181699 – [ipsec] [patch] IPsec does scale to large SPD / SADB

Bug 181699 - [ipsec] [patch] IPsec does scale to large SPD / SADB

Summary: [ipsec] [patch] IPsec does scale to large SPD / SADB

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	8.3-RELEASE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-08-31 10:10 UTC by Timo Teräs
Modified:	2019-05-20 11:34 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.txt (19.43 KB, text/plain) 2013-08-31 10:10 UTC, Timo Teräs	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Timo Teräs 2013-08-31 10:10:00 UTC

The algorithms for IPsec SA lookup and SPD lookups are O(n), and things slow down to unusable state if number of SPD or SADB entries goes >100.

Fix: Attached are patches to convert linear list lookups to hash lookups (SADB), and implementing a simple SPD caching layer to speed up SPD lookups.

Patch attached with submission follows:

Comment 1 Mark Linimon freebsd_committer

2013-09-01 05:35:02 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-net

Over to maintainer(s).

Comment 2 Andrey V. Elsukov freebsd_committer

2013-10-26 12:51:12 UTC

Responsible Changed
From-To: freebsd-net->ae

Take it.

Comment 3 Eitan Adler freebsd_committer

2017-12-31 07:58:55 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 4 Andrey V. Elsukov freebsd_committer

2019-05-20 11:34:28 UTC

SPD/SADB were modified to use hash tables, rmlock, and also SPD cache was introduced in 11.0+.