence of the 'conn' entry before inserting it:
> 
> @@ -1158,8 +1165,11 @@ process_one(struct conntrack *ct, struct dp_packet *pkt,
>         ovs_rwlock_unlock(&ct->resources_lock);
> 
>         ovs_mutex_lock(&ct->ct_lock);
> -        conn = conn_not_found(ct, pkt, ctx, commit, now, nat_action_info,
> -                              helper, alg_exp, ct_alg_ctl);
> +        hash = conn_key_hash(&ctx->key, ct->hash_basis);
> +        if (!conn_key_lookup(ct, &ctx->key, hash, now, NULL, NULL)) {
> +            conn = conn_not_found(ct, pkt, ctx, commit, now, nat_action_info,
> +                                  helper, alg_exp, ct_alg_ctl);
> +        }
>         ovs_mutex_unlock(&ct->ct_lock);
>     }
> 
>       I'm very confused about the reason we should do this, you mentioned that there were some cases that were missed, so fix them, could you please explain what scenarios we need to do this?

Without looking for the details, I would guess that there is a race
between one thread creating a given connection entry and another thread
doing it, and that checking for the entry with the lock held fixes the
race.


More information about the dev mailing list