```
commit fe05dca7774e98adfeb1faefe8b98d6b398eae53 (HEAD -> ipsec)
Author: Mateusz Guzik <mjg@FreeBSD.org>
Date: Wed Sep 7 22:05:38 2022 +0200
ipsec: add key_havesp_any
Saves on work in a common case of checking both directions.
Note further work in the area is impending to elide these in the common
case to begin with.
Reviewed by:
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision:
commit bec3c2d77d20bcc76a92f86f7340d1008b6e847d
Author: Mateusz Guzik <mjg@FreeBSD.org>
Date: Wed Sep 7 22:27:15 2022 +0200
ipsec: prohibit unknown directions in key_havesp
Eliminates a branch checking for its validity.
Reviewed by:
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision:
```
compiled in but disabled ipsec shows up on profiles, see https://github.com/ocochard/netbenches/blob/master/Xeon_E5-2697Av4_16Cores-Mellanox_ConnectX-4/firewalls/results/fbsd14-n277887-IPSEC/README.md
the above is an initial step towards fixing that problem
later I'm going to create a combined var recalculated on each V_forwarding + key_havesp_any change so that no function calls will be issued to begin with.
this in ip_input:
```
if (V_ipforwarding != 0
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
&& (!IPSEC_ENABLED(ipv4) ||
IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0)
#endif
) {
```
will collapse into
```
if (V_ipcantryforward != 0) {
```