ipsec: add key_havesp_any

Saves on work in a common case of checking both directions.

Note further work in the area is impending to elide these in the common
case to begin with.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D36485

sys/netipsec/ipsec.c

@@ -666,10 +666,7 @@ ipsec4_capability(struct mbuf *m, u_int cap)
 		return (0);
 	case IPSEC_CAP_OPERABLE:
 		/* Do we have active security policies? */
-		if (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
-		    key_havesp(IPSEC_DIR_OUTBOUND) != 0)
-			return (1);
-		return (0);
+		return (key_havesp_any());
 	};
 	return (EOPNOTSUPP);
 }
@@ -835,10 +832,7 @@ ipsec6_capability(struct mbuf *m, u_int cap)
 		return (0);
 	case IPSEC_CAP_OPERABLE:
 		/* Do we have active security policies? */
-		if (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
-		    key_havesp(IPSEC_DIR_OUTBOUND) != 0)
-			return (1);
-		return (0);
+		return (key_havesp_any());
 	};
 	return (EOPNOTSUPP);
 }

sys/netipsec/key.c

@@ -811,6 +811,13 @@ key_havesp(u_int dir)
 	return (TAILQ_FIRST(&V_sptree[dir]) != NULL);
 }
 
+int
+key_havesp_any(void)
+{
+
+	return (V_spd_size != 0);
+}
+
 /* %%% IPsec policy management */
 /*
  * Return current SPDB generation.

sys/netipsec/key.h

@@ -56,6 +56,7 @@ void key_addref(struct secpolicy *);
 void key_freesp(struct secpolicy **);
 int key_spdacquire(struct secpolicy *);
 int key_havesp(u_int);
+int key_havesp_any(void);
 void key_bumpspgen(void);
 uint32_t key_getspgen(void);
 uint32_t key_newreqid(void);

sys/netipsec/subr_ipsec.c

@@ -401,8 +401,7 @@ ipsec_kmod_capability(struct ipsec_support * const sc, struct mbuf *m,
 	 * call key_havesp() without additional synchronizations.
 	 */
 	if (cap == IPSEC_CAP_OPERABLE)
-		return (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
-		    key_havesp(IPSEC_DIR_OUTBOUND) != 0);
+		return (key_havesp_any());
 	return (ipsec_kmod_caps(sc, m, cap));
 }