summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorGabriel Oginski <gabrielx.oginski@intel.com>2022-10-06 06:58:45 +0000
committerGabriel Oginski <gabrielx.oginski@intel.com>2022-12-01 06:47:07 +0000
commit583d4c94dc69f624a44a8dfa5c82165f3ca27271 (patch)
tree47ec5fefeabff30ee53dae04d131a227c7dd7687 /src
parent4afdfb4a069558a65269f26061c02a5d24632f6a (diff)
wireguard: add atomic mutex
The initiate handshake process can be called a numbers times for each peers, then the main VPP thread called by Wireguard starting to allocate memory. This behaviour can lead to out of memory when VPP has a lot of Wireguard tunnels concurrently. This fix add mutex to send only once handshake initiate at time for each peers. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79
Diffstat (limited to 'src')
-rw-r--r--src/plugins/wireguard/wireguard_peer.c1
-rw-r--r--src/plugins/wireguard/wireguard_peer.h3
-rw-r--r--src/plugins/wireguard/wireguard_send.c17
3 files changed, 19 insertions, 2 deletions
diff --git a/src/plugins/wireguard/wireguard_peer.c b/src/plugins/wireguard/wireguard_peer.c
index ef791c669dd..a8f1ab91644 100644
--- a/src/plugins/wireguard/wireguard_peer.c
+++ b/src/plugins/wireguard/wireguard_peer.c
@@ -83,6 +83,7 @@ wg_peer_clear (vlib_main_t * vm, wg_peer_t * peer)
peer->new_handshake_interval_tick = 0;
peer->rehandshake_interval_tick = 0;
peer->timer_need_another_keepalive = false;
+ peer->handshake_is_sent = false;
vec_free (peer->rewrite);
vec_free (peer->allowed_ips);
vec_free (peer->adj_indices);
diff --git a/src/plugins/wireguard/wireguard_peer.h b/src/plugins/wireguard/wireguard_peer.h
index 85df0727902..613c2640ad1 100644
--- a/src/plugins/wireguard/wireguard_peer.h
+++ b/src/plugins/wireguard/wireguard_peer.h
@@ -115,6 +115,9 @@ typedef struct wg_peer
u32 rehandshake_interval_tick;
bool timer_need_another_keepalive;
+
+ /* Handshake is sent to main thread? */
+ bool handshake_is_sent;
} wg_peer_t;
typedef struct wg_peer_table_bind_ctx_t_
diff --git a/src/plugins/wireguard/wireguard_send.c b/src/plugins/wireguard/wireguard_send.c
index 72fa11034bf..41b2e7706a1 100644
--- a/src/plugins/wireguard/wireguard_send.c
+++ b/src/plugins/wireguard/wireguard_send.c
@@ -214,8 +214,11 @@ wg_send_handshake_thread_fn (void *arg)
wg_main_t *wmp = &wg_main;
wg_peer_t *peer = wg_peer_get (a->peer_idx);
+ bool handshake;
wg_send_handshake (wmp->vlib_main, peer, a->is_retry);
+ handshake = false;
+ __atomic_store_n (&peer->handshake_is_sent, handshake, __ATOMIC_RELEASE);
return 0;
}
@@ -227,8 +230,18 @@ wg_send_handshake_from_mt (u32 peer_idx, bool is_retry)
.is_retry = is_retry,
};
- vl_api_rpc_call_main_thread (wg_send_handshake_thread_fn,
- (u8 *) & a, sizeof (a));
+ wg_peer_t *peer = wg_peer_get (peer_idx);
+
+ bool handshake =
+ __atomic_load_n (&peer->handshake_is_sent, __ATOMIC_ACQUIRE);
+
+ if (handshake == false)
+ {
+ handshake = true;
+ __atomic_store_n (&peer->handshake_is_sent, handshake, __ATOMIC_RELEASE);
+ vl_api_rpc_call_main_thread (wg_send_handshake_thread_fn, (u8 *) &a,
+ sizeof (a));
+ }
}
bool