ipv4: Elide fib_validate_source() completely when possible.

If rpfilter is off (or the SKB has an IPSEC path) and there are not
tclassid users, we don't have to do anything at all when
fib_validate_source() is invoked besides setting the itag to zero.

We monitor tclassid uses with a counter (modified only under RTNL and
marked __read_mostly) and we protect the fib_validate_source() real
work with a test against this counter and whether rpfilter is to be
done.

Having a way to know whether we need no tclassid processing or not
also opens the door for future optimized rpfilter algorithms that do
not perform full FIB lookups.

Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 4 insertions, 0 deletions

diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 72cceb79d0d4..ab7db83236c9 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -151,6 +151,8 @@ static void fib_rules_cleanup_ops(struct fib_rules_ops *ops)
 
         list_for_each_entry_safe(rule, tmp, &ops->rules_list, list) {
                 list_del_rcu(&rule->list);
+                if (ops->delete)
+                        ops->delete(rule);
                 fib_rule_put(rule);
         }
 }
@@ -499,6 +501,8 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
 
                 notify_rule_change(RTM_DELRULE, rule, ops, nlh,
                                    NETLINK_CB(skb).pid);
+                if (ops->delete)
+                        ops->delete(rule);
                 fib_rule_put(rule);
                 flush_route_cache(ops);
                 rules_ops_put(ops);