datapath-windows: Add an upper limit to conntrack entries

[mirror_ovs.git] / datapath-windows / ovsext / Conntrack.c

diff --git a/datapath-windows/ovsext/Conntrack.c b/datapath-windows/ovsext/Conntrack.c
index ce8c1c85e822c4aaa7304780d64a1aed2dae0616..8bcda05e2ae89a46a892eaf868af6859c7b295e6 100644 (file)
--- a/datapath-windows/ovsext/Conntrack.c
+++ b/datapath-windows/ovsext/Conntrack.c
@@ -722,6 +722,16 @@ OvsCtExecute_(OvsForwardingContext *fwdCtx,
         entry = NULL;
     }
 
+    if (!entry && commit && ctTotalEntries >= CT_MAX_ENTRIES) {
+        /* Don't proceed with processing if the max limit has been hit.
+         * This blocks only new entries from being created and doesn't
+         * affect existing connections.
+         */
+        NdisReleaseRWLock(ovsConntrackLockObj, &lockState);
+        OVS_LOG_ERROR("Conntrack Limit hit: %lu", ctTotalEntries);
+        return NDIS_STATUS_RESOURCES;
+    }
+
     if (!entry) {
         /* If no matching entry was found, create one and add New state */
         entry = OvsCtEntryCreate(fwdCtx, key->ipKey.nwProto,