diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2018-05-24 16:53:27 +0200 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2018-05-26 16:56:02 +0000 |
commit | a34c08c8c5a505e55178a9a8ef5391224d5460a5 (patch) | |
tree | 961461e2a4261dcea81b21e2eddfb026c3d01b8e /gmod | |
parent | c6f186b23d00685b3e9f132ba79a5cb44f0a44c0 (diff) |
acl-plugin: create forward and return sessions in lieu of making a special per-packet session key
Using a separate session key has proven to be tricky for the following reasons:
- it's a lot of storage to have what looks to be nearly identical to 5tuple,
just maybe with some fields swapped
- shuffling the fields from 5tuple adds to memory pressure
- the fact that the fields do not coincide with the packet memory
means for any staged processing we need to use up a lot of memory
Thus, just add two entries into the bihash table pointing to
the same session entry, so we could match the packets from either
direction.
With this we have the key layout of L3 info (which takes up
the majority of space for IPv6 case) the same as in the packet,
thus, opening up the possibility for other optimizations.
Not having to create and store a separate session key
should also give us a small performance win in itself.
Also, add the routine to show the session bihash in a better
way than a bunch of numbers.
Alas, the memory usage in the bihash obviously doubles.
Change-Id: I8fd2ed4714ad7fc447c4fa224d209bc0b736b371
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'gmod')
0 files changed, 0 insertions, 0 deletions