When having many xfrm interfaces, the linear lookup of devices based on if_id becomes costly.
The first patch refactors xfrmi_decode_session() to use the xi used in the netdevice priv context instead of looking it up in the list based on ifindex. This is needed in order to use if_id as the only key used for xi lookup. The second patch extends the existing infrastructure - which already stores the xfrmi contexts in an array of lists - to use a hash of the if_id. Example benchmarks: - running on a KVM based VM - xfrm tunnel mode between two namespaces - xfrm interface in one namespace (10.0.0.2) Before this change set: Single xfrm interface in namespace: $ netperf -H 10.0.0.2 -l8 -I95,10 -t TCP_STREAM MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.2 () port 0 AF_INET : +/-5.000% @ 95% conf. : demo Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 131072 16384 16384 8.00 298.36 After adding 400 xfrmi interfaces in the same namespace: $ netperf -H 10.0.0.2 -l8 -I95,10 -t TCP_STREAM MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.0.0.2 () port 0 AF_INET : +/-5.000% @ 95% conf. : demo Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 131072 16384 16384 8.00 221.77 After this patchset there was no observed change after adding the xfrmi interfaces. Eyal Birger (2): xfrm interface: avoid xi lookup in xfrmi_decode_session() xfrm interface: store xfrmi contexts in a hash by if_id net/xfrm/xfrm_interface.c | 52 +++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 19 deletions(-) -- 2.25.1
