mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2024-06-26 14:12:23 +00:00
e55c304160
With lots of VMs updating, the firewall quit with:
2017-04-23 20:47:52 -00:00: INF [frameQ] Queue length for 10.137.3.11: incr to 474
2017-04-23 20:47:52 -00:00: INF [memory_pressure] Writing meminfo: free 2648 / 17504 kB (15.13 %)
[...]
Fatal error: out of memory.
The firewall will now drop frames when more than 10 are queued (note
that queuing only starts once the network driver's transmit buffer is
already full).
16 lines
649 B
OCaml
16 lines
649 B
OCaml
(* Copyright (C) 2016, Thomas Leonard <thomas.leonard@unikernel.com>
|
|
See the README file for details. *)
|
|
|
|
(** Keep track of the queue length for output buffers. *)
|
|
|
|
type t
|
|
|
|
val create : string -> t
|
|
(** [create name] is a new empty queue. [name] is used in log messages. *)
|
|
|
|
val send : t -> (unit -> unit Lwt.t) -> unit Lwt.t
|
|
(** [send t fn] checks that the queue isn't overloaded and calls [fn ()] if it's OK.
|
|
The item is considered to be queued until the result of [fn] has resolved.
|
|
In the case of mirage-net-xen's [writev], this happens when the frame has been
|
|
added to the ring (not when it is consumed), which is fine for us. *)
|