xfrm: optimise to search the inexact policy list

The policies are organized into list by priority ascent of policy,
so it is unnecessary to continue to loop the policy if the priority
of current looped police is larger than or equal priority which is
from the policy_bydst list.

This allows to match policy with ~0U priority in inexact list too.

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 3d264e5e74092a0f35e6e23299f0c7335e993c7e..18cead7645be0e75621e1b08a9e02621e75b7a4c 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1114,6 +1114,9 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
        }
        chain = &net->xfrm.policy_inexact[dir];
        hlist_for_each_entry(pol, chain, bydst) {
+               if ((pol->priority >= priority) && ret)
+                       break;
+
                err = xfrm_policy_match(pol, fl, type, family, dir);
                if (err) {
                        if (err == -ESRCH)
@@ -1122,7 +1125,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
                                ret = ERR_PTR(err);
                                goto fail;
                        }
-               } else if (pol->priority < priority) {
+               } else {
                        ret = pol;
                        break;
                }
@@ -3203,9 +3206,11 @@ static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector *
        }
        chain = &net->xfrm.policy_inexact[dir];
        hlist_for_each_entry(pol, chain, bydst) {
+               if ((pol->priority >= priority) && ret)
+                       break;
+
                if (xfrm_migrate_selector_match(sel, &pol->selector) &&
-                   pol->type == type &&
-                   pol->priority < priority) {
+                   pol->type == type) {
                        ret = pol;
                        break;
                }