Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f81ff04 authored Jul 18, 2017 by David S. Miller

Merge branch 'xfrm-remove-flow-cache'



Florian Westphal says:

====================
xfrm: remove flow cache

After RCU-ification of ipsec packet path there are no major scalability
issues anymore without flow cache.

We still incur a performance hit, which comes mostly from the extra xfrm
dst allocation/freeing.
The last patch in the series adds a simple percpu cache to avoid the
extra allocation if a packet matched the same policies as last one.

The main concern with this is that we will see performance drops,
especially with large numbers of policies/SAs.

However, during hallway discussions at nfws 2017 it seemed the issues
with flow caching outweight the removal downsides, and that it
might be best to just 'remove it' and see where the practical issues
(if any) will appear.

It should now be possible to also remove the genid member in the policies
as we don't hold bundles for prolonged time anymore, but I think
this change is controversial (and intrusive) enough as-is, so defer
that to a later point in time.

Changes since last rfc:

- fix build failures due to implicit interrupt.h includes
- rework last patch (pcpu cache):
 * avoid xchg()
 * check policies for walk.dead = 1 instead of more costly bundle_ok().
 * flush pcpu bundles when sa/policies get removed, to allow module
   references to go away (suggested by Ilan Tayari)
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

parents 6ddb4fdf ec30d78c

Documentation/networking/ip-sysctl.txt

+2 −4

Original line number	Diff line number	Diff line
		@@ -1291,8 +1291,7 @@ tag - INTEGER
		xfrm4_gc_thresh - INTEGER
		The threshold at which we will start garbage collecting for IPv4
		destination cache entries. At twice this value the system will
		refuse new allocations. The value must be set below the flowcache
		limit (4096 * number of online cpus) to take effect.
		refuse new allocations.

		igmp_link_local_mcast_reports - BOOLEAN
		Enable IGMP reports for link local multicast groups in the
		@@ -1778,8 +1777,7 @@ ratelimit - INTEGER
		xfrm6_gc_thresh - INTEGER
		The threshold at which we will start garbage collecting for IPv6
		destination cache entries. At twice this value the system will
		refuse new allocations. The value must be set below the flowcache
		limit (4096 * number of online cpus) to take effect.
		refuse new allocations.


		IPv6 Update by:

drivers/net/arcnet/arcdevice.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -20,7 +20,7 @@
		#include <linux/if_arcnet.h>

		#ifdef __KERNEL__
		#include <linux/irqreturn.h>
		#include <linux/interrupt.h>

		/*
		* RECON_THRESHOLD is the maximum number of RECON messages to receive

drivers/net/ethernet/amd/xgbe/xgbe.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -129,6 +129,7 @@
		#include <net/dcbnl.h>
		#include <linux/completion.h>
		#include <linux/cpumask.h>
		#include <linux/interrupt.h>

		#define XGBE_DRV_NAME "amd-xgbe"
		#define XGBE_DRV_VERSION "1.0.3"

drivers/net/ethernet/synopsys/dwc-xlgmac-net.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@

		#include <linux/netdevice.h>
		#include <linux/tcp.h>
		#include <linux/interrupt.h>

		#include "dwc-xlgmac.h"
		#include "dwc-xlgmac-reg.h"

drivers/net/ieee802154/ca8210.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -66,6 +66,7 @@
		#include <linux/spinlock.h>
		#include <linux/string.h>
		#include <linux/workqueue.h>
		#include <linux/interrupt.h>

		#include <net/ieee802154_netdev.h>
		#include <net/mac802154.h>