New commits:
commit ecd03b40c23d2d5c3b7dc5d795a6ba0a951d0da5
Author: Ilya Maximets <[email protected]>
Date: Wed Jan 15 14:17:53 2025 -0500
ipsecconf: move protoport parsing to set_whack_end
ttoprotoport() is using a very heavy getservbyname() underneath to
convert protocol names to port numbers. And this is done for every
connection being loaded. Move the logic down to set_whack_end(), so
the full validation is only done for connections we're about to add.
This significantly reduces the time required to load large config
files. For example, running 'addconn --cehckcinfig' on a file with
a 1000 connections with udp/geneve protoport takes 1.4 seconds without
this change and just 0.04 seconds with this change applied.
The downside is that addconn --checkconfig will no longer fully
validate the protocols, but it's already not validating many other
things, and it seems to be a general direction for moving validation
to a single centralized place, which is pluto.
Signed-off-by: Ilya Maximets <[email protected]>
Signed-off-by: Andrew Cagney <[email protected]>
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
