The current implementation lacked an upper bound of number of entries in the system. Set the size to ~2M (2^21) for the time being.
Signed-off-by: Sairam Venugopal <[email protected]> --- datapath-windows/ovsext/Conntrack.c | 6 ++++++ datapath-windows/ovsext/Conntrack.h | 1 + 2 files changed, 7 insertions(+) diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c index ce8c1c8..30de806 100644 --- a/datapath-windows/ovsext/Conntrack.c +++ b/datapath-windows/ovsext/Conntrack.c @@ -722,6 +722,12 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx, entry = NULL; } + if (!entry && commit && ctTotalEntries >= CT_MAX_ENTRIES) { + /* Don't proceed with processing if the max limit has been hit */ + NdisReleaseRWLock(ovsConntrackLockObj, &lockState); + return NDIS_STATUS_RESOURCES; + } + if (!entry) { /* If no matching entry was found, create one and add New state */ entry = OvsCtEntryCreate(fwdCtx, key->ipKey.nwProto, diff --git a/datapath-windows/ovsext/Conntrack.h b/datapath-windows/ovsext/Conntrack.h index bca7d90..be5f34d 100644 --- a/datapath-windows/ovsext/Conntrack.h +++ b/datapath-windows/ovsext/Conntrack.h @@ -131,6 +131,7 @@ typedef struct OvsConntrackKeyLookupCtx { BOOLEAN related; } OvsConntrackKeyLookupCtx; +#define CT_MAX_ENTRIES 1 << 21 #define CT_HASH_TABLE_SIZE ((UINT32)1 << 10) #define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1) #define CT_INTERVAL_SEC 10000000LL //1s -- 2.9.0.windows.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
