2006-08-24 18:50:50 +07:00
|
|
|
#ifndef _XFRM_HASH_H
|
|
|
|
#define _XFRM_HASH_H
|
|
|
|
|
|
|
|
#include <linux/xfrm.h>
|
|
|
|
#include <linux/socket.h>
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
#include <linux/jhash.h>
|
2006-08-24 18:50:50 +07:00
|
|
|
|
2011-02-24 12:33:19 +07:00
|
|
|
static inline unsigned int __xfrm4_addr_hash(const xfrm_address_t *addr)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
|
|
|
return ntohl(addr->a4);
|
|
|
|
}
|
|
|
|
|
2011-02-24 12:33:19 +07:00
|
|
|
static inline unsigned int __xfrm6_addr_hash(const xfrm_address_t *addr)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
|
|
|
return ntohl(addr->a6[2] ^ addr->a6[3]);
|
|
|
|
}
|
|
|
|
|
2011-02-24 12:33:19 +07:00
|
|
|
static inline unsigned int __xfrm4_daddr_saddr_hash(const xfrm_address_t *daddr,
|
|
|
|
const xfrm_address_t *saddr)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
2010-04-21 09:06:52 +07:00
|
|
|
u32 sum = (__force u32)daddr->a4 + (__force u32)saddr->a4;
|
|
|
|
return ntohl((__force __be32)sum);
|
2006-08-24 18:50:50 +07:00
|
|
|
}
|
|
|
|
|
2011-02-24 12:33:19 +07:00
|
|
|
static inline unsigned int __xfrm6_daddr_saddr_hash(const xfrm_address_t *daddr,
|
|
|
|
const xfrm_address_t *saddr)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
|
|
|
return ntohl(daddr->a6[2] ^ daddr->a6[3] ^
|
|
|
|
saddr->a6[2] ^ saddr->a6[3]);
|
|
|
|
}
|
|
|
|
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
static inline u32 __bits2mask32(__u8 bits)
|
|
|
|
{
|
|
|
|
u32 mask32 = 0xffffffff;
|
|
|
|
|
|
|
|
if (bits == 0)
|
|
|
|
mask32 = 0;
|
|
|
|
else if (bits < 32)
|
|
|
|
mask32 <<= (32 - bits);
|
|
|
|
|
|
|
|
return mask32;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned int __xfrm4_dpref_spref_hash(const xfrm_address_t *daddr,
|
|
|
|
const xfrm_address_t *saddr,
|
|
|
|
__u8 dbits,
|
|
|
|
__u8 sbits)
|
|
|
|
{
|
|
|
|
return jhash_2words(ntohl(daddr->a4) & __bits2mask32(dbits),
|
|
|
|
ntohl(saddr->a4) & __bits2mask32(sbits),
|
|
|
|
0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned int __xfrm6_pref_hash(const xfrm_address_t *addr,
|
|
|
|
__u8 prefixlen)
|
|
|
|
{
|
2017-03-24 05:53:09 +07:00
|
|
|
unsigned int pdw;
|
|
|
|
unsigned int pbi;
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
u32 initval = 0;
|
|
|
|
|
|
|
|
pdw = prefixlen >> 5; /* num of whole u32 in prefix */
|
|
|
|
pbi = prefixlen & 0x1f; /* num of bits in incomplete u32 in prefix */
|
|
|
|
|
|
|
|
if (pbi) {
|
|
|
|
__be32 mask;
|
|
|
|
|
|
|
|
mask = htonl((0xffffffff) << (32 - pbi));
|
|
|
|
|
|
|
|
initval = (__force u32)(addr->a6[pdw] & mask);
|
|
|
|
}
|
|
|
|
|
|
|
|
return jhash2((__force u32 *)addr->a6, pdw, initval);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned int __xfrm6_dpref_spref_hash(const xfrm_address_t *daddr,
|
|
|
|
const xfrm_address_t *saddr,
|
|
|
|
__u8 dbits,
|
|
|
|
__u8 sbits)
|
|
|
|
{
|
|
|
|
return __xfrm6_pref_hash(daddr, dbits) ^
|
|
|
|
__xfrm6_pref_hash(saddr, sbits);
|
|
|
|
}
|
|
|
|
|
2011-02-24 12:33:19 +07:00
|
|
|
static inline unsigned int __xfrm_dst_hash(const xfrm_address_t *daddr,
|
|
|
|
const xfrm_address_t *saddr,
|
2006-08-24 18:50:50 +07:00
|
|
|
u32 reqid, unsigned short family,
|
|
|
|
unsigned int hmask)
|
|
|
|
{
|
|
|
|
unsigned int h = family ^ reqid;
|
|
|
|
switch (family) {
|
|
|
|
case AF_INET:
|
|
|
|
h ^= __xfrm4_daddr_saddr_hash(daddr, saddr);
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
h ^= __xfrm6_daddr_saddr_hash(daddr, saddr);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (h ^ (h >> 16)) & hmask;
|
|
|
|
}
|
|
|
|
|
2012-04-15 12:58:06 +07:00
|
|
|
static inline unsigned int __xfrm_src_hash(const xfrm_address_t *daddr,
|
|
|
|
const xfrm_address_t *saddr,
|
|
|
|
unsigned short family,
|
|
|
|
unsigned int hmask)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
|
|
|
unsigned int h = family;
|
|
|
|
switch (family) {
|
|
|
|
case AF_INET:
|
2006-10-04 05:56:09 +07:00
|
|
|
h ^= __xfrm4_daddr_saddr_hash(daddr, saddr);
|
2006-08-24 18:50:50 +07:00
|
|
|
break;
|
|
|
|
case AF_INET6:
|
2006-10-04 05:56:09 +07:00
|
|
|
h ^= __xfrm6_daddr_saddr_hash(daddr, saddr);
|
2006-08-24 18:50:50 +07:00
|
|
|
break;
|
2010-05-14 17:58:26 +07:00
|
|
|
}
|
2006-08-24 18:50:50 +07:00
|
|
|
return (h ^ (h >> 16)) & hmask;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned int
