提交 baf5d743 编写于 作者: J Jamal Hadi Salim 提交者: David S. Miller

[XFRM] Optimize policy dumping

This change optimizes the dumping of Security policies.

1) Before this change ..
speedopolis:~# time ./ip xf pol

real    0m22.274s
user    0m0.000s
sys     0m22.269s

2) Turn off sub-policies

speedopolis:~# ./ip xf pol

real    0m13.496s
user    0m0.000s
sys     0m13.493s

i suppose the above is to be expected

3) With this change ..
speedopolis:~# time ./ip x policy

real    0m7.901s
user    0m0.008s
sys     0m7.896s
上级 1b6651f1
...@@ -860,33 +860,12 @@ EXPORT_SYMBOL(xfrm_policy_flush); ...@@ -860,33 +860,12 @@ EXPORT_SYMBOL(xfrm_policy_flush);
int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*), int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*),
void *data) void *data)
{ {
struct xfrm_policy *pol; struct xfrm_policy *pol, *last = NULL;
struct hlist_node *entry; struct hlist_node *entry;
int dir, count, error; int dir, last_dir = 0, count, error;
read_lock_bh(&xfrm_policy_lock); read_lock_bh(&xfrm_policy_lock);
count = 0; count = 0;
for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) {
struct hlist_head *table = xfrm_policy_bydst[dir].table;
int i;
hlist_for_each_entry(pol, entry,
&xfrm_policy_inexact[dir], bydst) {
if (pol->type == type)
count++;
}
for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
hlist_for_each_entry(pol, entry, table + i, bydst) {
if (pol->type == type)
count++;
}
}
}
if (count == 0) {
error = -ENOENT;
goto out;
}
for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) { for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) {
struct hlist_head *table = xfrm_policy_bydst[dir].table; struct hlist_head *table = xfrm_policy_bydst[dir].table;
...@@ -896,21 +875,37 @@ int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*) ...@@ -896,21 +875,37 @@ int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*)
&xfrm_policy_inexact[dir], bydst) { &xfrm_policy_inexact[dir], bydst) {
if (pol->type != type) if (pol->type != type)
continue; continue;
error = func(pol, dir % XFRM_POLICY_MAX, --count, data); if (last) {
if (error) error = func(last, last_dir % XFRM_POLICY_MAX,
goto out; count, data);
if (error)
goto out;
}
last = pol;
last_dir = dir;
count++;
} }
for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) { for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
hlist_for_each_entry(pol, entry, table + i, bydst) { hlist_for_each_entry(pol, entry, table + i, bydst) {
if (pol->type != type) if (pol->type != type)
continue; continue;
error = func(pol, dir % XFRM_POLICY_MAX, --count, data); if (last) {
if (error) error = func(last, last_dir % XFRM_POLICY_MAX,
goto out; count, data);
if (error)
goto out;
}
last = pol;
last_dir = dir;
count++;
} }
} }
} }
error = 0; if (count == 0) {
error = -ENOENT;
goto out;
}
error = func(last, last_dir % XFRM_POLICY_MAX, 0, data);
out: out:
read_unlock_bh(&xfrm_policy_lock); read_unlock_bh(&xfrm_policy_lock);
return error; return error;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册