On Wed, Dec 23, 2020 at 05:00:46PM +0200, Eyal Birger wrote:
> The disable_xfrm flag signals that xfrm should not be performed during
> routing towards a device before reaching device xmit.
>
> For xfrm interfaces this is usually desired as they perform the outbound
> policy lookup as part of their xmit using their if_id.
>
> Before this change enabling this flag on xfrm interfaces prevented them
> from xmitting as xfrm_lookup_with_ifid() would not perform a policy lookup
> in case the original dst had the DST_NOXFRM flag.
>
> This optimization is incorrect when the lookup is done by the xfrm
> interface xmit logic.
>
> Fix by performing policy lookup when invoked by xfrmi as if_id != 0.
>
> Similarly it's unlikely for the 'no policy exists on net' check to yield
> any performance benefits when invoked from xfrmi.
>
> Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
> Signed-off-by: Eyal Birger <eyal.bir...@gmail.com>
Applied, thanks a lot Eyal!