|
2011-02-24 12:33:19 +07:00
|
|
|
__xfrm_spi_hash(const xfrm_address_t *daddr, __be32 spi, u8 proto,
|
|
|
|
unsigned short family, unsigned int hmask)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
2006-09-28 08:49:35 +07:00
|
|
|
unsigned int h = (__force u32)spi ^ proto;
|
2006-08-24 18:50:50 +07:00
|
|
|
switch (family) {
|
|
|
|
case AF_INET:
|
|
|
|
h ^= __xfrm4_addr_hash(daddr);
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
h ^= __xfrm6_addr_hash(daddr);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (h ^ (h >> 10) ^ (h >> 20)) & hmask;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned int __idx_hash(u32 index, unsigned int hmask)
|
|
|
|
{
|
|
|
|
return (index ^ (index >> 8)) & hmask;
|
|
|
|
}
|
|
|
|
|
2011-02-24 12:33:19 +07:00
|
|
|
static inline unsigned int __sel_hash(const struct xfrm_selector *sel,
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
unsigned short family, unsigned int hmask,
|
|
|
|
u8 dbits, u8 sbits)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
2011-02-24 12:33:19 +07:00
|
|
|
const xfrm_address_t *daddr = &sel->daddr;
|
|
|
|
const xfrm_address_t *saddr = &sel->saddr;
|
2006-08-24 18:50:50 +07:00
|
|
|
unsigned int h = 0;
|
|
|
|
|
|
|
|
switch (family) {
|
|
|
|
case AF_INET:
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
if (sel->prefixlen_d < dbits ||
|
|
|
|
sel->prefixlen_s < sbits)
|
2006-08-24 18:50:50 +07:00
|
|
|
return hmask + 1;
|
|
|
|
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
h = __xfrm4_dpref_spref_hash(daddr, saddr, dbits, sbits);
|
2006-08-24 18:50:50 +07:00
|
|
|
break;
|
|
|
|
|
|
|
|
case AF_INET6:
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
if (sel->prefixlen_d < dbits ||
|
|
|
|
sel->prefixlen_s < sbits)
|
2006-08-24 18:50:50 +07:00
|
|
|
return hmask + 1;
|
|
|
|
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
h = __xfrm6_dpref_spref_hash(daddr, saddr, dbits, sbits);
|
2006-08-24 18:50:50 +07:00
|
|
|
break;
|
2010-05-14 17:58:26 +07:00
|
|
|
}
|
2006-08-24 18:50:50 +07:00
|
|
|
h ^= (h >> 16);
|
|
|
|
return h & hmask;
|
|
|
|
}
|
|
|
|
|
2011-02-24 12:33:19 +07:00
|
|
|
static inline unsigned int __addr_hash(const xfrm_address_t *daddr,
|
|
|
|
const xfrm_address_t *saddr,
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
unsigned short family,
|
|
|
|
unsigned int hmask,
|
|
|
|
u8 dbits, u8 sbits)
|
2006-08-24 18:50:50 +07:00
|
|
|
{
|
|
|
|
unsigned int h = 0;
|
|
|
|
|
|
|
|
switch (family) {
|
|
|
|
case AF_INET:
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
h = __xfrm4_dpref_spref_hash(daddr, saddr, dbits, sbits);
|
2006-08-24 18:50:50 +07:00
|
|
|
break;
|
|
|
|
|
|
|
|
case AF_INET6:
|
xfrm: hash prefixed policies based on preflen thresholds
The idea is an extension of the current policy hashing.
Today only non-prefixed policies are stored in a hash table. This
patch relaxes the constraints, and hashes policies whose prefix
lengths are greater or equal to a configurable threshold.
Each hash table (one per direction) maintains its own set of IPv4 and
IPv6 thresholds (dbits4, sbits4, dbits6, sbits6), by default (32, 32,
128, 128).
Example, if the output hash table is configured with values (16, 24,
56, 64):
ip xfrm policy add dir out src 10.22.0.0/20 dst 10.24.1.0/24 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.1.1/32 ... => hashed
ip xfrm policy add dir out src 10.22.0.0/16 dst 10.24.0.0/16 ... => unhashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/60 dst 3ffe:304:124:2401::/64 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2401::2/128 ... => hashed
ip xfrm policy add dir out \
src 3ffe:304:124:2200::/56 dst 3ffe:304:124:2400::/56 ... => unhashed
The high order bits of the addresses (up to the threshold) are used to
compute the hash key.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2014-08-29 21:16:04 +07:00
|
|
|
h = __xfrm6_dpref_spref_hash(daddr, saddr, dbits, sbits);
|
2006-08-24 18:50:50 +07:00
|
|
|
break;
|
2010-05-14 17:58:26 +07:00
|
|
|
}
|
2006-08-24 18:50:50 +07:00
|
|
|
h ^= (h >> 16);
|
|
|
|
return h & hmask;
|
|
|
|
}
|
|
|
|
|
2013-10-19 03:48:25 +07:00
|
|
|
struct hlist_head *xfrm_hash_alloc(unsigned int sz);
|
|
|
|
void xfrm_hash_free(struct hlist_head *n, unsigned int sz);
|
2006-08-24 18:50:50 +07:00
|
|
|
|
|
|
|
#endif /* _XFRM_HASH_H */
|