Re: [PATCH v2] Optimize lookup of /0 xfrm policies

From: Steffen Klassert
Date: Mon Sep 03 2018 - 02:57:10 EST


On Fri, Aug 31, 2018 at 06:18:38PM -0400, Yannick Brosseau wrote:
> Currently, all the xfrm policies that are not /32 end up in
> the inexact policies linked list which take a long time to lookup.

It is possible to configure which policies are going to the
hashtable and the inexact list.

You can do:

ip x p set hthresh4 0 0

This sets the hash threshold to local /0 and remote /0 netmasks.
With this configuration, all policies should go to the hashtable.

To view the configuration:

ip -s -s x p count

Can you please do your tests with this too?
I'd really like to avoid to add new code to the policy lookup
if we can get similar results with this configuration option.