|
Horms <horms@xxxxxxxxxxxx> wrote:
> Julian Anastasov <ja@xxxxxx> wrote:
>>
>> Hello,
>>
>> On Sat, 3 Dec 2005, Horms wrote:
>>
>>> > periods are not happy. It means that we give another 30mins to
>>> > the SSL client to create other connections in same session, not
>>> > 10 or 60 seconds.
>>>
>>> Yes, I'm concerned that giving 10 or 60 seconds would be the wrong
>>> thing to do. Are you sure that there is no way to invalidate the
>>> template at this point, that way we could give it a very short time out,
>>> and not worry that would affect any future connection handling.
>>
>> We don't have the right to invalidate the template for all
>> users, it breaks sessions.
>
>> For me the logic is same: the packets
>> extend the connection life with 15mins while the connections extend the
>> session life with user-defined persistence timeout.
>
> Ok, I've had a bit more of a think about this problem.
> It seems to me that the real desire is that once a persistance
> template expires, it shouldn't be used any more. It might
> have to hang around for a bit because of controlled connections,
> but it shouldn't be used for new connections.
>
> With this in mind a propose the following, which perhaps should be split
> into separate patches for inclusion by DaveM and the gang. I'll
> worry about that if there is agreement about this idea.
>
> 2.4 version to follow.
>
> commit 1f09f78e9e9746204a9e6aa982b297861620842d
> tree b850959a5dd114091e969860c7e8043138232585
> parent 4b50b2bd5023fffeaddfcc2c834b33f2a4cdf48d
> author Horms <horms@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Mon, 05 Dec 2005 11:55:37
> +0900
> committer Horms <horms@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Mon, 05 Dec 2005 11:55:37
> +0900
The git info above is just for my local tree, probably best ignored by all.
2.4 version as advertised.
[IPVS, 2.4] Ignore expired templates and cleanup expiry
* Backport 2.6's behaviour to delete timers rather than
seting their expriy to 0 in ip_vs_conn_expire_now().
* Give expired connections a nice short timeout.
3*HZ is arbitary, though it matches the timeout
that connections are given when they are created.
* Mark expired connections with a new flag, IP_VS_CONN_F_EXPIRED.
Persistance templates with this flag will be ignored,
preventing them from being used again once they
have expired.
See:
http://archive.linuxvirtualserver.org/html/lvs-users/2005-11/msg00074.html
The backport portion could be a separate patch, but its so closely
related to the rest of the code it seems to make sense to put
the changes together.
Signed-Off-By: Horms <horms@xxxxxxxxxxxx>
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index ba304fa..ab16dbc 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -83,6 +83,10 @@
#define IP_VS_CONN_F_SEQ_MASK 0x0600 /* in/out sequence mask */
#define IP_VS_CONN_F_NO_CPORT 0x0800 /* no client port set yet */
#define IP_VS_CONN_F_TEMPLATE 0x1000 /* template, not connection */
+#define IP_VS_CONN_F_EXPIRED 0x2000 /* expired, currently used to
+ mark old templates whose
+ controlled connections are
+ yet to expire */
/* Move it to better place one day, for now keep it unique */
#define NFC_IPVS_PROPERTY 0x10000
diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c
index 015c819..ea3f778 100644
--- a/net/ipv4/ipvs/ip_vs_conn.c
+++ b/net/ipv4/ipvs/ip_vs_conn.c
@@ -257,6 +257,7 @@ struct ip_vs_conn *ip_vs_ct_in_get
if (s_addr==cp->caddr && s_port==cp->cport &&
d_port==cp->vport && d_addr==cp->vaddr &&
cp->flags & IP_VS_CONN_F_TEMPLATE &&
+ ! cp->flags & IP_VS_CONN_F_EXPIRED &&
protocol==cp->protocol) {
/* HIT */
atomic_inc(&cp->refcnt);
@@ -1221,10 +1222,9 @@ static void ip_vs_conn_expire(unsigned l
{
struct ip_vs_conn *cp = (struct ip_vs_conn *)data;
- if (cp->timeout_table)
- cp->timeout = cp->timeout_table->timeout[IP_VS_S_TIME_WAIT];
- else
- cp->timeout = vs_timeout_table.timeout[IP_VS_S_TIME_WAIT];
+ cp->timeout = 3*HZ;
+ /* Only effects templates, but harmless for others */
+ cp->flags |= IP_VS_CONN_F_EXPIRED;
/*
* hey, I'm using it
@@ -1280,8 +1280,8 @@ static void ip_vs_conn_expire(unsigned l
void ip_vs_conn_expire_now(struct ip_vs_conn *cp)
{
- cp->timeout = 0;
- mod_timer(&cp->timer, jiffies);
+ if (del_timer(&cp->timer))
+ mod_timer(&cp->timer, jiffies);
}
/*
|
