Git Repo - linux.git/commit - net/xfrm/xfrm

author	Leon Romanovsky <[email protected]>
	Fri, 2 Dec 2022 18:41:32 +0000 (20:41 +0200)
committer	Steffen Klassert <[email protected]>
	Mon, 5 Dec 2022 09:37:33 +0000 (10:37 +0100)
commit	3c611d40c6923c81e6a83a67156cd30a9503c155
tree	535689219b595440932c512b1755aae2f8d3784a	tree \| snapshot
parent	5958372ddf628fe6f4c3e49425734ad32fcfb13c	commit \| diff

xfrm: speed-up lookup of HW policies

Devices that implement IPsec packet offload mode should offload SA and
policies too. In RX path, it causes to the situation that HW will always
have higher priority over any SW policies.

It means that we don't need to perform any search of inexact policies
and/or priority checks if HW policy was discovered. In such situation,
the HW will catch the packets anyway and HW can still implement inexact
lookups.

In case specific policy is not found, we will continue with packet lookup and
check for existence of HW policies in inexact list.

HW policies are added to the head of SPD to ensure fast lookup, as XFRM
iterates over all policies in the loop.

The same solution of adding HW SAs at the begging of the list is applied
to SA database too. However, we don't need to change lookups as they are
sorted by insertion order and not priority.

Signed-off-by: Leon Romanovsky <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>

net/xfrm/xfrm_policy.c		diff \| blob \| blame \| history
net/xfrm/xfrm_state.c		diff \| blob \| blame \| history