Optimize the case where we have IPSEC enabled but do not have security policies.

TAG: tryforward Differential Revision: https://reviews.freebsd.org/D3993
author: Luiz Otavio O Souza <luiz@netgate.com> 2015-10-26 13:15:22 -0500
committer: Luiz Otavio O Souza <luiz@netgate.com> 2015-10-26 13:15:22 -0500
commit: 5aba7ffcfb97d9b6f4ce464de77b02ad4d7b8ad3 (patch)
tree: 105da69db61524c63af385bf78e86fbaf7b525b0 /sys/netipsec/ipsec.c
parent: de3b422781821f809b436ced1af4fc3dd4dc0c1a (diff)
download: FreeBSD-src-5aba7ffcfb97d9b6f4ce464de77b02ad4d7b8ad3.zip
FreeBSD-src-5aba7ffcfb97d9b6f4ce464de77b02ad4d7b8ad3.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index f01f0fe..bf02f93 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -1275,6 +1275,9 @@ ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
 	int error;
 	int result;
 
+	if (!key_havesp(IPSEC_DIR_INBOUND))
+		return 0;
+
 	IPSEC_ASSERT(m != NULL, ("null mbuf"));
 
 	/* Get SP for this packet. */
@@ -1402,6 +1405,9 @@ ipsec_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
 	int error;
 	size_t size;
 
+	if (!key_havesp(dir))
+		return 0;
+
 	IPSEC_ASSERT(m != NULL, ("null mbuf"));
 
 	/* Get SP for this packet. */
author	Luiz Otavio O Souza <luiz@netgate.com>	2015-10-26 13:15:22 -0500
committer	Luiz Otavio O Souza <luiz@netgate.com>	2015-10-26 13:15:22 -0500
commit	5aba7ffcfb97d9b6f4ce464de77b02ad4d7b8ad3 (patch)
tree	105da69db61524c63af385bf78e86fbaf7b525b0 /sys/netipsec/ipsec.c
parent	de3b422781821f809b436ced1af4fc3dd4dc0c1a (diff)
download	FreeBSD-src-5aba7ffcfb97d9b6f4ce464de77b02ad4d7b8ad3.zip FreeBSD-src-5aba7ffcfb97d9b6f4ce464de77b02ad4d7b8ad3.tar.gz