|
I want the TCP connection removed from the table as quick as possible so
that next connection
with same CIP<---->DIP pair will be assigned to a different real server
providing a better load balancing(?)
Ok, we have to re-instate the state transition timer setting in proc-fs.
Since none of us developers has time to implement the per-app timer idea
forged by Julian, we should at least provide the means to instrument the
existing timeout values for defense mode and non-defense mode.
I'll see to it, Horms, if you are willing to apply this. It will be a
forward port of a patch I've sent previously (2.4.x version attached for
comments).
This will allow us to set sharp timeout transition values in proc-fs.
We've been using this patch for a while now and there are now issues
with it.
Best regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
diff -X dontdiff -Nur linux-2.4.32-orig/include/net/ip_vs.h
linux-2.4.32-pab2/include/net/ip_vs.h
--- linux-2.4.32-orig/include/net/ip_vs.h 2005-11-21 12:06:21 +0100
+++ linux-2.4.32-pab2/include/net/ip_vs.h 2006-01-25 11:11:23 +0100
@@ -309,34 +309,48 @@
/*
* IPVS sysctl variables under the /proc/sys/net/ipv4/vs/
*/
-#define NET_IPV4_VS 21
+#define NET_IPV4_VS 39
enum {
NET_IPV4_VS_DEBUG_LEVEL=1,
- NET_IPV4_VS_AMEMTHRESH=2,
- NET_IPV4_VS_AMDROPRATE=3,
- NET_IPV4_VS_DROP_ENTRY=4,
- NET_IPV4_VS_DROP_PACKET=5,
- NET_IPV4_VS_SECURE_TCP=6,
- NET_IPV4_VS_TO_ES=7,
- NET_IPV4_VS_TO_SS=8,
- NET_IPV4_VS_TO_SR=9,
- NET_IPV4_VS_TO_FW=10,
- NET_IPV4_VS_TO_TW=11,
- NET_IPV4_VS_TO_CL=12,
- NET_IPV4_VS_TO_CW=13,
- NET_IPV4_VS_TO_LA=14,
- NET_IPV4_VS_TO_LI=15,
- NET_IPV4_VS_TO_SA=16,
- NET_IPV4_VS_TO_UDP=17,
- NET_IPV4_VS_TO_ICMP=18,
- NET_IPV4_VS_LBLC_EXPIRE=19,
- NET_IPV4_VS_LBLCR_EXPIRE=20,
- NET_IPV4_VS_CACHE_BYPASS=22,
- NET_IPV4_VS_EXPIRE_NODEST_CONN=23,
- NET_IPV4_VS_SYNC_THRESHOLD=24,
- NET_IPV4_VS_NAT_ICMP_SEND=25,
- NET_IPV4_VS_EXPIRE_QUIESCENT_TEMPLATE=26,
+ NET_IPV4_VS_AMEMTHRESH,
+ NET_IPV4_VS_AMDROPRATE,
+ NET_IPV4_VS_DROP_ENTRY,
+ NET_IPV4_VS_DROP_PACKET,
+ NET_IPV4_VS_SECURE_TCP,
+ NET_IPV4_VS_TO_ES,
+ NET_IPV4_VS_TO_SS,
+ NET_IPV4_VS_TO_SR,
+ NET_IPV4_VS_TO_FW,
+ NET_IPV4_VS_TO_TW,
+ NET_IPV4_VS_TO_CL,
+ NET_IPV4_VS_TO_CW,
+ NET_IPV4_VS_TO_LA,
+ NET_IPV4_VS_TO_LI,
+ NET_IPV4_VS_TO_SA,
+ NET_IPV4_VS_TO_UDP,
+ NET_IPV4_VS_TO_ICMP,
+ NET_IPV4_VS_DOS_TO_ES,
+ NET_IPV4_VS_DOS_TO_SS,
+ NET_IPV4_VS_DOS_TO_SR,
+ NET_IPV4_VS_DOS_TO_FW,
+ NET_IPV4_VS_DOS_TO_TW,
+ NET_IPV4_VS_DOS_TO_CL,
+ NET_IPV4_VS_DOS_TO_CW,
+ NET_IPV4_VS_DOS_TO_LA,
+ NET_IPV4_VS_DOS_TO_LI,
+ NET_IPV4_VS_DOS_TO_SA,
+ NET_IPV4_VS_DOS_TO_UDP,
+ NET_IPV4_VS_DOS_TO_ICMP,
+ NET_IPV4_VS_LBLC_EXPIRE,
+ NET_IPV4_VS_LBLCR_EXPIRE,
+ NET_IPV4_VS_CACHE_BYPASS,
+ NET_IPV4_VS_EXPIRE_NODEST_CONN,
+ NET_IPV4_VS_SYNC_THRESHOLD,
+ NET_IPV4_VS_NAT_ICMP_SEND,
+ NET_IPV4_VS_THRESHOLD_FACTOR,
+ NET_IPV4_VS_ENABLE_THRESHOLD_FACTOR,
+ NET_IPV4_VS_EXPIRE_QUIESCENT_TEMPLATE,
NET_IPV4_VS_LAST
};
diff -X dontdiff -Nur linux-2.4.32-orig/net/ipv4/ipvs/ip_vs_ctl.c
linux-2.4.32-pab2/net/ipv4/ipvs/ip_vs_ctl.c
--- linux-2.4.32-orig/net/ipv4/ipvs/ip_vs_ctl.c 2005-11-21 12:06:21 +0100
+++ linux-2.4.32-pab2/net/ipv4/ipvs/ip_vs_ctl.c 2006-01-25 11:05:23 +0100
@@ -1427,39 +1442,75 @@
&sysctl_ip_vs_secure_tcp, sizeof(int), 0644, NULL,
&ip_vs_sysctl_defense_mode},
{NET_IPV4_VS_TO_ES, "timeout_established",
- &vs_timeout_table_dos.timeout[IP_VS_S_ESTABLISHED],
+ &vs_timeout_table.timeout[IP_VS_S_ESTABLISHED],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_SS, "timeout_synsent",
- &vs_timeout_table_dos.timeout[IP_VS_S_SYN_SENT],
+ &vs_timeout_table.timeout[IP_VS_S_SYN_SENT],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_SR, "timeout_synrecv",
- &vs_timeout_table_dos.timeout[IP_VS_S_SYN_RECV],
