xfrm: speed-up lookup of HW policies
Devices that implement IPsec packet offload mode should offload SA and policies too. In RX path, it causes to the situation that HW will always have higher priority over any SW policies. It means that we don't need to perform any search of inexact policies and/or priority checks if HW policy was discovered. In such situation, the HW will catch the packets anyway and HW can still implement inexact lookups. In case specific policy is not found, we will continue with packet lookup and check for existence of HW policies in inexact list. HW policies are added to the head of SPD to ensure fast lookup, as XFRM iterates over all policies in the loop. The same solution of adding HW SAs at the begging of the list is applied to SA database too. However, we don't need to change lookups as they are sorted by insertion order and not priority. Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Leon Romanovsky
committed by
Steffen Klassert
Steffen Klassert
parent
5958372ddf
commit
3c611d40c6
@ -536,7 +536,7 @@ redo:
|
||||
__get_hash_thresh(net, pol->family, dir, &dbits, &sbits);
|
||||
h = __addr_hash(&pol->selector.daddr, &pol->selector.saddr,
|
||||
pol->family, nhashmask, dbits, sbits);
|
||||
if (!entry0) {
|
||||
if (!entry0 || pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
|
||||
hlist_del_rcu(&pol->bydst);
|
||||
hlist_add_head_rcu(&pol->bydst, ndsttable + h);
|
||||
h0 = h;
|
||||
@ -867,7 +867,7 @@ static void xfrm_policy_inexact_list_reinsert(struct net *net,
|
||||
break;
|
||||
}
|
||||
|
||||
if (newpos)
|
||||
if (newpos && policy->xdo.type != XFRM_DEV_OFFLOAD_PACKET)
|
||||
hlist_add_behind_rcu(&policy->bydst, newpos);
|
||||
else
|
||||
hlist_add_head_rcu(&policy->bydst, &n->hhead);
|
||||
@ -1348,7 +1348,7 @@ static void xfrm_hash_rebuild(struct work_struct *work)
|
||||
else
|
||||
break;
|
||||
}
|
||||
if (newpos)
|
||||
if (newpos && policy->xdo.type != XFRM_DEV_OFFLOAD_PACKET)
|
||||
hlist_add_behind_rcu(&policy->bydst, newpos);
|
||||
else
|
||||
hlist_add_head_rcu(&policy->bydst, chain);
|
||||
@ -1525,7 +1525,7 @@ static void xfrm_policy_insert_inexact_list(struct hlist_head *chain,
|
||||
break;
|
||||
}
|
||||
|
||||
if (newpos)
|
||||
if (newpos && policy->xdo.type != XFRM_DEV_OFFLOAD_PACKET)
|
||||
hlist_add_behind_rcu(&policy->bydst_inexact_list, newpos);
|
||||
else
|
||||
hlist_add_head_rcu(&policy->bydst_inexact_list, chain);
|
||||
@ -1562,9 +1562,12 @@ static struct xfrm_policy *xfrm_policy_insert_list(struct hlist_head *chain,
|
||||
break;
|
||||
}
|
||||
|
||||
if (newpos)
|
||||
if (newpos && policy->xdo.type != XFRM_DEV_OFFLOAD_PACKET)
|
||||
hlist_add_behind_rcu(&policy->bydst, &newpos->bydst);
|
||||
else
|
||||
/* Packet offload policies enter to the head
|
||||
* to speed-up lookups.
|
||||
*/
|
||||
hlist_add_head_rcu(&policy->bydst, chain);
|
||||
|
||||
return delpol;
|
||||
@ -2181,6 +2184,9 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ret && ret->xdo.type == XFRM_DEV_OFFLOAD_PACKET)
|
||||
goto skip_inexact;
|
||||
|
||||
bin = xfrm_policy_inexact_lookup_rcu(net, type, family, dir, if_id);
|
||||
if (!bin || !xfrm_policy_find_inexact_candidates(&cand, bin, saddr,
|
||||
daddr))
|
||||
|
||||
Reference in New Issue
Block a user