-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Be more proactive at removing stale sessions
The maximum number of sessions is set to limit total resources that netipmid is allowed to use. But it also opens a door to DoS attacks that would use up all the sessions and then never close them. This new mechanism will allow extra sessions, especially if they are short and active. As the number of sessions grows beyond the desired maximum, the reaping time becomes shorter and shorter to ensure that only actual active sessions are kept. This introduces a variable max idle time that starts at 60s, according to the IPMI spec, for up to the desired maximum number of sessions per channel (currently 15). Beyond 15 sessions, The idle time is reduced proportionally to the inverse^3 of the number of sessions beyond the desired maximum. Some sample maximum idle times for active sessions this new scheme: Idle time for up to 15 sessions stays at 60s Idle time for 16 sessions is reduced to 7.5s Idle time for 20 sessions is reduced to 277ms Idle time for 24 sessions is reduced to 60ms For sessions in setup, the idle times are calculated the same as for active sessions, but use the full session count (active and setup) and are limited to a maximum idle time of 3 seconds. One other feature added is to schedule session cleaning when a Close Session command is received. Without this, sessions that are in the shutDownPending state would live on for much longer than needed. Really, the session only needs to live long enough to prepare the response message, but curretly there is no mechanism to remove just that one session from that context. Tested: Open lots of sessions and wait for them to get reaped $ for ((i=0; i<16; i++)); do \ ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW sensor list & \ done $ for ((i=0; i<10; i++)); do \ ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW mc info & \ done In this case, the first 16 sessions will open just fine, but with a slightly shorted idle time (no problems). The next ten sessions may or may not all get to open, because the number of setup sessions open simultaneously will severely limit the idle time of the setup sessions, causing some of them to fail to fully open. Change-Id: Iae2e68c7192f3f5a2cafa8e825aa025454405c84 Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
- Loading branch information
Showing
5 changed files
with
113 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters