[XFRM] Optimize policy dumping
This change optimizes the dumping of Security policies. 1) Before this change .. speedopolis:~# time ./ip xf pol real 0m22.274s user 0m0.000s sys 0m22.269s 2) Turn off sub-policies speedopolis:~# ./ip xf pol real 0m13.496s user 0m0.000s sys 0m13.493s i suppose the above is to be expected 3) With this change .. speedopolis:~# time ./ip x policy real 0m7.901s user 0m0.008s sys 0m7.896s
This commit is contained in:
parent
1b6651f1bf
commit
baf5d743d1
1 changed files with 25 additions and 30 deletions
|
@ -860,33 +860,12 @@ EXPORT_SYMBOL(xfrm_policy_flush);
|
|||
int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*),
|
||||
void *data)
|
||||
{
|
||||
struct xfrm_policy *pol;
|
||||
struct xfrm_policy *pol, *last = NULL;
|
||||
struct hlist_node *entry;
|
||||
int dir, count, error;
|
||||
int dir, last_dir = 0, count, error;
|
||||
|
||||
read_lock_bh(&xfrm_policy_lock);
|
||||
count = 0;
|
||||
for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) {
|
||||
struct hlist_head *table = xfrm_policy_bydst[dir].table;
|
||||
int i;
|
||||
|
||||
hlist_for_each_entry(pol, entry,
|
||||
&xfrm_policy_inexact[dir], bydst) {
|
||||
if (pol->type == type)
|
||||
count++;
|
||||
}
|
||||
for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
|
||||
hlist_for_each_entry(pol, entry, table + i, bydst) {
|
||||
if (pol->type == type)
|
||||
count++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (count == 0) {
|
||||
error = -ENOENT;
|
||||
goto out;
|
||||
}
|
||||
|
||||
for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) {
|
||||
struct hlist_head *table = xfrm_policy_bydst[dir].table;
|
||||
|
@ -896,21 +875,37 @@ int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*)
|
|||
&xfrm_policy_inexact[dir], bydst) {
|
||||
if (pol->type != type)
|
||||
continue;
|
||||
error = func(pol, dir % XFRM_POLICY_MAX, --count, data);
|
||||
if (error)
|
||||
goto out;
|
||||
if (last) {
|
||||
error = func(last, last_dir % XFRM_POLICY_MAX,
|
||||
count, data);
|
||||
if (error)
|
||||
goto out;
|
||||
}
|
||||
last = pol;
|
||||
last_dir = dir;
|
||||
count++;
|
||||
}
|
||||
for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
|
||||
hlist_for_each_entry(pol, entry, table + i, bydst) {
|
||||
if (pol->type != type)
|
||||
continue;
|
||||
error = func(pol, dir % XFRM_POLICY_MAX, --count, data);
|
||||
if (error)
|
||||
goto out;
|
||||
if (last) {
|
||||
error = func(last, last_dir % XFRM_POLICY_MAX,
|
||||
count, data);
|
||||
if (error)
|
||||
goto out;
|
||||
}
|
||||
last = pol;
|
||||
last_dir = dir;
|
||||
count++;
|
||||
}
|
||||
}
|
||||
}
|
||||
error = 0;
|
||||
if (count == 0) {
|
||||
error = -ENOENT;
|
||||
goto out;
|
||||
}
|
||||
error = func(last, last_dir % XFRM_POLICY_MAX, 0, data);
|
||||
out:
|
||||
read_unlock_bh(&xfrm_policy_lock);
|
||||
return error;
|
||||
|
|
Loading…
Reference in a new issue