From: Michael Richardson <mcr@sandelman.ca>
To: Eyal Birger <eyal.birger@gmail.com>
Cc: davem@davemloft.net, dsahern@kernel.org, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, steffen.klassert@secunet.com,
herbert@gondor.apana.org.au, pablo@netfilter.org, paul@nohats.ca,
nharold@google.com, devel@linux-ipsec.org,
netdev@vger.kernel.org
Subject: Re: [devel-ipsec] [PATCH ipsec-next, v2] xfrm: support sending NAT keepalives in ESP in UDP states
Date: Sun, 10 Dec 2023 13:47:35 -0500 [thread overview]
Message-ID: <15709.1702234055@localhost> (raw)
In-Reply-To: <20231210180116.1737411-1-eyal.birger@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 874 bytes --]
+ BUILD_BUG_ON(XFRMA_MAX != XFRMA_NAT_KEEPALIVE_INTERVAL);
This code was there before, and you are just updating it, but I gotta wonder
about it. It feels very not-DRY.
It seems to be testing that XFRMA_MAX was updated correctly in the header
file, and I guess I'm dubious about where it is being done.
I said last year at the workshop that I'd start a tree on documentation for
XFRM stuff, and I've managed to actually start that, and I'll attempt to use
this new addition as template.
As a general comment, until this work is RCU'ed I'm wondering how it will
perform on systems with thousands of SAs. As you say: this is a place for
improvement. If no keepalives are set, does the code need to walk the xfrm
states at all. I wonder if that might mitigate the situation for bigger
systems that have not yet adapted. I don't see a way to not include this
code.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]
next prev parent reply other threads:[~2023-12-10 18:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-10 18:01 [PATCH ipsec-next,v2] xfrm: support sending NAT keepalives in ESP in UDP states Eyal Birger
2023-12-10 18:47 ` Michael Richardson [this message]
2023-12-10 19:14 ` [devel-ipsec] [PATCH ipsec-next, v2] " Eyal Birger
2023-12-10 21:06 ` Michael Richardson
2023-12-14 18:51 ` [PATCH ipsec-next,v2] " kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=15709.1702234055@localhost \
--to=mcr@sandelman.ca \
--cc=davem@davemloft.net \
--cc=devel@linux-ipsec.org \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=eyal.birger@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nharold@google.com \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=paul@nohats.ca \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.