The algorithms for IPsec SA lookup and SPD lookups are O(n), and things slow down to unusable state if number of SPD or SADB entries goes >100. Fix: Attached are patches to convert linear list lookups to hash lookups (SADB), and implementing a simple SPD caching layer to speed up SPD lookups. Patch attached with submission follows:
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s).
Responsible Changed From-To: freebsd-net->ae Take it.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
SPD/SADB were modified to use hash tables, rmlock, and also SPD cache was introduced in 11.0+.