summaryrefslogtreecommitdiff
path: root/datapath-windows
diff options
context:
space:
mode:
authorSairam Venugopal <vsairam@vmware.com>2017-08-30 13:26:34 -0700
committerAlin Gabriel Serdean <aserdean@ovn.org>2017-09-01 23:03:10 +0300
commitc3a90b467a02140b27cd65b79f91db72fcbb266a (patch)
tree814df788589a174fc581fb4a82cf05f874f51760 /datapath-windows
parentd4c7e5fce43ffe01bd1da7bc9df7f840360c3b17 (diff)
downloadopenvswitch-c3a90b467a02140b27cd65b79f91db72fcbb266a.tar.gz
datapath-windows: Add an upper limit to conntrack entries
The current implementation lacked an upper bound of number of entries in the system. Set the size to ~2M (2^21) for the time being. Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-by: Shashank Ram <rams@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@ovn.org> Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Diffstat (limited to 'datapath-windows')
-rw-r--r--datapath-windows/ovsext/Conntrack.c10
-rw-r--r--datapath-windows/ovsext/Conntrack.h1
2 files changed, 11 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index ce8c1c85e..8bcda05e2 100644
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -722,6 +722,16 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx,
entry = NULL;
}
+ if (!entry && commit && ctTotalEntries >= CT_MAX_ENTRIES) {
+ /* Don't proceed with processing if the max limit has been hit.
+ * This blocks only new entries from being created and doesn't
+ * affect existing connections.
+ */
+ NdisReleaseRWLock(ovsConntrackLockObj, &lockState);
+ OVS_LOG_ERROR("Conntrack Limit hit: %lu", ctTotalEntries);
+ return NDIS_STATUS_RESOURCES;
+ }
+
if (!entry) {
/* If no matching entry was found, create one and add New state */
entry = OvsCtEntryCreate(fwdCtx, key->ipKey.nwProto,
diff --git a/datapath-windows/ovsext/Conntrack.h b/datapath-windows/ovsext/Conntrack.h
index bca7d9051..be5f34dc5 100644
--- a/datapath-windows/ovsext/Conntrack.h
+++ b/datapath-windows/ovsext/Conntrack.h
@@ -131,6 +131,7 @@ typedef struct OvsConntrackKeyLookupCtx {
BOOLEAN related;
} OvsConntrackKeyLookupCtx;
+#define CT_MAX_ENTRIES 1 << 21
#define CT_HASH_TABLE_SIZE ((UINT32)1 << 10)
#define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1)
#define CT_INTERVAL_SEC 10000000LL //1s
View Lorry Controller Status