git: c1bfe8c593f9 - main - ipsec: add key_havesp_any

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mateusz Guzik <mjg_at_FreeBSD.org>
Date: Tue, 22 Nov 2022 12:23:33 UTC
The branch main has been updated by mjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=c1bfe8c593f9047ff00c1204e4f086256af45bc2

commit c1bfe8c593f9047ff00c1204e4f086256af45bc2
Author:     Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2022-09-07 20:05:38 +0000
Commit:     Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2022-11-22 12:23:08 +0000

    ipsec: add key_havesp_any
    
    Saves on work in a common case of checking both directions.
    
    Note further work in the area is impending to elide these in the common
    case to begin with.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D36485
---
 sys/netipsec/ipsec.c      | 10 ++--------
 sys/netipsec/key.c        |  7 +++++++
 sys/netipsec/key.h        |  1 +
 sys/netipsec/subr_ipsec.c |  3 +--
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index d0217723bca6..94eb68658e30 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -666,10 +666,7 @@ ipsec4_capability(struct mbuf *m, u_int cap)
 		return (0);
 	case IPSEC_CAP_OPERABLE:
 		/* Do we have active security policies? */
-		if (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
-		    key_havesp(IPSEC_DIR_OUTBOUND) != 0)
-			return (1);
-		return (0);
+		return (key_havesp_any());
 	};
 	return (EOPNOTSUPP);
 }
@@ -835,10 +832,7 @@ ipsec6_capability(struct mbuf *m, u_int cap)
 		return (0);
 	case IPSEC_CAP_OPERABLE:
 		/* Do we have active security policies? */
-		if (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
-		    key_havesp(IPSEC_DIR_OUTBOUND) != 0)
-			return (1);
-		return (0);
+		return (key_havesp_any());
 	};
 	return (EOPNOTSUPP);
 }
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 093db4fb9126..98bd97f465bf 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -811,6 +811,13 @@ key_havesp(u_int dir)
 	return (TAILQ_FIRST(&V_sptree[dir]) != NULL);
 }
 
+int
+key_havesp_any(void)
+{
+
+	return (V_spd_size != 0);
+}
+
 /* %%% IPsec policy management */
 /*
  * Return current SPDB generation.
diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h
index 4d0f4b1ea512..81e30ecdc010 100644
--- a/sys/netipsec/key.h
+++ b/sys/netipsec/key.h
@@ -56,6 +56,7 @@ void key_addref(struct secpolicy *);
 void key_freesp(struct secpolicy **);
 int key_spdacquire(struct secpolicy *);
 int key_havesp(u_int);
+int key_havesp_any(void);
 void key_bumpspgen(void);
 uint32_t key_getspgen(void);
 uint32_t key_newreqid(void);
diff --git a/sys/netipsec/subr_ipsec.c b/sys/netipsec/subr_ipsec.c
index 3eac9d6aaad0..56ddf71ae87a 100644
--- a/sys/netipsec/subr_ipsec.c
+++ b/sys/netipsec/subr_ipsec.c
@@ -401,8 +401,7 @@ ipsec_kmod_capability(struct ipsec_support * const sc, struct mbuf *m,
 	 * call key_havesp() without additional synchronizations.
 	 */
 	if (cap == IPSEC_CAP_OPERABLE)
-		return (key_havesp(IPSEC_DIR_INBOUND) != 0 ||
-		    key_havesp(IPSEC_DIR_OUTBOUND) != 0);
+		return (key_havesp_any());
 	return (ipsec_kmod_caps(sc, m, cap));
 }