diff options
author | Timo Teräs <timo.teras@iki.fi> | 2010-04-06 20:30:05 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-04-07 06:43:19 -0400 |
commit | 80c802f3073e84c956846e921e8a0b02dfa3755f (patch) | |
tree | 895dc92dcf6b658d78838e0a23db3dd29c8be695 /include/net/xfrm.h | |
parent | fe1a5f031e76bd8761a7803d75b95ee96e84a574 (diff) |
xfrm: cache bundles instead of policies for outgoing flows
__xfrm_lookup() is called for each packet transmitted out of
system. The xfrm_find_bundle() does a linear search which can
kill system performance depending on how many bundles are
required per policy.
This modifies __xfrm_lookup() to store bundles directly in
the flow cache. If we did not get a hit, we just create a new
bundle instead of doing slow search. This means that we can now
get multiple xfrm_dst's for same flow (on per-cpu basis).
Signed-off-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r-- | include/net/xfrm.h | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 35396e2dd1dc..625dd61ccbba 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -267,7 +267,6 @@ struct xfrm_policy_afinfo { | |||
267 | xfrm_address_t *saddr, | 267 | xfrm_address_t *saddr, |
268 | xfrm_address_t *daddr); | 268 | xfrm_address_t *daddr); |
269 | int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr); | 269 | int (*get_saddr)(struct net *net, xfrm_address_t *saddr, xfrm_address_t *daddr); |
270 | struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy); | ||
271 | void (*decode_session)(struct sk_buff *skb, | 270 | void (*decode_session)(struct sk_buff *skb, |
272 | struct flowi *fl, | 271 | struct flowi *fl, |
273 | int reverse); | 272 | int reverse); |
@@ -483,13 +482,13 @@ struct xfrm_policy { | |||
483 | struct timer_list timer; | 482 | struct timer_list timer; |
484 | 483 | ||
485 | struct flow_cache_object flo; | 484 | struct flow_cache_object flo; |
485 | atomic_t genid; | ||
486 | u32 priority; | 486 | u32 priority; |
487 | u32 index; | 487 | u32 index; |
488 | struct xfrm_mark mark; | 488 | struct xfrm_mark mark; |
489 | struct xfrm_selector selector; | 489 | struct xfrm_selector selector; |
490 | struct xfrm_lifetime_cfg lft; | 490 | struct xfrm_lifetime_cfg lft; |
491 | struct xfrm_lifetime_cur curlft; | 491 | struct xfrm_lifetime_cur curlft; |
492 | struct dst_entry *bundles; | ||
493 | struct xfrm_policy_walk_entry walk; | 492 | struct xfrm_policy_walk_entry walk; |
494 | u8 type; | 493 | u8 type; |
495 | u8 action; | 494 | u8 action; |
@@ -879,11 +878,15 @@ struct xfrm_dst { | |||
879 | struct rt6_info rt6; | 878 | struct rt6_info rt6; |
880 | } u; | 879 | } u; |
881 | struct dst_entry *route; | 880 | struct dst_entry *route; |
881 | struct flow_cache_object flo; | ||
882 | struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX]; | ||
883 | int num_pols, num_xfrms; | ||
882 | #ifdef CONFIG_XFRM_SUB_POLICY | 884 | #ifdef CONFIG_XFRM_SUB_POLICY |
883 | struct flowi *origin; | 885 | struct flowi *origin; |
884 | struct xfrm_selector *partner; | 886 | struct xfrm_selector *partner; |
885 | #endif | 887 | #endif |
886 | u32 genid; | 888 | u32 xfrm_genid; |
889 | u32 policy_genid; | ||
887 | u32 route_mtu_cached; | 890 | u32 route_mtu_cached; |
888 | u32 child_mtu_cached; | 891 | u32 child_mtu_cached; |
889 | u32 route_cookie; | 892 | u32 route_cookie; |
@@ -893,6 +896,7 @@ struct xfrm_dst { | |||
893 | #ifdef CONFIG_XFRM | 896 | #ifdef CONFIG_XFRM |
894 | static inline void xfrm_dst_destroy(struct xfrm_dst *xdst) | 897 | static inline void xfrm_dst_destroy(struct xfrm_dst *xdst) |
895 | { | 898 | { |
899 | xfrm_pols_put(xdst->pols, xdst->num_pols); | ||
896 | dst_release(xdst->route); | 900 | dst_release(xdst->route); |
897 | if (likely(xdst->u.dst.xfrm)) | 901 | if (likely(xdst->u.dst.xfrm)) |
898 | xfrm_state_put(xdst->u.dst.xfrm); | 902 | xfrm_state_put(xdst->u.dst.xfrm); |