Skip to content

Commit

Permalink
conntrack: Stop exporting internal datastructures.
Browse files Browse the repository at this point in the history
Stop the exporting of the main internal conntrack datastructure.

Signed-off-by: Darrell Ball <[email protected]>
Signed-off-by: Ben Pfaff <[email protected]>
  • Loading branch information
darball1 authored and blp committed May 3, 2019
1 parent abf1155 commit 57593fd
Show file tree
Hide file tree
Showing 5 changed files with 205 additions and 207 deletions.
174 changes: 174 additions & 0 deletions lib/conntrack-private.h
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,180 @@ enum ct_conn_type {
CT_CONN_TYPE_UN_NAT,
};

/* 'struct ct_lock' is a wrapper for an adaptive mutex. It's useful to try
* different types of locks (e.g. spinlocks) */

struct OVS_LOCKABLE ct_lock {
struct ovs_mutex lock;
};

static inline void ct_lock_init(struct ct_lock *lock)
{
ovs_mutex_init_adaptive(&lock->lock);
}

static inline void ct_lock_lock(struct ct_lock *lock)
OVS_ACQUIRES(lock)
OVS_NO_THREAD_SAFETY_ANALYSIS
{
ovs_mutex_lock(&lock->lock);
}

static inline void ct_lock_unlock(struct ct_lock *lock)
OVS_RELEASES(lock)
OVS_NO_THREAD_SAFETY_ANALYSIS
{
ovs_mutex_unlock(&lock->lock);
}

static inline void ct_lock_destroy(struct ct_lock *lock)
{
ovs_mutex_destroy(&lock->lock);
}

struct OVS_LOCKABLE ct_rwlock {
struct ovs_rwlock lock;
};

static inline void ct_rwlock_init(struct ct_rwlock *lock)
{
ovs_rwlock_init(&lock->lock);
}


static inline void ct_rwlock_wrlock(struct ct_rwlock *lock)
OVS_ACQ_WRLOCK(lock)
OVS_NO_THREAD_SAFETY_ANALYSIS
{
ovs_rwlock_wrlock(&lock->lock);
}

static inline void ct_rwlock_rdlock(struct ct_rwlock *lock)
OVS_ACQ_RDLOCK(lock)
OVS_NO_THREAD_SAFETY_ANALYSIS
{
ovs_rwlock_rdlock(&lock->lock);
}

static inline void ct_rwlock_unlock(struct ct_rwlock *lock)
OVS_RELEASES(lock)
OVS_NO_THREAD_SAFETY_ANALYSIS
{
ovs_rwlock_unlock(&lock->lock);
}

static inline void ct_rwlock_destroy(struct ct_rwlock *lock)
{
ovs_rwlock_destroy(&lock->lock);
}

/* Timeouts: all the possible timeout states passed to update_expiration()
* are listed here. The name will be prefix by CT_TM_ and the value is in
* milliseconds */
#define CT_TIMEOUTS \
CT_TIMEOUT(TCP_FIRST_PACKET, 30 * 1000) \
CT_TIMEOUT(TCP_OPENING, 30 * 1000) \
CT_TIMEOUT(TCP_ESTABLISHED, 24 * 60 * 60 * 1000) \
CT_TIMEOUT(TCP_CLOSING, 15 * 60 * 1000) \
CT_TIMEOUT(TCP_FIN_WAIT, 45 * 1000) \
CT_TIMEOUT(TCP_CLOSED, 30 * 1000) \
CT_TIMEOUT(OTHER_FIRST, 60 * 1000) \
CT_TIMEOUT(OTHER_MULTIPLE, 60 * 1000) \
CT_TIMEOUT(OTHER_BIDIR, 30 * 1000) \
CT_TIMEOUT(ICMP_FIRST, 60 * 1000) \
CT_TIMEOUT(ICMP_REPLY, 30 * 1000)

/* The smallest of the above values: it is used as an upper bound for the
* interval between two rounds of cleanup of expired entries */
#define CT_TM_MIN (30 * 1000)

