|
Julian Anastasov <ja@xxxxxx> wrote:
>
> Hello,
>
> On Sat, 3 Dec 2005, Horms wrote:
>
>> > periods are not happy. It means that we give another 30mins to
>> > the SSL client to create other connections in same session, not
>> > 10 or 60 seconds.
>>
>> Yes, I'm concerned that giving 10 or 60 seconds would be the wrong
>> thing to do. Are you sure that there is no way to invalidate the
>> template at this point, that way we could give it a very short time out,
>> and not worry that would affect any future connection handling.
>
> We don't have the right to invalidate the template for all
> users, it breaks sessions.
> For me the logic is same: the packets
> extend the connection life with 15mins while the connections extend the
> session life with user-defined persistence timeout.
Ok, I've had a bit more of a think about this problem.
It seems to me that the real desire is that once a persistance
template expires, it shouldn't be used any more. It might
have to hang around for a bit because of controlled connections,
but it shouldn't be used for new connections.
With this in mind a propose the following, which perhaps should be split
into separate patches for inclusion by DaveM and the gang. I'll
worry about that if there is agreement about this idea.
2.4 version to follow.
commit 1f09f78e9e9746204a9e6aa982b297861620842d
tree b850959a5dd114091e969860c7e8043138232585
parent 4b50b2bd5023fffeaddfcc2c834b33f2a4cdf48d
author Horms <horms@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Mon, 05 Dec 2005 11:55:37 +0900
committer Horms <horms@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Mon, 05 Dec 2005 11:55:37
+0900
[IPVS] Ignore expired templates
* Give expired connections a nice short timeout.
3*HZ is arbitary, though it matches the timeout
that connections are given when they are created.
It certainly seems more appropriate than the current
60*HZ value.
* Mark expired connections with a new flag, IP_VS_CONN_F_EXPIRED.
Persistance templates with this flag will be ignored,
preventing them from being used again once they
have expired.
See:
http://archive.linuxvirtualserver.org/html/lvs-users/2005-11/msg00074.html
Signed-Off-By: Horms <horms@xxxxxxxxxxxx>
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 3b5559a..27f7701 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -85,6 +85,10 @@
#define IP_VS_CONN_F_SEQ_MASK 0x0600 /* in/out sequence mask */
#define IP_VS_CONN_F_NO_CPORT 0x0800 /* no client port set yet */
#define IP_VS_CONN_F_TEMPLATE 0x1000 /* template, not connection */
+#define IP_VS_CONN_F_EXPIRED 0x2000 /* expired, currently used to
+ mark old templates whose
+ controlled connections are
+ yet to expire */
/* Move it to better place one day, for now keep it unique */
#define NFC_IPVS_PROPERTY 0x10000
diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c
index f828fa2..33ad907 100644
--- a/net/ipv4/ipvs/ip_vs_conn.c
+++ b/net/ipv4/ipvs/ip_vs_conn.c
@@ -243,6 +243,7 @@ struct ip_vs_conn *ip_vs_ct_in_get
if (s_addr==cp->caddr && s_port==cp->cport &&
d_port==cp->vport && d_addr==cp->vaddr &&
cp->flags & IP_VS_CONN_F_TEMPLATE &&
+ ! cp->flags & IP_VS_CONN_F_EXPIRED &&
protocol==cp->protocol) {
/* HIT */
atomic_inc(&cp->refcnt);
@@ -525,7 +526,9 @@ static void ip_vs_conn_expire(unsigned l
{
struct ip_vs_conn *cp = (struct ip_vs_conn *)data;
- cp->timeout = 60*HZ;
+ cp->timeout = 3*HZ;
+ /* Only effects templates, but harmless for others */
+ cp->flags |= IP_VS_CONN_F_EXPIRED;
/*
* hey, I'm using it
|
