I've got a (hopefully) interesting problem with locking in VPP. I need to add some cleanup code to my IPTFS additions to ipsec. Basically I have some per-SA queues that I need to cleanup when an SA is deleted.
- ipsec only deletes it's SAs when its "fib_node" locks reach zero. - I hoping this means that ipsec will only be deleting the SA after the FIB has stopped injecting packets "along" this SA path (i.e., it's removed prior to the final unlock/deref). - I'm being called back by ipsec during the SA deletion. - I have queues (one RX for reordering, one TX for aggregation and subsequent output) associated with the SA, both containing locks, that need to be emptied and freed. - These queues are being used in multiple worker threads in various graph nodes in parallel. What I think this means is that when my "SA deleted" callback is called, no *new* packets will be delivered on the SA path. Good so far. What I'm concerned with is the packets that may currently be "in-flight" in the graph, as these will have the SA associated with them, and thus my code may try and use the per SA queues which I'm now trying to delete. There's a somewhat clunky solution involving global locks prior to and after using an SA in each node, tracking it's validity (which has it's own issues), freeing when no longer in use etc.. but this would introduce global locking in the packet path which I'm loathe to do. What I'd really like is if there was something like this: - packet ingress to SA fib node, fib node lock count increment. - packet completes it's journey through the VPP graph (or at least my part of it) and decrements that fib node lock count. - when the SA should be deleted it removes it's fib node from the fib, thus preventing new packets entering the graph then unlocks. - the SA is either immediately deleted (no packets in flight), or deleted when the last packet completes it's graph traversal. I could do something like this inside my own nodes (my first node is point B), but then there's still the race between when the fib node is used to inject the packet to the next node in the graph (point A) and that packet arriving at my first IPTFS node (point B), when the SA deletion could occur. Maybe i could modify the fib code to do this at point A. I haven't looked closely at the fib code yet. Anyway I suspect this has been thought about before, and maybe there's even a solution already present in VPP, so I wanted to ask. :) Thanks, Chris.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15534): https://lists.fd.io/g/vpp-dev/message/15534 Mute This Topic: https://lists.fd.io/mt/71544411/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