+ &vs_timeout_table.timeout[IP_VS_S_SYN_RECV],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_FW, "timeout_finwait",
- &vs_timeout_table_dos.timeout[IP_VS_S_FIN_WAIT],
+ &vs_timeout_table.timeout[IP_VS_S_FIN_WAIT],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_TW, "timeout_timewait",
- &vs_timeout_table_dos.timeout[IP_VS_S_TIME_WAIT],
+ &vs_timeout_table.timeout[IP_VS_S_TIME_WAIT],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_CL, "timeout_close",
- &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE],
+ &vs_timeout_table.timeout[IP_VS_S_CLOSE],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_CW, "timeout_closewait",
- &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE_WAIT],
+ &vs_timeout_table.timeout[IP_VS_S_CLOSE_WAIT],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_LA, "timeout_lastack",
- &vs_timeout_table_dos.timeout[IP_VS_S_LAST_ACK],
+ &vs_timeout_table.timeout[IP_VS_S_LAST_ACK],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_LI, "timeout_listen",
- &vs_timeout_table_dos.timeout[IP_VS_S_LISTEN],
+ &vs_timeout_table.timeout[IP_VS_S_LISTEN],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_SA, "timeout_synack",
- &vs_timeout_table_dos.timeout[IP_VS_S_SYNACK],
+ &vs_timeout_table.timeout[IP_VS_S_SYNACK],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_UDP, "timeout_udp",
- &vs_timeout_table_dos.timeout[IP_VS_S_UDP],
+ &vs_timeout_table.timeout[IP_VS_S_UDP],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_TO_ICMP, "timeout_icmp",
+ &vs_timeout_table.timeout[IP_VS_S_ICMP],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_ES, "dos_timeout_established",
+ &vs_timeout_table_dos.timeout[IP_VS_S_ESTABLISHED],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_SS, "dos_timeout_synsent",
+ &vs_timeout_table_dos.timeout[IP_VS_S_SYN_SENT],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_SR, "dos_timeout_synrecv",
+ &vs_timeout_table_dos.timeout[IP_VS_S_SYN_RECV],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_FW, "dos_timeout_finwait",
+ &vs_timeout_table_dos.timeout[IP_VS_S_FIN_WAIT],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_TW, "dos_timeout_timewait",
+ &vs_timeout_table_dos.timeout[IP_VS_S_TIME_WAIT],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_CL, "dos_timeout_close",
+ &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_CW, "dos_timeout_closewait",
+ &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE_WAIT],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_LA, "dos_timeout_lastack",
+ &vs_timeout_table_dos.timeout[IP_VS_S_LAST_ACK],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_LI, "dos_timeout_listen",
+ &vs_timeout_table_dos.timeout[IP_VS_S_LISTEN],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_SA, "dos_timeout_synack",
+ &vs_timeout_table_dos.timeout[IP_VS_S_SYNACK],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_UDP, "dos_timeout_udp",
+ &vs_timeout_table_dos.timeout[IP_VS_S_UDP],
+ sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
+ {NET_IPV4_VS_DOS_TO_ICMP, "dos_timeout_icmp",
&vs_timeout_table_dos.timeout[IP_VS_S_ICMP],
sizeof(int), 0644, NULL, &proc_dointvec_jiffies},
{NET_IPV4_VS_CACHE_BYPASS, "cache_bypass",
@@ -1474,6 +1525,12 @@
{NET_IPV4_VS_NAT_ICMP_SEND, "nat_icmp_send",
&sysctl_ip_vs_nat_icmp_send, sizeof(int), 0644, NULL,
&proc_dointvec},
+ {NET_IPV4_VS_THRESHOLD_FACTOR, "threshold_factor",
+ &sysctl_ip_vs_threshold_factor, sizeof(int), 0644, NULL,
+ &proc_dointvec},
+ {NET_IPV4_VS_ENABLE_THRESHOLD_FACTOR, "enable_threshold_factor",
+ &sysctl_ip_vs_enable_threshold_factor, sizeof(int), 0644, NULL,
+ &proc_dointvec},
{NET_IPV4_VS_EXPIRE_QUIESCENT_TEMPLATE, "expire_quiescent_template",
&sysctl_ip_vs_expire_quiescent_template, sizeof(int), 0644, NULL,
&proc_dointvec},
|
