diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2017-04-14 10:07:28 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2017-04-14 10:07:28 +0200 |
commit | f6e27114a60a0afdec40db1bf7f6da37b565745a (patch) | |
tree | 2465286baa3d77a51e27c2249db8d14f402b540f /net/core | |
parent | esp: Use a synchronous crypto algorithm on offloading. (diff) | |
download | linux-f6e27114a60a0afdec40db1bf7f6da37b565745a.tar.xz linux-f6e27114a60a0afdec40db1bf7f6da37b565745a.zip |
net: Add a xfrm validate function to validate_xmit_skb
When we do IPsec offloading, we need a fallback for
packets that were targeted to be IPsec offloaded but
rerouted to a device that does not support IPsec offload.
For that we add a function that checks the offloading
features of the sending device and and flags the
requirement of a fallback before it calls the IPsec
output function. The IPsec output function adds the IPsec
trailer and does encryption if needed.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/core')
-rw-r--r-- | net/core/dev.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/core/dev.c b/net/core/dev.c index ef9fe60ee294..5f0a864623e8 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -2972,6 +2972,9 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device __skb_linearize(skb)) goto out_kfree_skb; + if (validate_xmit_xfrm(skb, features)) + goto out_kfree_skb; + /* If packet is not checksummed and device does not * support checksumming for this protocol, complete * checksumming here. |