diff options
| author |   Christophe Gouault <christophe.gouault@6wind.com> | 2014-08-29 16:16:04 +0200 |
|---|---|---|
| committer |   Steffen Klassert <steffen.klassert@secunet.com> | 2014-09-02 13:29:44 +0200 |
| commit | b58555f1767c9f4e330fcf168e4e753d2d9196e0 (patch) | |
| tree | 6c55753f5eac7e55e8af0cb2ee51c1096c30c04c /scripts | |
| parent | xfrm: remove useless hash_resize_mutex locks (diff) | |
| download | linux-dev-b58555f1767c9f4e330fcf168e4e753d2d9196e0.tar.xz linux-dev-b58555f1767c9f4e330fcf168e4e753d2d9196e0.zip | |
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions