• Jamal Hadi Salim's avatar
    [XFRM]: Export SAD info. · 28d8909b
    Jamal Hadi Salim authored
    On a system with a lot of SAs, counting SAD entries chews useful
    CPU time since you need to dump the whole SAD to user space;
    i.e something like ip xfrm state ls | grep -i src | wc -l
    I have seen taking literally minutes on a 40K SAs when the system
    is swapping.
    With this patch, some of the SAD info (that was already being tracked)
    is exposed to user space. i.e you do:
    ip xfrm state count
    And you get the count; you can also pass -s to the command line and
    get the hash info.
    Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    28d8909b
xfrm.h 30.8 KB