xfrm: hash prefixed policies based on preflen thresholds

struct xfrm_policy_hash {

	struct hlist_head	*table;

	unsigned int		hmask;

	u8			dbits4;

	u8			sbits4;

	u8			dbits6;

	u8			sbits6;

};

struct netns_xfrm {

#include <linux/xfrm.h>

#include <linux/socket.h>

#include <linux/jhash.h>

static inline unsigned int __xfrm4_addr_hash(const xfrm_address_t *addr)

{

		     saddr->a6[2] ^ saddr->a6[3]);

}

static inline u32 __bits2mask32(__u8 bits)

{

	u32 mask32 = 0xffffffff;

	if (bits == 0)

		mask32 = 0;

	else if (bits < 32)

		mask32 <<= (32 - bits);

	return mask32;

}

static inline unsigned int __xfrm4_dpref_spref_hash(const xfrm_address_t *daddr,

						    const xfrm_address_t *saddr,

						    __u8 dbits,

						    __u8 sbits)

{

	return jhash_2words(ntohl(daddr->a4) & __bits2mask32(dbits),

			    ntohl(saddr->a4) & __bits2mask32(sbits),

			    0);

}

static inline unsigned int __xfrm6_pref_hash(const xfrm_address_t *addr,

					     __u8 prefixlen)

{

	int pdw;

	int pbi;

	u32 initval = 0;

	pdw = prefixlen >> 5;     /* num of whole u32 in prefix */

	pbi = prefixlen &  0x1f;  /* num of bits in incomplete u32 in prefix */

	if (pbi) {

		__be32 mask;

		mask = htonl((0xffffffff) << (32 - pbi));

		initval = (__force u32)(addr->a6[pdw] & mask);

	}

	return jhash2((__force u32 *)addr->a6, pdw, initval);

}

static inline unsigned int __xfrm6_dpref_spref_hash(const xfrm_address_t *daddr,

						    const xfrm_address_t *saddr,

						    __u8 dbits,

						    __u8 sbits)

{

	return __xfrm6_pref_hash(daddr, dbits) ^

	       __xfrm6_pref_hash(saddr, sbits);

}

static inline unsigned int __xfrm_dst_hash(const xfrm_address_t *daddr,

					   const xfrm_address_t *saddr,

					   u32 reqid, unsigned short family,

}

static inline unsigned int __sel_hash(const struct xfrm_selector *sel,

				      unsigned short family, unsigned int hmask)

				      unsigned short family, unsigned int hmask,

				      u8 dbits, u8 sbits)

{

	const xfrm_address_t *daddr = &sel->daddr;

	const xfrm_address_t *saddr = &sel->saddr;

	switch (family) {

	case AF_INET:

		if (sel->prefixlen_d != 32 ||

		    sel->prefixlen_s != 32)

		if (sel->prefixlen_d < dbits ||

		    sel->prefixlen_s < sbits)

			return hmask + 1;

		h = __xfrm4_daddr_saddr_hash(daddr, saddr);

		h = __xfrm4_dpref_spref_hash(daddr, saddr, dbits, sbits);

		break;

	case AF_INET6:

		if (sel->prefixlen_d != 128 ||

		    sel->prefixlen_s != 128)

		if (sel->prefixlen_d < dbits ||

		    sel->prefixlen_s < sbits)

			return hmask + 1;

		h = __xfrm6_daddr_saddr_hash(daddr, saddr);

		h = __xfrm6_dpref_spref_hash(daddr, saddr, dbits, sbits);

		break;

	}

	h ^= (h >> 16);

static inline unsigned int __addr_hash(const xfrm_address_t *daddr,

				       const xfrm_address_t *saddr,

				       unsigned short family, unsigned int hmask)

				       unsigned short family,

				       unsigned int hmask,

				       u8 dbits, u8 sbits)

