• Florian Westphal's avatar
    xfrm: policy: store inexact policies in an rhashtable · 24969fac
    Florian Westphal authored
    Switch packet-path lookups for inexact policies to rhashtable.
    
    In this initial version, we now no longer need to search policies with
    non-matching address family and type.
    
    Next patch will add the if_id as well so lookups from the xfrm interface
    driver only need to search inexact policies for that device.
    
    Future patches will augment the hlist in each rhash bucket with a tree
    and pre-sort policies according to daddr/prefix.
    
    A single rhashtable is used.  In order to avoid a full rhashtable walk on
    netns exit, the bins get placed on a pernet list, i.e. we add almost no
    cost for network namespaces that had no xfrm policies.
    
    The inexact lists are kept in place, and policies are added to both the
    per-rhash-inexact list and a pernet one.
    
    The latter is needed for the control plane to handle migrate -- these
    requests do not consider the if_id, so if we'd remove the inexact_list
    now we would have to search all hash buckets and then figure
    out which matching policy candidate is the most recent one -- this appears
    a bit harder than just keeping the 'old' inexact list for this purpose.
    Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
    Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
    24969fac
xfrm_policy.c 84.3 KB