diff mbox series

[ipsec] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload

Message ID 5f247a2ef20cae297db4d0a130515d0b7a1b8110.1616139307.git.lucien.xin@gmail.com
State New
Headers show
Series [ipsec] esp: delete NETIF_F_SCTP_CRC bit from features for esp offload | expand

Commit Message

Xin Long March 19, 2021, 7:35 a.m. UTC 
Now in esp4/6_gso_segment(), before calling inner proto .gso_segment,
NETIF_F_CSUM_MASK bits are deleted, as HW won't be able to do the
csum for inner proto due to the packet encrypted already.

So the UDP/TCP packet has to do the checksum on its own .gso_segment.
But SCTP is using CRC checksum, and for that NETIF_F_SCTP_CRC should
be deleted to make SCTP do the csum in own .gso_segment as well.

In Xiumei's testing with SCTP over IPsec/veth, the packets are kept
dropping due to the wrong CRC checksum.

Reported-by: Xiumei Mu <xmu@redhat.com>
Fixes: 7862b4058b9f ("esp: Add gso handlers for esp4 and esp6")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/ipv4/esp4_offload.c | 6 ++++--
 net/ipv6/esp6_offload.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

Comments

Steffen Klassert March 23, 2021, 8:14 a.m. UTC | #1 
On Fri, Mar 19, 2021 at 03:35:07PM +0800, Xin Long wrote:
> Now in esp4/6_gso_segment(), before calling inner proto .gso_segment,

> NETIF_F_CSUM_MASK bits are deleted, as HW won't be able to do the

> csum for inner proto due to the packet encrypted already.

> 

> So the UDP/TCP packet has to do the checksum on its own .gso_segment.

> But SCTP is using CRC checksum, and for that NETIF_F_SCTP_CRC should

> be deleted to make SCTP do the csum in own .gso_segment as well.

> 

> In Xiumei's testing with SCTP over IPsec/veth, the packets are kept

> dropping due to the wrong CRC checksum.

> 

> Reported-by: Xiumei Mu <xmu@redhat.com>

> Fixes: 7862b4058b9f ("esp: Add gso handlers for esp4 and esp6")

> Signed-off-by: Xin Long <lucien.xin@gmail.com>


Applied, thanks Xin!
diff mbox series

Patch

diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
index 601f5fb..ed3de48 100644
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -217,10 +217,12 @@  static struct sk_buff *esp4_gso_segment(struct sk_buff *skb,
 
 	if ((!(skb->dev->gso_partial_features & NETIF_F_HW_ESP) &&
 	     !(features & NETIF_F_HW_ESP)) || x->xso.dev != skb->dev)
-		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
+		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 	else if (!(features & NETIF_F_HW_ESP_TX_CSUM) &&
 		 !(skb->dev->gso_partial_features & NETIF_F_HW_ESP_TX_CSUM))
-		esp_features = features & ~NETIF_F_CSUM_MASK;
+		esp_features = features & ~(NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 
 	xo->flags |= XFRM_GSO_SEGMENT;
 
diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c
index 1ca516f..f35203a 100644
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -254,9 +254,11 @@  static struct sk_buff *esp6_gso_segment(struct sk_buff *skb,
 	skb->encap_hdr_csum = 1;
 
 	if (!(features & NETIF_F_HW_ESP) || x->xso.dev != skb->dev)
-		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
+		esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 	else if (!(features & NETIF_F_HW_ESP_TX_CSUM))
-		esp_features = features & ~NETIF_F_CSUM_MASK;
+		esp_features = features & ~(NETIF_F_CSUM_MASK |
+					    NETIF_F_SCTP_CRC);
 
 	xo->flags |= XFRM_GSO_SEGMENT;