[PATCH] xfrm: Allow ESP over UDP in packet offload mode
From: Ilia Lin
Date: Tue Jul 18 2023 - 05:24:16 EST
The ESP encapsulation is not supported only in crypto mode.
In packet offload mode, the RX is bypassing the XFRM,
so we can enable the encapsulation.
Signed-off-by: Ilia Lin <ilia.lin@xxxxxxxxxx>
---
net/xfrm/xfrm_device.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 4aff76c6f12e0..3018468d97662 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -246,8 +246,10 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
return -EINVAL;
}
- /* We don't yet support UDP encapsulation and TFC padding. */
- if (x->encap || x->tfcpad) {
+ is_packet_offload = xuo->flags & XFRM_OFFLOAD_PACKET;
+
+ /* We don't yet support UDP encapsulation except full mode and TFC padding. */
+ if ((!is_packet_offload && x->encap) || x->tfcpad) {
NL_SET_ERR_MSG(extack, "Encapsulation and TFC padding can't be offloaded");
return -EINVAL;
}
@@ -258,7 +260,6 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
return -EINVAL;
}
- is_packet_offload = xuo->flags & XFRM_OFFLOAD_PACKET;
dev = dev_get_by_index(net, xuo->ifindex);
if (!dev) {
if (!(xuo->flags & XFRM_OFFLOAD_INBOUND)) {
--