Herbert Xu wrote:
On Fri, May 18, 2007 at 02:34:12PM +1000, Herbert Xu wrote:
Actually, I think we should just probe for the specific algorithm
requested rather than everything. See patch below.
Doh, forgot to actually remove the probe call :)
[IPSEC] pfkey: Load specific algorithm in pfkey_add rather than all
This is a natural extension of the changeset
[XFRM]: Probe selected algorithm only.
which only removed the probe call for xfrm_user. This patch does exactly
the same thing for af_key. In other words, we load the algorithm requested
by the user rather than everything when adding xfrm states in af_key.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Cheers,
[... snip]
Herbert,
I can verify that this works. The test adds 2000 instances of SAs using
hmac-md5 for authentication and rijndael-cbc for encryption.
Test output is:
[EMAIL PROTECTED]:~# lsmod
Module Size Used by
[EMAIL PROTECTED]:~#time setkey -f SA_test.txt
real 0m1.072s
user 0m0.048s
sys 0m0.632s
[EMAIL PROTECTED]:~#lsmod
Module Size Used by
twofish 10112 0
twofish_common 40192 1 twofish
camellia 32768 0
serpent 25216 0
blowfish 9984 0
ecb 3712 0
aes 28864 2000
xcbc 5768 0
sha256 12416 0
crypto_null 3456 0
[EMAIL PROTECTED]:~#
Prior to the patch time was over 42 seconds (possibly longer on 2.6.21).
I'm a bit curious why all of the crypto modules got loaded, but it
doesn't matter.
Thanks for the patch.
Mark Huth
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
