Flow timeout timing/v16.1 #12313
Draft
Flow timeout timing/v16.1 #12313
+219
−134
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #12313 +/- ##
=======================================
Coverage 83.26% 83.26%
=======================================
Files 912 912
Lines 257643 257693 +50
=======================================
+ Hits 214521 214577 +56
+ Misses 43122 43116 -6
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: ERROR: QA failed on SURI_TLPW2_autofp_suri_time.
Pipeline 24036 |
When a thread fails to spawn, include the thread name in the error message.
No longer init then deinit part of the engine at startup of the unix socket mode.
Timeout checks would access certain fields w/o locking, which could lead to thread safety issues.
Can be used to log when the tcp session reuse logic triggers.
Rename to be consistent with other naming: STREAM_PKT_FLAG_TCP_PORT_REUSE -> STREAM_PKT_FLAG_TCP_SESSION_REUSE
Use a more precise calculation for timing out flows, using both the seconds and the micro seconds. Ticket: OISF#7455.
The flow worker needs to get the opportunity to run the flow update before globally making it's current timestamp available. This is to avoid another thread using the time to evict the flow that is about to get a legitimate update. Ticket: OISF#7455.
If a thread doesn't receive packets for a while the packet timestamp will no longer be used to determine a reasonable minimum timestamp for flow timeout handling. To avoid issues with the minimum timestamp to be set a bit too aggressively, increase the time a thread can be inactive.
Flow Manager skips rows based on a minimized tracker that tracks the next second at which the first flow may time out. If seconds match a flow can still be timing out.
When timing out flows, use the timestamp from the "owning" thread. This avoids problems with threads being out of sync with each other. Ticket: OISF#7455.
As this may mean that a threads ts is a bit ahead of the minimum time the flow manager normally uses, it can evict flows a bit faster. Ticket: OISF#7455.
Until now many accesses to the Thread structure required taking a global lock, leading to performance issues. In practice this only happened in offline mode. This patch adds a finer grained locking scheme. It assumes that the Thread object itself cannot disappear, and adds a spinlock to protect updates to the structure. Additionally, the `pktts` field is made an atomic, so that it can be read w/o taking the spinlock. Updates to it are still done under lock.
The idea of sealing the thread store is that its members can be accessed w/o holding a lock to the whole store at runtime.
Since `Thread` objects are part of a big allocation, more than one Thread could be on a single cache line, leading to false sharing. Atomic updates to one `Thread` could then lead to poor performance accessing another `Thread`. Align to CLS (cache line size) to avoid this.
Some checks can be done w/o holding a lock: - seeing if the flow matches the packet - if the hash row needs a timeout check This patch skips taking a lock in these conditions.
Explain meaning of `ts` in flow managers main loop.
victorjulien
force-pushed
the
flow-timeout-timing/v16.1
branch
from
acefd1d to
98ad048
Compare
|
Information: ERROR: QA failed on SURI_TLPW2_autofp_suri_time.
Pipeline 24044 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
More precise flow timeout enforcement.
Cleans up unix socket initialization.
SV_BRANCH=OISF/suricata-verify#2203
Replaces #12278:
Tried to improve commits and a bunch of comments in the code to make it easier to follow what is changes.
Also reorganized the commits a bit.
https://redmine.openinfosecfoundation.org/issues/7455