Module Name:    src
Committed By:   ozaki-r
Date:           Thu Aug 10 06:11:24 UTC 2017

Modified Files:
        src/sys/netipsec: ipsec.c ipsec.h ipsec_output.c

Log Message:
Add per-CPU rtcache to ipsec_reinject_ipstack

It reduces route lookups and also reduces rtcache lock contentions
when NET_MPSAFE is enabled.


To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.58 -r1.59 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.59 -r1.60 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.117 src/sys/netipsec/ipsec.c:1.118
--- src/sys/netipsec/ipsec.c:1.117	Mon Aug  7 03:18:32 2017
+++ src/sys/netipsec/ipsec.c	Thu Aug 10 06:11:24 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.117 2017/08/07 03:18:32 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.118 2017/08/10 06:11:24 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.117 2017/08/07 03:18:32 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.118 2017/08/10 06:11:24 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -2387,6 +2387,8 @@ void
 ipsec_attach(void)
 {
 
+	ipsec_output_init();
+
 	ipsecstat_percpu = percpu_alloc(sizeof(uint64_t) * IPSEC_NSTATS);
 
 	sysctl_net_inet_ipsec_setup(NULL);

Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.58 src/sys/netipsec/ipsec.h:1.59
--- src/sys/netipsec/ipsec.h:1.58	Wed Aug  2 01:28:03 2017
+++ src/sys/netipsec/ipsec.h	Thu Aug 10 06:11:24 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.h,v 1.58 2017/08/02 01:28:03 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.h,v 1.59 2017/08/10 06:11:24 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $	*/
 
@@ -334,6 +334,7 @@ void ipsec_dumpmbuf (struct mbuf *);
 void *esp4_ctlinput(int, const struct sockaddr *, void *);
 void *ah4_ctlinput(int, const struct sockaddr *, void *);
 
+void ipsec_output_init(void);
 struct m_tag;
 void ipsec4_common_input(struct mbuf *m, ...);
 int ipsec4_common_input_cb(struct mbuf *, struct secasvar *,

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.59 src/sys/netipsec/ipsec_output.c:1.60
--- src/sys/netipsec/ipsec_output.c:1.59	Thu Aug 10 06:08:59 2017
+++ src/sys/netipsec/ipsec_output.c	Thu Aug 10 06:11:24 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.59 2017/08/10 06:08:59 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.60 2017/08/10 06:11:24 ozaki-r Exp $	*/
 
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.59 2017/08/10 06:08:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.60 2017/08/10 06:11:24 ozaki-r Exp $");
 
 /*
  * IPsec output processing.
@@ -86,6 +86,7 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_output
 
 #include <net/net_osdep.h>		/* ovbcopy() in ipsec6_encapsulate() */
 
+static percpu_t *ipsec_rtcache_percpu __cacheline_aligned;
 
 /*
  * Add a IPSEC_OUT_DONE tag to mark that we have finished the ipsec processing
@@ -112,16 +113,18 @@ static int
 ipsec_reinject_ipstack(struct mbuf *m, int af)
 {
 	int rv = -1;
+	struct route *ro;
 
 	KASSERT(af == AF_INET || af == AF_INET6);
 
 #ifndef NET_MPSAFE
 	KERNEL_LOCK(1, NULL);
 #endif
+	ro = percpu_getref(ipsec_rtcache_percpu);
 	switch (af) {
 #ifdef INET
 	case AF_INET:
-		rv = ip_output(m, NULL, NULL, IP_RAWOUTPUT|IP_NOIPNEWID,
+		rv = ip_output(m, NULL, ro, IP_RAWOUTPUT|IP_NOIPNEWID,
 		    NULL, NULL);
 		break;
 #endif
@@ -131,10 +134,11 @@ ipsec_reinject_ipstack(struct mbuf *m, i
 		 * We don't need massage, IPv6 header fields are always in
 		 * net endian.
 		 */
-		rv = ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL);
+		rv = ip6_output(m, NULL, ro, 0, NULL, NULL, NULL);
 		break;
 #endif
 	}
+	percpu_putref(ipsec_rtcache_percpu);
 #ifndef NET_MPSAFE
 	KERNEL_UNLOCK_ONE(NULL);
 #endif
@@ -795,3 +799,10 @@ bad:
 	return error;
 }
 #endif /*INET6*/
+
+void
+ipsec_output_init(void)
+{
+
+	ipsec_rtcache_percpu = percpu_alloc(sizeof(struct route));
+}

Reply via email to