From owner-svn-src-projects@freebsd.org  Sun Nov 20 10:23:06 2016
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68B9AC4A274
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Sun, 20 Nov 2016 10:23:06 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2698D14AC;
 Sun, 20 Nov 2016 10:23:06 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uAKAN5sh005767;
 Sun, 20 Nov 2016 10:23:05 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id uAKAN5t2005766;
 Sun, 20 Nov 2016 10:23:05 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201611201023.uAKAN5t2005766@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
 using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Sun, 20 Nov 2016 10:23:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r308878 - projects/ipsec/sys/netipsec
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Nov 2016 10:23:06 -0000

Author: ae
Date: Sun Nov 20 10:23:05 2016
New Revision: 308878
URL: https://svnweb.freebsd.org/changeset/base/308878

Log:
  Add hash table for lookup security policy by SP id.

Modified:
  projects/ipsec/sys/netipsec/key.c

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c	Sun Nov 20 10:01:21 2016	(r308877)
+++ projects/ipsec/sys/netipsec/key.c	Sun Nov 20 10:23:05 2016	(r308878)
@@ -42,6 +42,7 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
+#include <sys/fnv_hash.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
 #include <sys/mbuf.h>
@@ -93,7 +94,6 @@
 #endif
 
 #include <netipsec/xform.h>
-
 #include <machine/stdarg.h>
 
 /* randomness */
@@ -141,8 +141,10 @@ static VNET_DEFINE(int, key_preferred_ol
 static VNET_DEFINE(u_int32_t, acq_seq) = 0;
 #define	V_acq_seq		VNET(acq_seq)
 
-								/* SPD */
-static VNET_DEFINE(TAILQ_HEAD(_sptree, secpolicy), sptree[IPSEC_DIR_MAX]);
+/* SPD */
+TAILQ_HEAD(secpolicy_queue, secpolicy);
+LIST_HEAD(secpolicy_list, secpolicy);
+static VNET_DEFINE(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]);
 static struct rmlock sptree_lock;
 #define	V_sptree		VNET(sptree)
 #define	SPTREE_LOCK_INIT()      rm_init(&sptree_lock, "sptree")
@@ -156,6 +158,17 @@ static struct rmlock sptree_lock;
 #define	SPTREE_WLOCK_ASSERT()   rm_assert(&sptree_lock, RA_WLOCKED)
 #define	SPTREE_UNLOCK_ASSERT()  rm_assert(&sptree_lock, RA_UNLOCKED)
 
+/* Hash table for lookup SP using unique id */
+static VNET_DEFINE(struct secpolicy_list *, sphashtbl);
+static VNET_DEFINE(u_long, sphash_mask);
+#define	V_sphashtbl		VNET(sphashtbl)
+#define	V_sphash_mask		VNET(sphash_mask)
+
+#define	SPHASH_NHASH_LOG2	7
+#define	SPHASH_NHASH		(1 << SPHASH_NHASH_LOG2)
+#define	SPHASH_HASHVAL(id)	(key_u32hash(id) & V_sphash_mask)
+#define	SPHASH_HASH(id)		&V_sphashtbl[SPHASH_HASHVAL(id)]
+
 static VNET_DEFINE(LIST_HEAD(_sahtree, secashead), sahtree);	/* SAD */
 #define	V_sahtree		VNET(sahtree)
 static struct mtx sahtree_lock;
@@ -167,6 +180,13 @@ static struct mtx sahtree_lock;
 #define	SAHTREE_UNLOCK()	mtx_unlock(&sahtree_lock)
 #define	SAHTREE_LOCK_ASSERT()	mtx_assert(&sahtree_lock, MA_OWNED)
 
+static uint32_t
+key_u32hash(uint32_t val)
+{
+
+	return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT));
+}
+
 							/* registed list */
 static VNET_DEFINE(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]);
 #define	V_regtree		VNET(regtree)
@@ -7676,6 +7696,7 @@ key_init(void)
 		TAILQ_INIT(&V_sptree[i]);
 
 	LIST_INIT(&V_sahtree);
+	V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask);
 
 	for (i = 0; i <= SADB_SATYPE_MAX; i++)
 		LIST_INIT(&V_regtree[i]);
@@ -7708,7 +7729,7 @@ key_init(void)
 void
 key_destroy(void)
 {
-	TAILQ_HEAD(, secpolicy) drainq;
+	struct secpolicy_queue drainq;
 	struct secpolicy *sp, *nextsp;
 	struct secacq *acq, *nextacq;
 	struct secspacq *spacq, *nextspacq;
@@ -7739,6 +7760,8 @@ key_destroy(void)
 	}
 	SAHTREE_UNLOCK();
 
+	hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask);
+
 	REGTREE_LOCK();
 	for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 		LIST_FOREACH(reg, &V_regtree[i], chain) {