> > if (!is_system_labeled() &&
> > !ipst->ips_ip_cgtp_filter && ipp_action_count == 0 &&
> > opt_len == 0 && ipha->ipha_protocol != IPPROTO_RSVP &&
> > !ll_multicast && !CLASSD(dst) && !ill->ill_dhcp_init) {
> > ^^^^^^^^^^^^^^^^^^^
> >
> > Unfortunately, even this single check will impact general networking
> > performance especially for small packets,
>
> actually, it looks like two of the tests (is_system_labeled() and
> ipp_action_count) are global variables while ipst is the zone-global
> ipstack structure. Any way we could precompute the AND of a few of
> those and your SIOCLIFDHCPINIT bit into a single per-ill "stay off the
> fast-path" bit (and re-compute it whenever one of them changes?)
Indeed, I was thinking of that too. I suspect Garrett & Co. were
exploring similar optimizations -- and if so, this may be of minimal
impact.
--
meem
