Diffusion FreeBSD src repository 1243360b1a02

ipsec: replace SECASVAR mtx by rmlock
1243360b1a02
Actions

Description

ipsec: replace SECASVAR mtx by rmlock

This mutex is a significant point of contention in the ipsec code, and
can be relatively trivially replaced by a read-mostly lock.
It does require a separate lock for the replay protection, which we do
here by adding a separate mutex.

This improves throughput (without replay protection) by 10-15%.

MFC after: 3 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D35763

(cherry picked from commit 0361f165f2193a098cfbfeef3a58ec2f1eaac0a1)

Details

Provenance

kp	Authored on Jun 23 2022, 8:35 PM

Differential Revision

D35763: ipsec: replace SECASVAR mtx by rmlock

Parents

rGc536045c51da: lib9p: Remove potential buffer overwrite in l9p_puqids()

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG1243360b1a02: ipsec: replace SECASVAR mtx by rmlock (authored by kp).Aug 9 2022, 1:46 PM

kp added an edge: D35763: ipsec: replace SECASVAR mtx by rmlock.

Changes (7)

Path

Size

sys/

netipsec/

rG1243360b1a02

View Options

sys/netipsec/ipsec.c

View Options

sys/netipsec/key.c

View Options

sys/netipsec/key_debug.c

View Options

sys/netipsec/keydb.h

View Options

sys/netipsec/xform_ah.c

View Options

sys/netipsec/xform_esp.c

View Options

sys/netipsec/xform_ipcomp.c

ipsec: replace SECASVAR mtx by rmlock1243360b1a02Actions

Description

Details

Event Timeline

Changes (7)

rG1243360b1a02

sys/netipsec/ipsec.c

sys/netipsec/key.c

sys/netipsec/key_debug.c

sys/netipsec/keydb.h

sys/netipsec/xform_ah.c

sys/netipsec/xform_esp.c

sys/netipsec/xform_ipcomp.c

ipsec: replace SECASVAR mtx by rmlock
1243360b1a02
Actions