kernel-netlink: Use kernel-based route lookup if we do not install routes

For gateways with many connections, installing routes is often disabled,
as we can use a static route configuration to achieve proper routing with
a single rule. If this is the case, there is no need to dump all routes and
do userspace route lookups, as there is no need to exclude routes we installed
ourself.

Doing kernel-based route lookups is not only faster with may routes, but also
can use the full power of Linux policy based routing; something we can hardly
rebuild in userspace when calculating routes.

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index b19bbf2f045582df5c98123f99e202a1645d8012..33069560048df4da0ed214cc20afe2d7f1132dca 100644 (file)
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -475,6 +475,11 @@ struct private_kernel_netlink_net_t {
         */
        bool roam_events;
 
+       /**
+        * whether to install IPsec policy routes
+        */
+       bool install_routes;
+
        /**
         * whether to actually install virtual IPs
         */
@@ -1870,7 +1875,10 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
        {       /* kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes.
                 * as we want to ignore routes with virtual IPs we cannot use DUMP
                 * if these routes are not installed in a separate table */
-               hdr->nlmsg_flags |= NLM_F_DUMP;
+               if (this->install_routes)
+               {
+                       hdr->nlmsg_flags |= NLM_F_DUMP;
+               }
        }
        if (candidate)
        {
@@ -2937,6 +2945,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
                                                "%s.routing_table_prio", ROUTING_TABLE_PRIO, lib->ns),
                .process_route = lib->settings->get_bool(lib->settings,
                                                "%s.process_route", TRUE, lib->ns),
+               .install_routes = lib->settings->get_bool(lib->settings,
+                                               "%s.install_routes", TRUE, lib->ns),
                .install_virtual_ip = lib->settings->get_bool(lib->settings,
                                                "%s.install_virtual_ip", TRUE, lib->ns),
                .install_virtual_ip_on = lib->settings->get_str(lib->settings,