{

	unsigned int h = 0;

	switch (family) {

	case AF_INET:

		h = __xfrm4_daddr_saddr_hash(daddr, saddr);

		h = __xfrm4_dpref_spref_hash(daddr, saddr, dbits, sbits);

		break;

	case AF_INET6:

		h = __xfrm6_daddr_saddr_hash(daddr, saddr);

		h = __xfrm6_dpref_spref_hash(daddr, saddr, dbits, sbits);

		break;

	}

	h ^= (h >> 16);

	return __idx_hash(index, net->xfrm.policy_idx_hmask);

}

/* calculate policy hash thresholds */

static void __get_hash_thresh(struct net *net,

			      unsigned short family, int dir,

			      u8 *dbits, u8 *sbits)

{

	switch (family) {

	case AF_INET:

		*dbits = net->xfrm.policy_bydst[dir].dbits4;

		*sbits = net->xfrm.policy_bydst[dir].sbits4;

		break;

	case AF_INET6:

		*dbits = net->xfrm.policy_bydst[dir].dbits6;

		*sbits = net->xfrm.policy_bydst[dir].sbits6;

		break;

	default:

		*dbits = 0;

		*sbits = 0;

	}

}

static struct hlist_head *policy_hash_bysel(struct net *net,

					    const struct xfrm_selector *sel,

					    unsigned short family, int dir)

{

	unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;

	unsigned int hash = __sel_hash(sel, family, hmask);

	unsigned int hash;

	u8 dbits;

	u8 sbits;

	__get_hash_thresh(net, family, dir, &dbits, &sbits);

	hash = __sel_hash(sel, family, hmask, dbits, sbits);

	return (hash == hmask + 1 ?

		&net->xfrm.policy_inexact[dir] :

					     unsigned short family, int dir)

{

	unsigned int hmask = net->xfrm.policy_bydst[dir].hmask;

	unsigned int hash = __addr_hash(daddr, saddr, family, hmask);

	unsigned int hash;

	u8 dbits;

	u8 sbits;

	__get_hash_thresh(net, family, dir, &dbits, &sbits);

	hash = __addr_hash(daddr, saddr, family, hmask, dbits, sbits);

	return net->xfrm.policy_bydst[dir].table + hash;

}

static void xfrm_dst_hash_transfer(struct hlist_head *list,

static void xfrm_dst_hash_transfer(struct net *net,

				   struct hlist_head *list,

				   struct hlist_head *ndsttable,

				   unsigned int nhashmask)

				   unsigned int nhashmask,

				   int dir)

{

	struct hlist_node *tmp, *entry0 = NULL;

	struct xfrm_policy *pol;

	unsigned int h0 = 0;

	u8 dbits;

	u8 sbits;

redo:

	hlist_for_each_entry_safe(pol, tmp, list, bydst) {

		unsigned int h;

		__get_hash_thresh(net, pol->family, dir, &dbits, &sbits);

		h = __addr_hash(&pol->selector.daddr, &pol->selector.saddr,

				pol->family, nhashmask);

				pol->family, nhashmask, dbits, sbits);

		if (!entry0) {

			hlist_del(&pol->bydst);

			hlist_add_head(&pol->bydst, ndsttable+h);

	write_lock_bh(&net->xfrm.xfrm_policy_lock);

	for (i = hmask; i >= 0; i--)

		xfrm_dst_hash_transfer(odst + i, ndst, nhashmask);

		xfrm_dst_hash_transfer(net, odst + i, ndst, nhashmask, dir);

	net->xfrm.policy_bydst[dir].table = ndst;

	net->xfrm.policy_bydst[dir].hmask = nhashmask;

		if (!htab->table)

			goto out_bydst;

		htab->hmask = hmask;

		htab->dbits4 = 32;

		htab->sbits4 = 32;

		htab->dbits6 = 128;

		htab->sbits6 = 128;

	}

	INIT_LIST_HEAD(&net->xfrm.policy_all);