aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMartin Willi <martin@strongswan.org>2017-01-19 11:03:55 +0100
committerMartin Willi <martin@strongswan.org>2017-02-13 15:11:20 +0100
commit558691b3b04b82db56a1522360e62bbd6547aa26 (patch)
treefe3530678edd55e1cd3b80f8c8c8dabe4036ef07 /src
parent72547830fbf583aafdaf7bc045c9a818e90c93eb (diff)
downloadstrongswan-558691b3b04b82db56a1522360e62bbd6547aa26.tar.bz2
strongswan-558691b3b04b82db56a1522360e62bbd6547aa26.tar.xz
kernel-netlink: Use kernel-based route lookup if we do not install routes
For gateways with many connections, installing routes is often disabled, as we can use a static route configuration to achieve proper routing with a single rule. If this is the case, there is no need to dump all routes and do userspace route lookups, as there is no need to exclude routes we installed ourself. Doing kernel-based route lookups is not only faster with may routes, but also can use the full power of Linux policy based routing; something we can hardly rebuild in userspace when calculating routes.
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index b19bbf2f0..330695600 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -476,6 +476,11 @@ struct private_kernel_netlink_net_t {
bool roam_events;
/**
+ * whether to install IPsec policy routes
+ */
+ bool install_routes;
+
+ /**
* whether to actually install virtual IPs
*/
bool install_virtual_ip;
@@ -1870,7 +1875,10 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
{ /* kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes.
* as we want to ignore routes with virtual IPs we cannot use DUMP
* if these routes are not installed in a separate table */
- hdr->nlmsg_flags |= NLM_F_DUMP;
+ if (this->install_routes)
+ {
+ hdr->nlmsg_flags |= NLM_F_DUMP;
+ }
}
if (candidate)
{
@@ -2937,6 +2945,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
"%s.routing_table_prio", ROUTING_TABLE_PRIO, lib->ns),
.process_route = lib->settings->get_bool(lib->settings,
"%s.process_route", TRUE, lib->ns),
+ .install_routes = lib->settings->get_bool(lib->settings,
+ "%s.install_routes", TRUE, lib->ns),
.install_virtual_ip = lib->settings->get_bool(lib->settings,
"%s.install_virtual_ip", TRUE, lib->ns),
.install_virtual_ip_on = lib->settings->get_str(lib->settings,