diff options
| author |   Andrew Yourtchenko <ayourtch@gmail.com> | 2018-05-30 22:29:29 +0200 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2018-06-02 06:01:42 +0000 |
| commit | 4bc1796b346efd10f3fb19b176ff089179263a24 (patch) | |
| tree | a469e104bd24039fe5f804556446216b9f1ac9e0 /src/plugins/acl/acl.h | |
| parent | b2371c25fed6b2e751163df590bb9d9a93a75a0f (diff) | |
acl-plugin: multicore: session management fixes
- implement a 1us purgatory for the session structures
by adding a special connection list, where all connections
about to be deleted go.
- add per-list-head timeouts updated upon the list enqueue/dequeue
for connection idle management
- add a "unused" session list with list ID#0, which should
never be used unless there is a logic error. Use this ID
to initialize the sessions.
- improve the maintainability of the session linked list
structures by using symbolic bogus index name instead of ~0
- change the ordering of session creations - first reverse, then
local. To minimize the potential for two workers competing for
the same session in the corner case of the two packets
on different workers creating the same logical session
- reduce the maximum session count to keep the memory usage the same
- add extra log/debug/trace to session cleaning logic
- be more aggressive with cleaning up sessions - wind up the
interrupts from the workers to themselves if there is more
work to do
Change-Id: I3aa1c91a925a08e83793467cb15bda178c21e426
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl/acl.h')
| -rw-r--r-- | src/plugins/acl/acl.h | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/plugins/acl/acl.h b/src/plugins/acl/acl.h index 51c5b0c18db..0c0a6db5af7 100644 --- a/src/plugins/acl/acl.h +++ b/src/plugins/acl/acl.h @@ -38,6 +38,8 @@ #define TCP_SESSION_IDLE_TIMEOUT_SEC (3600*24) #define TCP_SESSION_TRANSIENT_TIMEOUT_SEC 120 +#define SESSION_PURGATORY_TIMEOUT_USEC 10 + #define ACL_PLUGIN_HASH_LOOKUP_HEAP_SIZE (2 << 25) #define ACL_PLUGIN_HASH_LOOKUP_HASH_BUCKETS 65536 #define ACL_PLUGIN_HASH_LOOKUP_HASH_MEMORY (2 << 25) @@ -49,9 +51,12 @@ void input_acl_packet_match(u32 sw_if_index, vlib_buffer_t * b0, u32 *nextp, u32 void output_acl_packet_match(u32 sw_if_index, vlib_buffer_t * b0, u32 *nextp, u32 *acl_match_p, u32 *rule_match_p, u32 *trace_bitmap); enum acl_timeout_e { - ACL_TIMEOUT_UDP_IDLE = 0, + ACL_TIMEOUT_UNUSED = 0, + ACL_TIMEOUT_UDP_IDLE, ACL_TIMEOUT_TCP_IDLE, ACL_TIMEOUT_TCP_TRANSIENT, + ACL_N_USER_TIMEOUTS, + ACL_TIMEOUT_PURGATORY = ACL_N_USER_TIMEOUTS, /* a special-case queue for deletion-in-progress sessions */ ACL_N_TIMEOUTS }; @@ -249,6 +254,8 @@ typedef struct { /* total session adds/dels */ u64 fa_session_total_adds; u64 fa_session_total_dels; + /* how many sessions went into purgatory */ + u64 fa_session_total_deactivations; /* L2 datapath glue */ @@ -325,8 +332,21 @@ typedef struct { /* convenience */ vlib_main_t * vlib_main; vnet_main_t * vnet_main; + /* logging */ + vlib_log_class_t log_default; } acl_main_t; +#define acl_log_err(...) \ + vlib_log(VLIB_LOG_LEVEL_ERR, acl_main.log_default, __VA_ARGS__) +#define acl_log_warn(...) \ + vlib_log(VLIB_LOG_LEVEL_WARNING, acl_main.log_default, __VA_ARGS__) +#define acl_log_notice(...) \ + vlib_log(VLIB_LOG_LEVEL_NOTICE, acl_main.log_default, __VA_ARGS__) +#define acl_log_info(...) \ + vlib_log(VLIB_LOG_LEVEL_INFO, acl_main.log_default, __VA_ARGS__) + + + #define foreach_acl_eh \ _(HOPBYHOP , 0 , "IPv6ExtHdrHopByHop") \ _(ROUTING , 43 , "IPv6ExtHdrRouting") \ |