public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* [PATCH] IPsec: Disable XFRM policy lookup for VTI devices
@ 2021-01-14 18:54 Michael Tremer
  0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2021-01-14 18:54 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 702 bytes --]

This speeds up throughput slightly

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/scripts/ipsec-interfaces | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/scripts/ipsec-interfaces b/src/scripts/ipsec-interfaces
index 2546f8927..f0983dbdc 100644
--- a/src/scripts/ipsec-interfaces
+++ b/src/scripts/ipsec-interfaces
@@ -228,6 +228,11 @@ main() {
 			ip addr flush dev "${intf}"
 			ip addr add "${interface_address}" dev "${intf}"
 
+			# Disable IPsec policy lookup for VTI
+			if [ "${interface_mode}" = "vti" ]; then
+				sysctl -qw "net.ipv4.conf.${intf}.disable_policy=1"
+			fi
+
 			# Set MTU
 			ip link set dev "${intf}" mtu "${interface_mtu}"
 
-- 
2.28.0


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-01-14 18:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-14 18:54 [PATCH] IPsec: Disable XFRM policy lookup for VTI devices Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox