[Openswan dev] Small optimisation for lots of interfaces
David McCullough
davidm at snapgear.com
Wed Nov 23 13:20:52 CET 2005
Hi all,
Not sure how acceptable this is, but thought I would throw it out
there and see.
If you have a box with 100's of interfaces, processing ifconfig
output to find the configured ipsec interfaces is a little expensive,
so this patch changes it to use /proc/net/ipsec_tncfg.
Cheers,
Davidm
Index: openswan/programs/_realsetup/_realsetup.in
===================================================================
RCS file: /cvs/sw/new-wave/openswan/programs/_realsetup/_realsetup.in,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 _realsetup.in
--- openswan/programs/_realsetup/_realsetup.in 26 Sep 2005 01:46:24 -0000 1.1.1.2
+++ openswan/programs/_realsetup/_realsetup.in 23 Nov 2005 03:17:09 -0000
@@ -138,7 +138,12 @@
if $klips
then
- KILLKLIPS='ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ;
+ #
+ # don't use ifconfig here, there may be thousands of
+ # interfaces to parse through, much quicker to go
+ # direct to the source
+ #
+ KILLKLIPS='ifl=`grep -v NULL /proc/net/ipsec_tncfg 2> /dev/null | sed -n -e "/^ipsec/s/ .*//p" ` ;
test "X$ifl" != "X" &&
for i in $ifl ;
do
--
David McCullough, davidm at cyberguard.com.au, Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
More information about the Dev
mailing list