#define CT_TIMEOUT(NAME, VAL) BUILD_ASSERT_DECL(VAL >= CT_TM_MIN);
CT_TIMEOUTS
#undef CT_TIMEOUT

enum ct_timeout {
#define CT_TIMEOUT(NAME, VALUE) CT_TM_##NAME,
CT_TIMEOUTS
#undef CT_TIMEOUT
N_CT_TM
};


/* Locking:
*
* The connections are kept in different buckets, which are completely
* independent. The connection bucket is determined by the hash of its key.
*
* Each bucket has two locks. Acquisition order is, from outermost to
* innermost:
*
* cleanup_mutex
* lock
*
* */
struct conntrack_bucket {
/* Protects 'connections' and 'exp_lists'. Used in the fast path */
struct ct_lock lock;
/* Contains the connections in the bucket, indexed by 'struct conn_key' */
struct hmap connections OVS_GUARDED;
/* For each possible timeout we have a list of connections. When the
* timeout of a connection is updated, we move it to the back of the list.
* Since the connection in a list have the same relative timeout, the list
* will be ordered, with the oldest connections to the front. */
struct ovs_list exp_lists[N_CT_TM] OVS_GUARDED;

/* Protects 'next_cleanup'. Used to make sure that there's only one thread
* performing the cleanup. */
struct ovs_mutex cleanup_mutex;
long long next_cleanup OVS_GUARDED;
};

#define CONNTRACK_BUCKETS_SHIFT 8
#define CONNTRACK_BUCKETS (1 << CONNTRACK_BUCKETS_SHIFT)

struct conntrack {
/* Independent buckets containing the connections */
struct conntrack_bucket buckets[CONNTRACK_BUCKETS];

/* Salt for hashing a connection key. */
uint32_t hash_basis;
/* The thread performing periodic cleanup of the connection
* tracker. */
pthread_t clean_thread;
/* Latch to destroy the 'clean_thread' */
struct latch clean_thread_exit;

/* Number of connections currently in the connection tracker. */
atomic_count n_conn;
/* Connections limit. When this limit is reached, no new connection
* will be accepted. */
atomic_uint n_conn_limit;

/* The following resources are referenced during nat connection
* creation and deletion. */
struct hmap nat_conn_keys OVS_GUARDED;
/* Hash table for alg expectations. Expectations are created
* by control connections to help create data connections. */
struct hmap alg_expectations OVS_GUARDED;
/* Used to lookup alg expectations from the control context. */
struct hindex alg_expectation_refs OVS_GUARDED;
/* Expiry list for alg expectations. */
struct ovs_list alg_exp_list OVS_GUARDED;
/* This lock is used during NAT connection creation and deletion;
* it is taken after a bucket lock and given back before that
* bucket unlock.
* This lock is similarly used to guard alg_expectations and
* alg_expectation_refs. If a bucket lock is also held during
* the normal code flow, then is must be taken first and released
* last.
*/
struct ct_rwlock resources_lock;

/* Fragmentation handling context. */
struct ipf *ipf;

};

struct ct_l4_proto {
struct conn *(*new_conn)(struct conntrack_bucket *, struct dp_packet *pkt,
long long now);
Expand Down
8 changes: 6 additions & 2 deletions lib/conntrack.c
Original file line number Diff line number Diff line change
Expand Up @@ -308,11 +308,13 @@ ct_print_conn_info(const struct conn *c, const char *log_msg,

/* Initializes the connection tracker 'ct'. The caller is responsible for
* calling 'conntrack_destroy()', when the instance is not needed anymore */
void
conntrack_init(struct conntrack *ct)
struct conntrack *
conntrack_init(void)
{
long long now = time_msec();

struct conntrack *ct = xzalloc(sizeof *ct);

ct_rwlock_init(&ct->resources_lock);
ct_rwlock_wrlock(&ct->resources_lock);
hmap_init(&ct->nat_conn_keys);
Expand Down Expand Up @@ -342,6 +344,8 @@ conntrack_init(struct conntrack *ct)
latch_init(&ct->clean_thread_exit);
ct->clean_thread = ovs_thread_create("ct_clean", clean_thread_main, ct);
ct->ipf = ipf_init();

return ct;
}

/* Destroys the connection tracker 'ct' and frees all the allocated memory. */
Expand Down
Loading

0 comments on commit 57593fd

Please sign in to comment.