summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/esp_decrypt.c
diff options
context:
space:
mode:
authorJon Loeliger <jdl@netgate.com>2022-08-16 14:05:18 -0500
committerMatthew Smith <mgsmith@netgate.com>2022-08-18 15:23:51 +0000
commit07c42c0eea2d7ad3081f10df62f9502219301a6e (patch)
treec148f92bf8c19d35164592bf84f8173a5bb2da15 /src/vnet/ipsec/esp_decrypt.c
parent635930f5bb2090d258fc284a5da8e63159c1a5dd (diff)
nat: Replace port refcounts with simple bitvectors
Previously, each address maintained an array of 32-bit reference counts for each of 65K possible ports for each of 4 NAT protocols. Totalling 1MB per address. Wow. A close read of the code shows that an "is used" check precedes each attempted reference count increment. That means the refcount never actually gets above 1. That in turn means algorithmically, a bit vector is sufficient. And one need not be allocated for more than the highest validated port referenced. These changes introduce a dynamically sized bit vector replacing the reference counts, for a maximum of 32K if all 4 protocols use port 65535. In fact, protocol OTHER is never used, so at most 24K will be used, and none of it will be "statically" allocated per address. Type: fix Fixes: 85bee7548bc5a360851d92807dae6d4159b68314 Change-Id: I7fd70050e7bf4871692a862231f8f38cf0158132 Signed-off-by: Jon Loeliger <jdl@netgate.com>
Diffstat (limited to 'src/vnet/ipsec/esp_decrypt.c')
0 files changed, 0 insertions, 0 deletions