From e479eae29a33a7bff7eb875d82760d60326a73cb Mon Sep 17 00:00:00 2001 From: Xiaoming Jiang Date: Sat, 8 Oct 2022 02:40:45 +0000 Subject: ipsec: improve ipsec policy adding performance Type: improvement Signed-off-by: jiangxiaoming Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761 --- src/vnet/ipsec/ipsec_spd_policy.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/src/vnet/ipsec/ipsec_spd_policy.c b/src/vnet/ipsec/ipsec_spd_policy.c index 5261621b64a..d5310a61cbd 100644 --- a/src/vnet/ipsec/ipsec_spd_policy.c +++ b/src/vnet/ipsec/ipsec_spd_policy.c @@ -24,22 +24,6 @@ vlib_combined_counter_main_t ipsec_spd_policy_counters = { .stat_segment_name = "/net/ipsec/policy", }; -static int -ipsec_spd_entry_sort (void *a1, void *a2) -{ - ipsec_main_t *im = &ipsec_main; - u32 *id1 = a1; - u32 *id2 = a2; - ipsec_policy_t *p1, *p2; - - p1 = pool_elt_at_index (im->policies, *id1); - p2 = pool_elt_at_index (im->policies, *id2); - if (p1 && p2) - return p2->priority - p1->priority; - - return 0; -} - int ipsec_policy_mk_type (bool is_outbound, bool is_ipv6, @@ -189,6 +173,7 @@ ipsec_add_del_policy (vlib_main_t * vm, if (is_add) { u32 policy_index; + u32 i; if (policy->policy == IPSEC_POLICY_ACTION_PROTECT) { @@ -216,9 +201,20 @@ ipsec_add_del_policy (vlib_main_t * vm, vlib_validate_combined_counter (&ipsec_spd_policy_counters, policy_index); vlib_zero_combined_counter (&ipsec_spd_policy_counters, policy_index); - vec_add1 (spd->policies[policy->type], policy_index); - vec_sort_with_function (spd->policies[policy->type], - ipsec_spd_entry_sort); + + vec_foreach_index (i, spd->policies[policy->type]) + { + ipsec_policy_t *p = + pool_elt_at_index (im->policies, spd->policies[policy->type][i]); + + if (p->priority <= vp->priority) + { + break; + } + } + + vec_insert_elts (spd->policies[policy->type], &policy_index, 1, i); + *stat_index = policy_index; } else -- cgit 1.2.3-korg