50 lines
1.8 KiB
Diff
50 lines
1.8 KiB
Diff
From: Steffen Klassert <steffen.klassert@secunet.com>
|
|
Date: Thu, 12 Sep 2019 13:01:44 +0200
|
|
Subject: ixgbe: Fix secpath usage for IPsec TX offload.
|
|
Origin: https://git.kernel.org/linus/f39b683d35dfa93a58f1b400a8ec0ff81296b37c
|
|
Bug-Debian: https://bugs.debian.org/930443
|
|
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=204551
|
|
|
|
The ixgbe driver currently does IPsec TX offloading
|
|
based on an existing secpath. However, the secpath
|
|
can also come from the RX side, in this case it is
|
|
misinterpreted for TX offload and the packets are
|
|
dropped with a "bad sa_idx" error. Fix this by using
|
|
the xfrm_offload() function to test for TX offload.
|
|
|
|
Fixes: 592594704761 ("ixgbe: process the Tx ipsec offload")
|
|
Reported-by: Michael Marley <michael@michaelmarley.com>
|
|
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
[Salvatore Bonaccorso: Backport to 4.19.67: cherry-pick patch from 4.19.74
|
|
release with adjusted context]
|
|
---
|
|
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
|
|
index 410d5d3aa393..2c3da1516036 100644
|
|
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
|
|
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
|
|
@@ -34,6 +34,7 @@
|
|
#include <net/tc_act/tc_mirred.h>
|
|
#include <net/vxlan.h>
|
|
#include <net/mpls.h>
|
|
+#include <net/xfrm.h>
|
|
|
|
#include "ixgbe.h"
|
|
#include "ixgbe_common.h"
|
|
@@ -8599,7 +8600,8 @@ netdev_tx_t ixgbe_xmit_frame_ring(struct sk_buff *skb,
|
|
#endif /* IXGBE_FCOE */
|
|
|
|
#ifdef CONFIG_XFRM_OFFLOAD
|
|
- if (skb->sp && !ixgbe_ipsec_tx(tx_ring, first, &ipsec_tx))
|
|
+ if (xfrm_offload(skb) &&
|
|
+ !ixgbe_ipsec_tx(tx_ring, first, &ipsec_tx))
|
|
goto out_drop;
|
|
#endif
|
|
tso = ixgbe_tso(tx_ring, first, &hdr_len, &ipsec_tx);
|
|
--
|
|
2.23.0
|
|
|