xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP packet

If xfrm_input() is called with UDP_ENCAP_ESPINUDP, the packet is already processed in UDP layer that removes the UDP header. Therefore, there should be no much difference to treat it as an ESP packet in the XFRM stack. Test: Enabled dir=in IPsec crypto offload, and verified IPv4 UDP-encapsulated ESP packets on both wifi/cellular network Signed-off-by: Mike Yu <yumike@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP packet
If xfrm_input() is called with UDP_ENCAP_ESPINUDP, the packet is already processed in UDP layer that removes the UDP header. Therefore, there should be no much difference to treat it as an ESP packet in the XFRM stack. Test: Enabled dir=in IPsec crypto offload, and verified IPv4 UDP-encapsulated ESP packets on both wifi/cellular network Signed-off-by: Mike Yu <yumike@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
4ecbac84 · Mike Yu · Steffen Klassert · a10fb4a8 · 4ecbac84
Commit 4ecbac84 authored Jul 12, 2024 by Mike Yu Committed by Steffen Klassert Jul 12, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

net/xfrm/xfrm_input.c net/xfrm/xfrm_input.c +2 -1

No files found.
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -471,7 +471,8 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 	struct xfrm_offload *xo = xfrm_offload(skb);
 	struct sec_path *sp;

-	if (encap_type < 0 || (xo && (xo->flags & XFRM_GRO || encap_type == 0))) {
+	if (encap_type < 0 || (xo && (xo->flags & XFRM_GRO || encap_type == 0 ||
+				      encap_type == UDP_ENCAP_ESPINUDP))) {
 		x = xfrm_input_state(skb);

 		if (unlikely(x->dir && x->dir != XFRM_SA_DIR_IN)) {