mirror of
https://github.com/armbian/linux-cix.git
synced 2026-01-06 12:30:45 -08:00
xfrm: cache bundles instead of policies for outgoing flows
__xfrm_lookup() is called for each packet transmitted out of system. The xfrm_find_bundle() does a linear search which can kill system performance depending on how many bundles are required per policy. This modifies __xfrm_lookup() to store bundles directly in the flow cache. If we did not get a hit, we just create a new bundle instead of doing slow search. This means that we can now get multiple xfrm_dst's for same flow (on per-cpu basis). Signed-off-by: Timo Teras <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Timo Teräs
committed by
David S. Miller
David S. Miller
parent
fe1a5f031e
commit
80c802f307
@@ -267,7 +267,6 @@ struct xfrm_policy_afinfo {
|
||||
xfrm_address_t *saddr,
|
||||
xfrm_address_t *daddr);
|
||||
int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
|
||||
struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
|
||||
void (*decode_session)(struct sk_buff *skb,
|
||||
struct flowi *fl,
|
||||
int reverse);
|
||||
@@ -483,13 +482,13 @@ struct xfrm_policy {
|
||||
struct timer_list timer;
|
||||
|
||||
struct flow_cache_object flo;
|
||||
atomic_t genid;
|
||||
u32 priority;
|
||||
u32 index;
|
||||
struct xfrm_mark mark;
|
||||
struct xfrm_selector selector;
|
||||
struct xfrm_lifetime_cfg lft;
|
||||
struct xfrm_lifetime_cur curlft;
|
||||
struct dst_entry *bundles;
|
||||
struct xfrm_policy_walk_entry walk;
|
||||
u8 type;
|
||||
u8 action;
|
||||
@@ -879,11 +878,15 @@ struct xfrm_dst {
|
||||
struct rt6_info rt6;
|
||||
} u;
|
||||
struct dst_entry *route;
|
||||
struct flow_cache_object flo;
|
||||
struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
|
||||
int num_pols, num_xfrms;
|
||||
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||
struct flowi *origin;
|
||||
struct xfrm_selector *partner;
|
||||
#endif
|
||||
u32 genid;
|
||||
u32 xfrm_genid;
|
||||
u32 policy_genid;
|
||||
u32 route_mtu_cached;
|
||||
u32 child_mtu_cached;
|
||||
u32 route_cookie;
|
||||
@@ -893,6 +896,7 @@ struct xfrm_dst {
|
||||
#ifdef CONFIG_XFRM
|
||||
static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
|
||||
{
|
||||
xfrm_pols_put(xdst->pols, xdst->num_pols);
|
||||
dst_release(xdst->route);
|
||||
if (likely(xdst->u.dst.xfrm))
|
||||
xfrm_state_put(xdst->u.dst.xfrm);
|
||||
|
||||
@@ -59,27 +59,6 @@ static int xfrm4_get_saddr(struct net *net,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct dst_entry *
|
||||
__xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
|
||||
{
|
||||
struct dst_entry *dst;
|
||||
|
||||
read_lock_bh(&policy->lock);
|
||||
for (dst = policy->bundles; dst; dst = dst->next) {
|
||||
struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
|
||||
if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/
|
||||
xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
|
||||
xdst->u.rt.fl.fl4_src == fl->fl4_src &&
|
||||
xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
|
||||
xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) {
|
||||
dst_clone(dst);
|
||||
break;
|
||||
}
|
||||
}
|
||||
read_unlock_bh(&policy->lock);
|
||||
return dst;
|
||||
}
|
||||
|
||||
static int xfrm4_get_tos(struct flowi *fl)
|
||||
{
|
||||
return fl->fl4_tos;
|
||||
@@ -259,7 +238,6 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
|
||||
.dst_ops = &xfrm4_dst_ops,
|
||||
.dst_lookup = xfrm4_dst_lookup,
|
||||
.get_saddr = xfrm4_get_saddr,
|
||||
.find_bundle = __xfrm4_find_bundle,
|
||||
.decode_session = _decode_session4,
|
||||
.get_tos = xfrm4_get_tos,
|
||||
.init_path = xfrm4_init_path,
|
||||
|
||||
@@ -67,36 +67,6 @@ static int xfrm6_get_saddr(struct net *net,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct dst_entry *
|
||||
__xfrm6_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
|
||||
{
|
||||
struct dst_entry *dst;
|
||||
|
||||
/* Still not clear if we should set fl->fl6_{src,dst}... */
|
||||
read_lock_bh(&policy->lock);
|
||||
for (dst = policy->bundles; dst; dst = dst->next) {
|
||||
struct xfrm_dst *xdst = (struct xfrm_dst*)dst;
|
||||
struct in6_addr fl_dst_prefix, fl_src_prefix;
|
||||
|
||||
ipv6_addr_prefix(&fl_dst_prefix,
|
||||
&fl->fl6_dst,
|
||||
xdst->u.rt6.rt6i_dst.plen);
|
||||
ipv6_addr_prefix(&fl_src_prefix,
|
||||
&fl->fl6_src,
|
||||
xdst->u.rt6.rt6i_src.plen);
|
||||
if (ipv6_addr_equal(&xdst->u.rt6.rt6i_dst.addr, &fl_dst_prefix) &&
|
||||
ipv6_addr_equal(&xdst->u.rt6.rt6i_src.addr, &fl_src_prefix) &&
|
||||
xfrm_bundle_ok(policy, xdst, fl, AF_INET6,
|
||||
(xdst->u.rt6.rt6i_dst.plen != 128 ||
|
||||
xdst->u.rt6.rt6i_src.plen != 128))) {
|
||||
dst_clone(dst);
|
||||
break;
|
||||
}
|
||||
}
|
||||
read_unlock_bh(&policy->lock);
|
||||
return dst;
|
||||
}
|
||||
|
||||
static int xfrm6_get_tos(struct flowi *fl)
|
||||
{
|
||||
return 0;
|
||||
@@ -291,7 +261,6 @@ static struct xfrm_policy_afinfo xfrm6_policy_afinfo = {
|
||||
.dst_ops = &xfrm6_dst_ops,
|
||||
.dst_lookup = xfrm6_dst_lookup,
|
||||
.get_saddr = xfrm6_get_saddr,
|
||||
.find_bundle = __xfrm6_find_bundle,
|
||||
.decode_session = _decode_session6,
|
||||
.get_tos = xfrm6_get_tos,
|
||||
.init_path = xfrm6_init_path,
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user