diff options
author | Xiaoming Jiang <jiangxiaoming@outlook.com> | 2023-04-26 11:58:25 +0000 |
---|---|---|
committer | Fan Zhang <fanzhang.oss@gmail.com> | 2023-09-12 12:42:56 +0000 |
commit | 7a726586655854773e7e9f816508e139ea3e0477 (patch) | |
tree | 62008d16c2a8105e349b25d72b2a9942d571f37a /src/vnet/ipsec/ipsec_spd_policy.c | |
parent | 139aba204780f6cc2845b311820a0b4c47517d02 (diff) |
ipsec: improve fast path policy searching performance
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib8bb300f5b62648f6b634046415742bdf5365982
Diffstat (limited to 'src/vnet/ipsec/ipsec_spd_policy.c')
-rw-r--r-- | src/vnet/ipsec/ipsec_spd_policy.c | 46 |
1 files changed, 30 insertions, 16 deletions
diff --git a/src/vnet/ipsec/ipsec_spd_policy.c b/src/vnet/ipsec/ipsec_spd_policy.c index 6a66a2de269..08acad2b291 100644 --- a/src/vnet/ipsec/ipsec_spd_policy.c +++ b/src/vnet/ipsec/ipsec_spd_policy.c @@ -617,17 +617,24 @@ ipsec_fp_ip4_add_policy (ipsec_main_t *im, ipsec_spd_fp_t *fp_spd, } else { + u32 i; + u32 *old_fp_policies_ids = result_val->fp_policies_ids; - if (vec_max_len (result_val->fp_policies_ids) != - vec_len (result_val->fp_policies_ids)) + vec_foreach_index (i, result_val->fp_policies_ids) { - /* no need to resize */ - vec_add1 (result_val->fp_policies_ids, policy_index); + ipsec_policy_t *p = + pool_elt_at_index (im->policies, result_val->fp_policies_ids[i]); + + if (p->priority <= policy->priority) + { + break; + } } - else - { - vec_add1 (result_val->fp_policies_ids, policy_index); + vec_insert_elts (result_val->fp_policies_ids, &policy_index, 1, i); + + if (result_val->fp_policies_ids != old_fp_policies_ids) + { res = clib_bihash_add_del_16_8 (bihash_table, &result, 1); if (res != 0) @@ -721,17 +728,24 @@ ipsec_fp_ip6_add_policy (ipsec_main_t *im, ipsec_spd_fp_t *fp_spd, } else { + u32 i; + u32 *old_fp_policies_ids = result_val->fp_policies_ids; - if (vec_max_len (result_val->fp_policies_ids) != - vec_len (result_val->fp_policies_ids)) + vec_foreach_index (i, result_val->fp_policies_ids) { - /* no need to resize */ - vec_add1 (result_val->fp_policies_ids, policy_index); + ipsec_policy_t *p = + pool_elt_at_index (im->policies, result_val->fp_policies_ids[i]); + + if (p->priority <= policy->priority) + { + break; + } } - else - { - vec_add1 (result_val->fp_policies_ids, policy_index); + vec_insert_elts (result_val->fp_policies_ids, &policy_index, 1, i); + + if (result_val->fp_policies_ids != old_fp_policies_ids) + { res = clib_bihash_add_del_40_8 (bihash_table, &result, 1); if (res != 0) @@ -806,7 +820,7 @@ ipsec_fp_ip6_del_policy (ipsec_main_t *im, ipsec_spd_fp_t *fp_spd, clib_bihash_add_del_40_8 (bihash_table, &result, 0); } else - vec_del1 (result_val->fp_policies_ids, ii); + vec_delete (result_val->fp_policies_ids, 1, ii); vec_foreach_index (imt, fp_spd->fp_mask_ids[policy->type]) { @@ -870,7 +884,7 @@ ipsec_fp_ip4_del_policy (ipsec_main_t *im, ipsec_spd_fp_t *fp_spd, clib_bihash_add_del_16_8 (bihash_table, &result, 0); } else - vec_del1 (result_val->fp_policies_ids, ii); + vec_delete (result_val->fp_policies_ids, 1, ii); vec_foreach_index (imt, fp_spd->fp_mask_ids[policy->type]) { |