summaryrefslogtreecommitdiffstats
path: root/include/net/netns
diff options
context:
space:
mode:
authorFlorian Westphal2018-11-07 23:00:35 +0100
committerSteffen Klassert2018-11-09 11:57:47 +0100
commit24969facd704a5f0dd8e08da86bf32a9ce972bee (patch)
tree0fd9c9f33fa02911a99c350a85f490c375923e2e /include/net/netns
parentxfrm: policy: return NULL when inexact search needed (diff)
downloadkernel-qcow2-linux-24969facd704a5f0dd8e08da86bf32a9ce972bee.tar.gz
kernel-qcow2-linux-24969facd704a5f0dd8e08da86bf32a9ce972bee.tar.xz
kernel-qcow2-linux-24969facd704a5f0dd8e08da86bf32a9ce972bee.zip
xfrm: policy: store inexact policies in an rhashtable
Switch packet-path lookups for inexact policies to rhashtable. In this initial version, we now no longer need to search policies with non-matching address family and type. Next patch will add the if_id as well so lookups from the xfrm interface driver only need to search inexact policies for that device. Future patches will augment the hlist in each rhash bucket with a tree and pre-sort policies according to daddr/prefix. A single rhashtable is used. In order to avoid a full rhashtable walk on netns exit, the bins get placed on a pernet list, i.e. we add almost no cost for network namespaces that had no xfrm policies. The inexact lists are kept in place, and policies are added to both the per-rhash-inexact list and a pernet one. The latter is needed for the control plane to handle migrate -- these requests do not consider the if_id, so if we'd remove the inexact_list now we would have to search all hash buckets and then figure out which matching policy candidate is the most recent one -- this appears a bit harder than just keeping the 'old' inexact list for this purpose. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include/net/netns')
-rw-r--r--include/net/netns/xfrm.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
index 9991e5ef52cc..59f45b1e9dac 100644
--- a/include/net/netns/xfrm.h
+++ b/include/net/netns/xfrm.h
@@ -5,6 +5,7 @@
#include <linux/list.h>
#include <linux/wait.h>
#include <linux/workqueue.h>
+#include <linux/rhashtable-types.h>
#include <linux/xfrm.h>
#include <net/dst_ops.h>
@@ -53,6 +54,7 @@ struct netns_xfrm {
unsigned int policy_count[XFRM_POLICY_MAX * 2];
struct work_struct policy_hash_work;
struct xfrm_policy_hthresh policy_hthresh;
+ struct list_head inexact_bins;
struct sock *nlsk;