| Message ID | 6da2c3ac-ab44-e761-d5f0-97ad5abf589b@secunet.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | Subject: [PATCH net] drivers: net: mlx5: Fix *_ipsec_offload_ok(): Use, ip_hdr family | expand |
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c index 3d45341e2216..0bab1ceb745c 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c @@ -460,7 +460,7 @@ void mlx5e_ipsec_cleanup(struct mlx5e_priv *priv) static bool mlx5e_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *x) { - if (x->props.family == AF_INET) { + if (ip_hdr(skb)->version == 4) { /* Offload with IPv4 options is not supported yet */ if (ip_hdr(skb)->ihl > 5)
Xfrm_dev_offload_ok() is called with the unencrypted SKB. So in case of interfamily ipsec traffic (IPv4-in-IPv6 and IPv6 in IPv4) the check assumes the wrong family of the skb (IP family of the state). With this patch the ip header of the SKB is used to determine the family. Signed-off-by: Christian Langrock <christian.langrock@secunet.com> --- drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) return false;