linux/net/xfrm
David S. Miller 2518c7c2b3 [XFRM]: Hash policies when non-prefixed.
This idea is from Alexey Kuznetsov.

It is common for policies to be non-prefixed.  And for
that case we can optimize lookups, insert, etc. quite
a bit.

For each direction, we have a dynamically sized policy
hash table for non-prefixed policies.  We also have a
hash table on policy->index.

For prefixed policies, we have a list per-direction which
we will consult on lookups when a non-prefix hashtable
lookup fails.

This still isn't as efficient as I would like it.  There
are four immediate problems:

1) Lots of excessive refcounting, which can be fixed just
   like xfrm_state was
2) We do 2 hash probes on insert, one to look for dups and
   one to allocate a unique policy->index.  Althought I wonder
   how much this matters since xfrm_state inserts do up to
   3 hash probes and that seems to perform fine.
3) xfrm_policy_insert() is very complex because of the priority
   ordering and entry replacement logic.
4) Lots of counter bumping, in addition to policy refcounts,
   in the form of xfrm_policy_count[].  This is merely used
   to let code path(s) know that some IPSEC rules exist.  So
   this count is indexed per-direction, maybe that is overkill.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-22 15:08:48 -07:00
..
Kconfig [XFRM] POLICY: Add Kconfig to support sub policy. 2006-09-22 15:08:33 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm_algo.c [CRYPTO] users: Use crypto_comp and crypto_has_* 2006-09-21 11:46:22 +10:00
xfrm_input.c [NET]: Fix "ntohl(ntohs" bugs 2006-05-22 16:53:22 -07:00
xfrm_policy.c [XFRM]: Hash policies when non-prefixed. 2006-09-22 15:08:48 -07:00
xfrm_state.c [XFRM]: Hash xfrm_state objects by source address too. 2006-09-22 15:08:47 -07:00
xfrm_user.c [XFRM] POLICY: Support netlink socket interface for sub policy. 2006-09-22 15:08:35 -07:00