Hi Anand, OvsProcessConntrackEntry ensures that the old entry is deleted before creating a new one. So it would prevent newer entries from being created or the limit being hit.
I added in the function before processing to exit out quickly only if there was no matching entry and commit was specified. Hope this answers your question. Thanks, Sairam On 8/29/17, 11:33 AM, "Anand Kumar" <[email protected]> wrote: >Hi Sairam, > >Thanks for the patch. Please find my comment inline. > >Regards, >Anand Kumar > >On 8/28/17, 4:56 PM, "[email protected] on behalf of Sairam >Venugopal" <[email protected] on behalf of [email protected]> >wrote: > > The current implementation lacked an upper bound of number of entries in > the system. Set the size to ~2M (2^21) for the time being. > > Signed-off-by: Sairam Venugopal <[email protected]> > --- > datapath-windows/ovsext/Conntrack.c | 6 ++++++ > datapath-windows/ovsext/Conntrack.h | 1 + > 2 files changed, 7 insertions(+) > > diff --git a/datapath-windows/ovsext/Conntrack.c > b/datapath-windows/ovsext/Conntrack.c > index ce8c1c8..30de806 100644 > --- a/datapath-windows/ovsext/Conntrack.c > +++ b/datapath-windows/ovsext/Conntrack.c > @@ -722,6 +722,12 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx, > entry = NULL; > } > > + if (!entry && commit && ctTotalEntries >= CT_MAX_ENTRIES) { > + /* Don't proceed with processing if the max limit has been hit */ > + NdisReleaseRWLock(ovsConntrackLockObj, &lockState); > + return NDIS_STATUS_RESOURCES; > + } > + > [AK]: Can we add this check inside OvsCtEntryCreate() function, as entry can > also be created in OvsProcessConntrackEntry() > > https://github.com/openvswitch/ovs/blob/master/datapath-windows/ovsext/Conntrack.c#L613 > > > if (!entry) { > /* If no matching entry was found, create one and add New state */ > entry = OvsCtEntryCreate(fwdCtx, key->ipKey.nwProto, > diff --git a/datapath-windows/ovsext/Conntrack.h > b/datapath-windows/ovsext/Conntrack.h > index bca7d90..be5f34d 100644 > --- a/datapath-windows/ovsext/Conntrack.h > +++ b/datapath-windows/ovsext/Conntrack.h > @@ -131,6 +131,7 @@ typedef struct OvsConntrackKeyLookupCtx { > BOOLEAN related; > } OvsConntrackKeyLookupCtx; > > +#define CT_MAX_ENTRIES 1 << 21 > #define CT_HASH_TABLE_SIZE ((UINT32)1 << 10) > #define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1) > #define CT_INTERVAL_SEC 10000000LL //1s > -- > 2.9.0.windows.1 > > _______________________________________________ > dev mailing list > [email protected] > > https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=Q5z9tBe-nAOpE7LIHSPV8uy5-437agMXvkeHHMkR8Us&m=EAviB6UFEys3jRhv7hULyGkP2OygltyfdtEaNlvOWDY&s=co2lpZtEG_VyCk3aIxQFVq4L0rnKR5iKtU2rsu8jFxc&e= > > > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
