ipsec: add key_havesp_any
Saves on work in a common case of checking both directions. Note further work in the area is impending to elide these in the common case to begin with. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D36485
This commit is contained in:
parent
86104d3ebb
commit
c1bfe8c593
@ -666,10 +666,7 @@ ipsec4_capability(struct mbuf *m, u_int cap)
|
||||
return (0);
|
||||
case IPSEC_CAP_OPERABLE:
|
||||
/* Do we have active security policies? */
|
||||
if (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
|
||||
key_havesp(IPSEC_DIR_OUTBOUND) != 0)
|
||||
return (1);
|
||||
return (0);
|
||||
return (key_havesp_any());
|
||||
};
|
||||
return (EOPNOTSUPP);
|
||||
}
|
||||
@ -835,10 +832,7 @@ ipsec6_capability(struct mbuf *m, u_int cap)
|
||||
return (0);
|
||||
case IPSEC_CAP_OPERABLE:
|
||||
/* Do we have active security policies? */
|
||||
if (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
|
||||
key_havesp(IPSEC_DIR_OUTBOUND) != 0)
|
||||
return (1);
|
||||
return (0);
|
||||
return (key_havesp_any());
|
||||
};
|
||||
return (EOPNOTSUPP);
|
||||
}
|
||||
|
@ -811,6 +811,13 @@ key_havesp(u_int dir)
|
||||
return (TAILQ_FIRST(&V_sptree[dir]) != NULL);
|
||||
}
|
||||
|
||||
int
|
||||
key_havesp_any(void)
|
||||
{
|
||||
|
||||
return (V_spd_size != 0);
|
||||
}
|
||||
|
||||
/* %%% IPsec policy management */
|
||||
/*
|
||||
* Return current SPDB generation.
|
||||
|
@ -56,6 +56,7 @@ void key_addref(struct secpolicy *);
|
||||
void key_freesp(struct secpolicy **);
|
||||
int key_spdacquire(struct secpolicy *);
|
||||
int key_havesp(u_int);
|
||||
int key_havesp_any(void);
|
||||
void key_bumpspgen(void);
|
||||
uint32_t key_getspgen(void);
|
||||
uint32_t key_newreqid(void);
|
||||
|
@ -401,8 +401,7 @@ ipsec_kmod_capability(struct ipsec_support * const sc, struct mbuf *m,
|
||||
* call key_havesp() without additional synchronizations.
|
||||
*/
|
||||
if (cap == IPSEC_CAP_OPERABLE)
|
||||
return (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
|
||||
key_havesp(IPSEC_DIR_OUTBOUND) != 0);
|
||||
return (key_havesp_any());
|
||||
return (ipsec_kmod_caps(sc, m, cap));
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user