snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
0, def_slow;
- u32 tcp_closed_drops = 0;
def_slow = is_output_feature ? NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH :
NAT_NEXT_IN2OUT_ED_SLOW_PATH;
else
{
// session in transitory timeout, drop
- ++tcp_closed_drops;
b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TCP_CLOSED];
next0 = NAT_NEXT_DROP;
}
(f64) nat44_session_get_timeout (sm, s0);
if (now >= sess_timeout_time)
{
- // delete session
nat_free_session_data (sm, s0, thread_index, 0);
nat44_delete_session (sm, s0, thread_index);
-
- // session no longer exists, go slow path
+ // session is closed, go slow path
next0 = def_slow;
goto trace0;
}
s->per_user_list_head_index,
per_user_translation_list_elt - tsm->list_pool);
+ dlist_elt_t *global_lru_list_elt;
+ pool_get (tsm->global_lru_pool, global_lru_list_elt);
+ global_lru_list_elt->value = s - tsm->sessions;
+ s->global_lru_index = global_lru_list_elt - tsm->global_lru_pool;
+ clib_dlist_addtail (tsm->global_lru_pool, tsm->global_lru_head_index,
+ s->global_lru_index);
+ s->last_lru_update = now;
+
s->user_index = u - tsm->users;
vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
pool_elts (tsm->sessions));
nat_ed_session_alloc (snat_main_t * sm, snat_user_t * u, u32 thread_index,
f64 now)
{
- snat_session_t *s;
+ snat_session_t *s = NULL;
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
dlist_elt_t *oldest_elt;
return 0;
}
+ /* first try to reuse an expired session from this ip */
oldest_index =
clib_dlist_remove_head (tsm->list_pool,
u->sessions_per_user_list_head_index);
clib_dlist_addtail (tsm->list_pool,
u->sessions_per_user_list_head_index, oldest_index);
s = nat44_session_reuse_old (sm, u, s, thread_index, now);
+ s->last_lru_update = now;
}
else
{
- // alloc new session
clib_dlist_addhead (tsm->list_pool,
u->sessions_per_user_list_head_index, oldest_index);
- alloc_new:
+ s = NULL;
+ }
+
+alloc_new:
+ /* try to free an expired session from global LRU list */
+ if (!s)
+ {
+ oldest_index = clib_dlist_remove_head (tsm->global_lru_pool,
+ tsm->global_lru_head_index);
+ if (~0 != oldest_index)
+ {
+ oldest_elt = pool_elt_at_index (tsm->global_lru_pool, oldest_index);
+ s = pool_elt_at_index (tsm->sessions, oldest_elt->value);
+
+ sess_timeout_time =
+ s->last_heard + (f64) nat44_session_get_timeout (sm, s);
+ if (now >= sess_timeout_time
+ || (s->tcp_close_timestamp && now >= s->tcp_close_timestamp))
+ {
+ nat_free_session_data (sm, s, thread_index, 0);
+ nat44_ed_delete_session (sm, s, thread_index, 0);
+ }
+ else
+ {
+ clib_dlist_addhead (tsm->global_lru_pool,
+ tsm->global_lru_head_index, oldest_index);
+ }
+ s = NULL;
+ }
+ }
+ if (!s)
+ {
s = nat44_session_alloc_new (tsm, u, now);
vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
pool_elts (tsm->sessions));
pool_alloc (tsm->sessions, sm->max_translations);
pool_alloc (tsm->list_pool, sm->max_translations);
+ pool_alloc (tsm->global_lru_pool, sm->max_translations);
+
+ dlist_elt_t *head;
+ pool_get (tsm->global_lru_pool, head);
+ tsm->global_lru_head_index = head - tsm->global_lru_pool;
+ clib_dlist_init (tsm->global_lru_pool,
+ tsm->global_lru_head_index);
if (sm->endpoint_dependent)
{
u32 per_user_index;
u32 per_user_list_head_index;
+ /* index in global LRU list */
+ u32 global_lru_index;
+ f64 last_lru_update;
+
/* Last heard timer */
f64 last_heard;
/* Pool of doubly-linked list elements */
dlist_elt_t *list_pool;
+ /* LRU session list - head is stale, tail is fresh */
+ dlist_elt_t *global_lru_pool;
+ u32 global_lru_head_index;
+
/* NAT thread index */
u32 snat_thread_index;
s->per_user_list_head_index,
