Author: tjansen Date: Thu Nov 26 12:38:22 2009 New Revision: 1788 Log: Performance optimization in the client. Hash lookups are expensive. Each packet coming from a server triggered two lookups (one for the connection and one for the NAT mapping). Since the NAT mapping contains a pointer to the connection, we can leverage that to save the connection hash lookup if the packet comes from a service. If it comes from the trust point, we still have to do two lookups (the NAT lookup will fail as there is no NAT mapping for the trustpoint). Modified: trunk/pisacd/cdtun.c Modified: trunk/pisacd/cdtun.c ============================================================================== --- trunk/pisacd/cdtun.c Thu Nov 26 12:31:40 2009 (r1787) +++ trunk/pisacd/cdtun.c Thu Nov 26 12:38:22 2009 (r1788) @@ -49,8 +49,16 @@ return; } + /* Check for IPv4 in the payload, otherwise drop it */ + if ((hdr = pisa_nat_get_iphdr(buffer)) == NULL) + return; + srcaddr = (struct in_addr *)&hdr->ip_src; + map = pisa_nat_mapping_find_by_remote(cd_ctx.natlist, &from.sin6_addr, srcaddr); + /* Check if we have an active connection with the origin */ - entry = pisa_conmgr_findby_hit(cd_ctx.conlist, &from.sin6_addr); + entry = map ? map->connection : NULL; + if (!entry) + entry = pisa_conmgr_findby_hit(cd_ctx.conlist, &from.sin6_addr); if (!entry) { inet_ntop(AF_INET6, &(from.sin6_addr), buffer, sizeof(buffer)); PISA_DEBUG(PL_DATA, "remote -> local: from unknown server %s\n", buffer); @@ -67,13 +75,7 @@ return; } - /* Check for IPv4 in the payload, otherwise drop it */ - if ((hdr = pisa_nat_get_iphdr(buffer)) == NULL) - return; - /* Apply NAT if needed */ - srcaddr = (struct in_addr *)&hdr->ip_src; - map = pisa_nat_mapping_find_by_remote(cd_ctx.natlist, &from.sin6_addr, srcaddr); if (map != NULL) pisa_nat_apply(hdr, srcaddr, &map->local_private);