[ Jamal, you saw the first 5 patches already, the rest is new
stuff. ]
These patches against the net-2.6 GIT tree try to address some
serious IPSEC SA insert/delete performance problems noticed
by Jamal.
1) Use dynamic hash table sizing for the xfrm_state lookup
tables.
2) Do not walk all policies and flush bundles on xfrm_state
changes, instead:
a) On delete, just allow pending references to deleted
xfrm_state objects to be handled by policy GC and
xfrm_dst_check() which runs on every use of a cached
xfrm dst route
b) On insert, find xfrm_state objects that might alias with
the one we are about to insert. For all such aliases,
update their generation cound which will force
xfrm_bundle_ok() (and thus xfrm_dst_check) to consider
the route stale, forcing a relookup.
Patches forthcoming.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
