xfrm: cache bundles instead of policies for outgoing flows
__xfrm_lookup() is called for each packet transmitted out of system. The xfrm_find_bundle() does a linear search which can kill system performance depending on how many bundles are required per policy. This modifies __xfrm_lookup() to store bundles directly in the flow cache. If we did not get a hit, we just create a new bundle instead of doing slow search. This means that we can now get multiple xfrm_dst's for same flow (on per-cpu basis). Signed-off-by: Timo Teras <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Timo Teräs
committed by
David S. Miller
David S. Miller
parent
fe1a5f031e
commit
80c802f307
@@ -267,7 +267,6 @@ struct xfrm_policy_afinfo {
|
||||
xfrm_address_t *saddr,
|
||||
xfrm_address_t *daddr);
|
||||
int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr);
|
||||
struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
|
||||
void (*decode_session)(struct sk_buff *skb,
|
||||
struct flowi *fl,
|
||||
int reverse);
|
||||
@@ -483,13 +482,13 @@ struct xfrm_policy {
|
||||
struct timer_list timer;
|
||||
|
||||
struct flow_cache_object flo;
|
||||
atomic_t genid;
|
||||
u32 priority;
|
||||
u32 index;
|
||||
struct xfrm_mark mark;
|
||||
struct xfrm_selector selector;
|
||||
struct xfrm_lifetime_cfg lft;
|
||||
struct xfrm_lifetime_cur curlft;
|
||||
struct dst_entry *bundles;
|
||||
struct xfrm_policy_walk_entry walk;
|
||||
u8 type;
|
||||
u8 action;
|
||||
@@ -879,11 +878,15 @@ struct xfrm_dst {
|
||||
struct rt6_info rt6;
|
||||
} u;
|
||||
struct dst_entry *route;
|
||||
struct flow_cache_object flo;
|
||||
struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
|
||||
int num_pols, num_xfrms;
|
||||
#ifdef CONFIG_XFRM_SUB_POLICY
|
||||
struct flowi *origin;
|
||||
struct xfrm_selector *partner;
|
||||
#endif
|
||||
u32 genid;
|
||||
u32 xfrm_genid;
|
||||
u32 policy_genid;
|
||||
u32 route_mtu_cached;
|
||||
u32 child_mtu_cached;
|
||||
u32 route_cookie;
|
||||
@@ -893,6 +896,7 @@ struct xfrm_dst {
|
||||
#ifdef CONFIG_XFRM
|
||||
static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
|
||||
{
|
||||
xfrm_pols_put(xdst->pols, xdst->num_pols);
|
||||
dst_release(xdst->route);
|
||||
if (likely(xdst->u.dst.xfrm))
|
||||
xfrm_state_put(xdst->u.dst.xfrm);
|
||||
|
||||
Reference in New Issue
Block a user