Avoid active connection prevent timeout of idle conns after it

Fix a logic error related to timing out of the connections
following the active one. To avoid this class of issue in
the future, create corresponding testcases, as well as some
trivial sanity testcases for both IPv4 and IPv6.

Since these tests are timing-dependent and take up time,
mark them as extended tests.

Change-Id: I2c72bad5efda7db8aa9cb05801fe47928dc47927
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

2 files changed, 12 insertions, 10 deletions

diff --git a/src/plugins/acl/fa_node.c b/src/plugins/acl/fa_node.c
index b706fce87a8..c71429e76c6 100644
--- a/src/plugins/acl/fa_node.c
+++ b/src/plugins/acl/fa_node.c
@@ -570,10 +570,11 @@ acl_fa_ifc_init_sessions (acl_main_t * am, int sw_if_index0)
 }
 
 static void
-acl_fa_conn_list_add_session (acl_main_t * am, u32 sess_id)
+acl_fa_conn_list_add_session (acl_main_t * am, u32 sess_id, u64 now)
 {
   fa_session_t *sess = am->fa_sessions_pool + sess_id;
   u8 list_id = fa_session_get_timeout_type(am, sess);
+  sess->link_enqueue_time = now;
   sess->link_list_id = list_id;
   sess->link_next_idx = ~0;
   sess->link_prev_idx = am->fa_conn_list_tail[list_id];
@@ -629,7 +630,7 @@ acl_fa_restart_timer_for_session (acl_main_t * am, u64 now, u32 sess_id)
 {
   // fa_session_t *sess = am->fa_sessions_pool + sess_id;
   acl_fa_conn_list_delete_session(am, sess_id);
-  acl_fa_conn_list_add_session(am, sess_id);
+  acl_fa_conn_list_add_session(am, sess_id, now);
 }
 
 
@@ -720,7 +721,7 @@ acl_fa_add_session (acl_main_t * am, int is_input, u32 sw_if_index, u64 now,
 
   BV (clib_bihash_add_del) (&am->fa_sessions_by_sw_if_index[sw_if_index],
 			    &kv, 1);
-  acl_fa_conn_list_add_session(am, sess_id);
+  acl_fa_conn_list_add_session(am, sess_id, now);
 
   vec_validate (am->fa_session_adds_by_sw_if_index, sw_if_index);
   am->fa_session_adds_by_sw_if_index[sw_if_index]++;
@@ -1097,12 +1098,12 @@ acl_fa_clean_sessions_by_sw_if_index (acl_main_t *am, u32 sw_if_index, u32 *coun
 static vlib_node_registration_t acl_fa_session_cleaner_process_node;
 
 static int
-acl_fa_conn_has_timed_out (acl_main_t *am, u64 now, u32 session_index)
+acl_fa_conn_time_to_check (acl_main_t *am, u64 now, u32 session_index)
 {
   fa_session_t *sess = am->fa_sessions_pool + session_index;
-  u64 sess_timeout_time =
-              sess->last_active_time + fa_session_get_timeout (am, sess);
-  return (sess_timeout_time < now);
+  u64 timeout_time =
+              sess->link_enqueue_time + fa_session_get_timeout (am, sess);
+  return (timeout_time < now);
 }
 
 
@@ -1210,7 +1211,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
         for(tt = 0; tt < ACL_N_TIMEOUTS; tt++) {
           while((vec_len(expired) < 2*am->fa_max_deleted_sessions_per_interval)
                 && (~0 != am->fa_conn_list_head[tt])
-                && (acl_fa_conn_has_timed_out(am, now,
+                && (acl_fa_conn_time_to_check(am, now,
                                               am->fa_conn_list_head[tt]))) {
             u32 sess_id = am->fa_conn_list_head[tt];
             vec_add1(expired, sess_id);
@@ -1237,7 +1238,7 @@ acl_fa_session_cleaner_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
                 /* There was activity on the session, so the idle timeout
                    has not passed. Enqueue for another time period. */
 
-                acl_fa_conn_list_add_session(am, session_index);
+                acl_fa_conn_list_add_session(am, session_index, now);
 
 		/* FIXME: When/if moving to timer wheel,
                    pretend we did this in the past,
diff --git a/src/plugins/acl/fa_node.h b/src/plugins/acl/fa_node.h
index 8edd0069217..861836226da 100644
--- a/src/plugins/acl/fa_node.h
+++ b/src/plugins/acl/fa_node.h
@@ -63,7 +63,8 @@ typedef struct {
   u8 reserved1;           /* +1 bytes = 64 */
   u32 link_prev_idx;
   u32 link_next_idx;
-  u64 reserved2[7];
+  u64 link_enqueue_time;
+  u64 reserved2[6];
 } fa_session_t;