On Thu, Oct 11, 2018 at 11:45:40PM +0200, Pablo Neira Ayuso wrote: > It is safe to place a flow that is coming from IPSec into the flowtable. > So decapsulated can benefit from the flowtable fastpath. > > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> > --- > I'm recovering this patch, this enables faster flowtable forwarding from > ingress. Florian has been asking for a way to restore the xfrm cache, > and I remember Steffen mentioned this two liner should be just enough to > combine the flowtable infrastructure with ipsec. Yes, it was this and we need to relax the requirement to see traffic in both directions before offloading to the flowtable (if I remember correct).
