Add inner_ipproto into sec_path
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-bluefield (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Bodong Wang |
Bug Description
* Explain the bug(s)
The inner_ipproto saves the inner IP protocol of the plain
text packet. This allows vendor's IPsec feature making offload
decision at skb's features_check and configuring hardware at
ndo_start_xmit.
For example, ConnectX6-DX IPsec device needs the plaintext's
IP protocol to support partial checksum offload on
VXLAN/GENEVE packet over IPsec transport mode tunnel
* Brief explanation of fixes
As this data unrelated to the specific driver (the inner ip protocol of the plain text) then
it makes sense to provide it in the xfrm stack layer to avoid code duplication in various drivers
and do it on the fly in the xfrm layer instead of reparse the packet at the driver layer.
* How to test
Need to make sure that the code compiles post this change, run TCP encapsulated traffic (for example using vxlan) when IPSec crypto offload with transport mode is configured
* What it could break.
NA, this function adds data to a new field introduced to struct xfrm_offload, so if not used it have no effect and it is assigned in stack and used in driver so if driver does not used it then no effect.
CVE References
Changed in linux-bluefield (Ubuntu Focal): | |
assignee: | nobody → Bodong Wang (bodong-wang) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux-bluefield (Ubuntu): | |
status: | New → Invalid |
Changed in linux-bluefield (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
This bug is awaiting verification that the linux-bluefield /5.4.0- 1029.32 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!