summaryrefslogtreecommitdiffstats
path: root/src/plugins/acl
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-05-02 20:08:51 +0200
committerDave Barach <openvpp@barachs.net>2017-05-07 14:31:07 +0000
commit57d7dbc8bf8a49ee2421fe97bd3ed7099d2384bf (patch)
tree3f4d01a8d8b2ccf24774872546d500ded67ced6b /src/plugins/acl
parent9e79be2b20ba851ef0b31a9b2687e3b08d74456f (diff)
Avoid active connection prevent timeout of idle conns after it
Fix a logic error related to timing out of the connections following the active one. To avoid this class of issue in the future, create corresponding testcases, as well as some trivial sanity testcases for both IPv4 and IPv6. Since these tests are timing-dependent and take up time, mark them as extended tests. Change-Id: I2c72bad5efda7db8aa9cb05801fe47928dc47927 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/plugins/acl')
-rw-r--r--src/plugins/acl/fa_node.c19
-rw-r--r--src/plugins/acl/fa_node.h3
2 files changed, 12 insertions, 10 deletions
diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index b706fce87a8..c71429e76c6 100644
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -570,10 +570,11 @@ acl_fa_ifc_init_sessions (acl_main_t * am, int sw_if_index0)
}
static void
-acl_fa_conn_list_add_session (acl_main_t * am, u32 sess_id)
+acl_fa_conn_list_add_session (acl_main_t * am, u32 sess_id, u64 now)
{
fa_session_t *sess = am->fa_sessions_pool + sess_id;
u8 list_id = fa_session_get_timeout_type(am, sess);
+ sess->link_enqueue_time = now;
sess->link_list_id = list_id;
sess->link_next_idx = ~0;
sess->link_prev_idx = am->fa_conn_list_tail[list_id];
@@ -629,7 +630,7 @@ acl_fa_restart_timer_for_session (acl_main_t * am, u64 now, u32 sess_id)
{
// fa_session_t *sess = am->fa_sessions_pool + sess_id;
acl_fa_conn_list_delete_session(am, sess_id);
- acl_fa_conn_list_add_session(am, sess_id);
+ acl_fa_conn_list_add_session(am, sess_id, now);
}
@@ -720,7 +721,7 @@ acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
BV (clib_bihash_add_del) (&am->fa_sessions_by_sw_if_index[sw_if_index],
&kv, 1);
- acl_fa_conn_list_add_session(am, sess_id);
+ acl_fa_conn_list_add_session(am, sess_id, now);
vec_validate (am->fa_session_adds_by_sw_if_index, sw_if_index);
am->fa_session_adds_by_sw_if_index[sw_if_index]++;
@@ -1097,12 +1098,12 @@ acl_fa_clean_sessions_by_sw_if_index (acl_main_t *am, u32 sw_if_index, u32 *coun
static vlib_node_registration_t acl_fa_session_cleaner_process_node;
static int
-acl_fa_conn_has_timed_out (acl_main_t *am, u64 now, u32 session_index)
+acl_fa_conn_time_to_check (acl_main_t *am, u64 now, u32 session_index)
{
fa_session_t *sess = am->fa_sessions_pool + session_index;
- u64 sess_timeout_time =
- sess->last_active_time + fa_session_get_timeout (am, sess);
- return (sess_timeout_time < now);
+ u64 timeout_time =
+ sess->link_enqueue_time + fa_session_get_timeout (am, sess);
+ return (timeout_time < now);
}
@@ -1210,7 +1211,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
for(tt = 0; tt < ACL_N_TIMEOUTS; tt++) {
while((vec_len(expired) < 2*am->fa_max_deleted_sessions_per_interval)
&& (~0 != am->fa_conn_list_head[tt])
- && (acl_fa_conn_has_timed_out(am, now,
+ && (acl_fa_conn_time_to_check(am, now,
am->fa_conn_list_head[tt]))) {
u32 sess_id = am->fa_conn_list_head[tt];
vec_add1(expired, sess_id);
@@ -1237,7 +1238,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
/* There was activity on the session, so the idle timeout
has not passed. Enqueue for another time period. */
- acl_fa_conn_list_add_session(am, session_index);
+ acl_fa_conn_list_add_session(am, session_index, now);
/* FIXME: When/if moving to timer wheel,
pretend we did this in the past,
diff --git a/src/plugins/acl/fa_node.h b/src/plugins/acl/fa_node.h
index 8edd0069217..861836226da 100644
--- a/src/plugins/acl/fa_node.h
+++ b/src/plugins/acl/fa_node.h
@@ -63,7 +63,8 @@ typedef struct {
u8 reserved1; /* +1 bytes = 64 */
u32 link_prev_idx;
u32 link_next_idx;
- u64 reserved2[7];
+ u64 link_enqueue_time;
+ u64 reserved2[6];
} fa_session_t;