diff options
author | Xiaoming Jiang <jiangxiaoming@outlook.com> | 2022-10-08 02:40:45 +0000 |
---|---|---|
committer | Fan Zhang <fanzhang.oss@gmail.com> | 2022-11-21 15:33:21 +0000 |
commit | e479eae29a33a7bff7eb875d82760d60326a73cb (patch) | |
tree | bf6008b861360b18d3b6d026cc03791d8fd29d12 /src/vnet/ipsec | |
parent | dfd169816e4d63fa2f586bbad5820eb80f483733 (diff) |
ipsec: improve ipsec policy adding performance
Type: improvement
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/ipsec_spd_policy.c | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/src/vnet/ipsec/ipsec_spd_policy.c b/src/vnet/ipsec/ipsec_spd_policy.c index 5261621b64a..d5310a61cbd 100644 --- a/src/vnet/ipsec/ipsec_spd_policy.c +++ b/src/vnet/ipsec/ipsec_spd_policy.c @@ -24,22 +24,6 @@ vlib_combined_counter_main_t ipsec_spd_policy_counters = { .stat_segment_name = "/net/ipsec/policy", }; -static int -ipsec_spd_entry_sort (void *a1, void *a2) -{ - ipsec_main_t *im = &ipsec_main; - u32 *id1 = a1; - u32 *id2 = a2; - ipsec_policy_t *p1, *p2; - - p1 = pool_elt_at_index (im->policies, *id1); - p2 = pool_elt_at_index (im->policies, *id2); - if (p1 && p2) - return p2->priority - p1->priority; - - return 0; -} - int ipsec_policy_mk_type (bool is_outbound, bool is_ipv6, @@ -189,6 +173,7 @@ ipsec_add_del_policy (vlib_main_t * vm, if (is_add) { u32 policy_index; + u32 i; if (policy->policy == IPSEC_POLICY_ACTION_PROTECT) { @@ -216,9 +201,20 @@ ipsec_add_del_policy (vlib_main_t * vm, vlib_validate_combined_counter (&ipsec_spd_policy_counters, policy_index); vlib_zero_combined_counter (&ipsec_spd_policy_counters, policy_index); - vec_add1 (spd->policies[policy->type], policy_index); - vec_sort_with_function (spd->policies[policy->type], - ipsec_spd_entry_sort); + + vec_foreach_index (i, spd->policies[policy->type]) + { + ipsec_policy_t *p = + pool_elt_at_index (im->policies, spd->policies[policy->type][i]); + + if (p->priority <= vp->priority) + { + break; + } + } + + vec_insert_elts (spd->policies[policy->type], &policy_index, 1, i); + *stat_index = policy_index; } else |