Change Details

``` commit fe05dca7774e98adfeb1faefe8b98d6b398eae53 (HEAD -> ipsec) Author: Mateusz Guzik <mjg@FreeBSD.org> Date: Wed Sep 7 22:05:38 2022 +0200 ipsec: add key_havesp_any Saves on work in a common case of checking both directions. Note further work in the area is impending to elide these in the common case to begin with. Reviewed by: Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: commit bec3c2d77d20bcc76a92f86f7340d1008b6e847d Author: Mateusz Guzik <mjg@FreeBSD.org> Date: Wed Sep 7 22:27:15 2022 +0200 ipsec: prohibit unknown directions in key_havesp Eliminates a branch checking for its validity. Reviewed by: Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: ``` compiled in but disabled ipsec shows up on profiles, see https://github.com/ocochard/netbenches/blob/master/Xeon_E5-2697Av4_16Cores-Mellanox_ConnectX-4/firewalls/results/fbsd14-n277887-IPSEC/README.md the above is an initial step towards fixing that problem later I'm going to create a combined var recalculated on each V_forwarding + key_havesp_any change so that no function calls will be issues to begin with.

``` commit fe05dca7774e98adfeb1faefe8b98d6b398eae53 (HEAD -> ipsec) Author: Mateusz Guzik <mjg@FreeBSD.org> Date: Wed Sep 7 22:05:38 2022 +0200 ipsec: add key_havesp_any Saves on work in a common case of checking both directions. Note further work in the area is impending to elide these in the common case to begin with. Reviewed by: Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: commit bec3c2d77d20bcc76a92f86f7340d1008b6e847d Author: Mateusz Guzik <mjg@FreeBSD.org> Date: Wed Sep 7 22:27:15 2022 +0200 ipsec: prohibit unknown directions in key_havesp Eliminates a branch checking for its validity. Reviewed by: Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: ``` compiled in but disabled ipsec shows up on profiles, see https://github.com/ocochard/netbenches/blob/master/Xeon_E5-2697Av4_16Cores-Mellanox_ConnectX-4/firewalls/results/fbsd14-n277887-IPSEC/README.md the above is an initial step towards fixing that problem later I'm going to create a combined var recalculated on each V_forwarding + key_havesp_any change so that no function calls will be issued to begin with. this in ip_input: ``` if (V_ipforwarding != 0 #if defined(IPSEC) || defined(IPSEC_SUPPORT) && (!IPSEC_ENABLED(ipv4) || IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0) #endif ) { ``` will collapse into ``` if (V_ipcantryforward != 0) { ```

``` commit fe05dca7774e98adfeb1faefe8b98d6b398eae53 (HEAD -> ipsec) Author: Mateusz Guzik <mjg@FreeBSD.org> Date: Wed Sep 7 22:05:38 2022 +0200 ipsec: add key_havesp_any Saves on work in a common case of checking both directions. Note further work in the area is impending to elide these in the common case to begin with. Reviewed by: Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: commit bec3c2d77d20bcc76a92f86f7340d1008b6e847d Author: Mateusz Guzik <mjg@FreeBSD.org> Date: Wed Sep 7 22:27:15 2022 +0200 ipsec: prohibit unknown directions in key_havesp Eliminates a branch checking for its validity. Reviewed by: Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: ``` compiled in but disabled ipsec shows up on profiles, see https://github.com/ocochard/netbenches/blob/master/Xeon_E5-2697Av4_16Cores-Mellanox_ConnectX-4/firewalls/results/fbsd14-n277887-IPSEC/README.md the above is an initial step towards fixing that problem later I'm going to create a combined var recalculated on each V_forwarding + key_havesp_any change so that no function calls will be issues to begin with.d to begin with. this in ip_input: ``` if (V_ipforwarding != 0 #if defined(IPSEC) || defined(IPSEC_SUPPORT) && (!IPSEC_ENABLED(ipv4) || IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0) #endif ) { ``` will collapse into ``` if (V_ipcantryforward != 0) { ```