Skip to content

Commit

Permalink
xfrm: set skb control buffer based on packet offload as well
Browse files Browse the repository at this point in the history 
In packet offload, packets are not encrypted in XFRM stack, so
the next network layer which the packets will be forwarded to
should depend on where the packet came from (either xfrm4_output
or xfrm6_output) rather than the matched SA's family type.

Test: verified IPv6-in-IPv4 packets on Android device with
      IPsec packet offload enabled
Signed-off-by: Mike Yu <yumike@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
  • Loading branch information
Mike Yu authored and Steffen Klassert committed Mar 5, 2024
1 parent d4872d7 commit 8688ab2
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion net/xfrm/xfrm_output.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -704,9 +704,13 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb)
{
struct net *net = dev_net(skb_dst(skb)->dev);
struct xfrm_state *x = skb_dst(skb)->xfrm;
int family;
int err;

switch (x->outer_mode.family) {
family = (x->xso.type != XFRM_DEV_OFFLOAD_PACKET) ? x->outer_mode.family
: skb_dst(skb)->ops->family;

switch (family) {
case AF_INET:
memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED;
Expand Down

0 comments on commit 8688ab2

Please sign in to comment.