per_user_translation_list_elt - tsm->list_pool);
+ dlist_elt_t *lru_list_elt;
+ pool_get (tsm->global_lru_pool, lru_list_elt);
+ s->global_lru_index = lru_list_elt - tsm->global_lru_pool;
+ clib_dlist_addtail (tsm->global_lru_pool, tsm->global_lru_head_index,
+ s->global_lru_index);
+ lru_list_elt->value = s - tsm->sessions;
+ s->last_lru_update = now;
+
s->ha_last_refreshed = now;
return s;
}
clib_dlist_remove (tsm->list_pool, s->per_user_index);
pool_put_index (tsm->list_pool, s->per_user_index);
+ clib_dlist_remove (tsm->global_lru_pool, s->global_lru_index);
+ pool_put_index (tsm->global_lru_pool, s->global_lru_index);
pool_put (tsm->sessions, s);
vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
pool_elts (tsm->sessions));
}
always_inline void
-nat44_delete_session (snat_main_t * sm, snat_session_t * ses,
- u32 thread_index)
+nat44_delete_session_internal (snat_main_t * sm, snat_session_t * ses,
+ u32 thread_index, int global_lru_delete
+ /* delete from global LRU list */ )
{
snat_main_per_thread_data_t *tsm = vec_elt_at_index (sm->per_thread_data,
thread_index);
clib_dlist_remove (tsm->list_pool, ses->per_user_index);
pool_put_index (tsm->list_pool, ses->per_user_index);
+ if (global_lru_delete)
+ {
+ clib_dlist_remove (tsm->global_lru_pool, ses->global_lru_index);
+ }
+ pool_put_index (tsm->global_lru_pool, ses->global_lru_index);
pool_put (tsm->sessions, ses);
vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
pool_elts (tsm->sessions));
}
}
+always_inline void
+nat44_delete_session (snat_main_t * sm, snat_session_t * ses,
+ u32 thread_index)
+{
+ return nat44_delete_session_internal (sm, ses, thread_index, 1);
+}
+
+always_inline void
+nat44_ed_delete_session (snat_main_t * sm, snat_session_t * ses,
+ u32 thread_index, int global_lru_delete
+ /* delete from global LRU list */ )
+{
+ return nat44_delete_session_internal (sm, ses, thread_index,
+ global_lru_delete);
+}
+
/** \brief Set TCP session state.
@return 1 if session was closed, otherwise 0
*/
nat44_session_update_lru (snat_main_t * sm, snat_session_t * s,
u32 thread_index)
{
- clib_dlist_remove (sm->per_thread_data[thread_index].list_pool,
- s->per_user_index);
- clib_dlist_addtail (sm->per_thread_data[thread_index].list_pool,
- s->per_user_list_head_index, s->per_user_index);
+ /* don't update too often - timeout is in a magnitude of seconds anyway */
+ if (s->last_heard > s->last_lru_update + 1)
+ {
+ clib_dlist_remove (sm->per_thread_data[thread_index].list_pool,
+ s->per_user_index);
+ clib_dlist_addtail (sm->per_thread_data[thread_index].list_pool,
+ s->per_user_list_head_index, s->per_user_index);
+
+ clib_dlist_remove (sm->per_thread_data[thread_index].global_lru_pool,
+ s->global_lru_index);
+ clib_dlist_addtail (sm->per_thread_data[thread_index].global_lru_pool,
+ sm->
+ per_thread_data[thread_index].global_lru_head_index,
+ s->global_lru_index);
+ s->last_lru_update = s->last_heard;
+ }
}
always_inline void
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
0, fragments = 0;
- u32 tcp_closed_drops = 0;
stats_node_index = sm->ed_out2in_node_index;
{
// session in transitory timeout, drop
b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TCP_CLOSED];
- ++tcp_closed_drops;
next0 = NAT_NEXT_DROP;
}
goto trace0;
(f64) nat44_session_get_timeout (sm, s0);
if (now >= sess_timeout_time)
{
- // delete session
+ // session is closed, go slow path
nat_free_session_data (sm, s0, thread_index, 0);
nat44_delete_session (sm, s0, thread_index);
-
- // session no longer exists, go slow path
next0 = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
goto trace0;
}
Code Review / vpp.git / commitdiff