| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zs2Ua9JwHvjDWpXP@gauss3.secunet.de> Date: Tue, 27 Aug 2024 10:55:07 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Florian Westphal <fw@...len.de> CC: <netdev@...r.kernel.org>, <herbert@...dor.apana.org.au>, <noel@...ilie-kuntze.de>, <tobias@...ongswan.org> Subject: Re: [PATCH ipsec-next 0/4] xfrm: speed up policy insertions On Thu, Aug 22, 2024 at 03:04:28PM +0200, Florian Westphal wrote: > Policy insertions do not scale well, due to both a lienar list walk > to find the insertion spot and another list walk to set the 'pos' value > (a tie-breaker to detect which policy is older when there is ambiguity > as to which one should be matched). > > First patch gets rid of the second list walk on insert. > Rest of the patches get rid of the insertion walk. > > This list walk was only needed because when I moved the policy db > implementation to rbtree I retained the old insertion method for the > sake of XFRM_MIGRATE. > > Switching that to tree-based lookup avoids the need for the full > list search. > > After this, insertion of a policy is largely independent of the number > of pre-existing policies as long as they do not share the same source/ > destination networks. > > Note that this is compile tested only as I did not find any > tests for XFRM_MIGRATE. > > Florian Westphal (4): > selftests: add xfrm policy insertion speed test script > xfrm: policy: don't iterate inexact policies twice at insert time > xfrm: switch migrate to xfrm_policy_lookup_bytype > xfrm: policy: remove remaining use of inexact list Applied, thanks a lot Florian!
Powered by blists - more mailing lists