Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 807472,
    "url": "http://patchwork.ozlabs.org/api/patches/807472/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/1504081839-22019-1-git-send-email-yossiku@mellanox.com/",
    "project": {
        "id": 7,
        "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api",
        "name": "Linux network development",
        "link_name": "netdev",
        "list_id": "netdev.vger.kernel.org",
        "list_email": "netdev@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1504081839-22019-1-git-send-email-yossiku@mellanox.com>",
    "list_archive_url": null,
    "date": "2017-08-30T08:30:39",
    "name": "[net-next] xfrm: Add support for network devices capable of removing the ESP trailer",
    "commit_ref": null,
    "pull_url": null,
    "state": "awaiting-upstream",
    "archived": true,
    "hash": "3438041f6ab208fc95a02335cc4cbc243d3f0398",
    "submitter": {
        "id": 71818,
        "url": "http://patchwork.ozlabs.org/api/people/71818/?format=api",
        "name": "Yossi Kuperman",
        "email": "yossiku@mellanox.com"
    },
    "delegate": {
        "id": 34,
        "url": "http://patchwork.ozlabs.org/api/users/34/?format=api",
        "username": "davem",
        "first_name": "David",
        "last_name": "Miller",
        "email": "davem@davemloft.net"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/1504081839-22019-1-git-send-email-yossiku@mellanox.com/mbox/",
    "series": [
        {
            "id": 551,
            "url": "http://patchwork.ozlabs.org/api/series/551/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=551",
            "date": "2017-08-30T08:30:39",
            "name": "[net-next] xfrm: Add support for network devices capable of removing the ESP trailer",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/551/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/807472/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/807472/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<netdev-owner@vger.kernel.org>",
        "X-Original-To": "patchwork-incoming@ozlabs.org",
        "Delivered-To": "patchwork-incoming@ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
            "ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=Mellanox.com header.i=@Mellanox.com\n\theader.b=\"C9vnEtCX\"; dkim-atps=neutral",
            "spf=none (sender IP is )\n\tsmtp.mailfrom=yossiku@mellanox.com; "
        ],
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xhzHQ60vSz9t0M\n\tfor <patchwork-incoming@ozlabs.org>;\n\tWed, 30 Aug 2017 18:31:14 +1000 (AEST)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751816AbdH3IbD (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tWed, 30 Aug 2017 04:31:03 -0400",
            "from mail-eopbgr30079.outbound.protection.outlook.com\n\t([40.107.3.79]:60672\n\t\"EHLO EUR03-AM5-obe.outbound.protection.outlook.com\"\n\trhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP\n\tid S1751747AbdH3IbA (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tWed, 30 Aug 2017 04:31:00 -0400",
            "from dev-l-vrt-187.mtl.labs.mlnx (82.166.227.17) by\n\tAM4PR0501MB2273.eurprd05.prod.outlook.com (2603:10a6:200:53::10) with\n\tMicrosoft SMTP Server (version=TLS1_2,\n\tcipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1385.9;\n\tWed, 30 Aug 2017 08:30:55 +0000"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com;\n\ts=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;\n\tbh=/uoufj+tcP90CWpj3Sxe8kn86WRHwThxQ3c6cgTS8/o=;\n\tb=C9vnEtCXnq6DP5YRAfwOuoEmJ2C7+ZwtFzJRP+caZl360yypg3xb8UuRJb5v6K7GL4B9kzoSNh4Bn0w+IbBCElsbrYFO99LVPT6uzYQTAVsxS6vWCEB9u8OFv7iRzexSgtP1FKArkbNX7egpv6+t8bNnsue5TSEFyFtM33ofY6w=",
        "From": "yossiku@mellanox.com",
        "To": "Steffen Klassert <steffen.klassert@secunet.com>,\n\tHerbert Xu <herbert@gondor.apana.org.au>,\n\t\"David S. Miller\" <davem@davemloft.net>,\n\tAlexey Kuznetsov <kuznet@ms2.inr.ac.ru>,\n\tHideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,\n\tnetdev@vger.kernel.org, linux-kernel@vger.kernel.org",
        "Cc": "borisp@mellanox.com, kliteyn@mellanox.com,\n\tYossi Kuperman <yossiku@mellanox.com>",
        "Subject": "[PATCH net-next] xfrm: Add support for network devices capable of\n\tremoving the ESP trailer",
        "Date": "Wed, 30 Aug 2017 11:30:39 +0300",
        "Message-Id": "<1504081839-22019-1-git-send-email-yossiku@mellanox.com>",
        "X-Mailer": "git-send-email 2.8.1",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain",
        "X-Originating-IP": "[82.166.227.17]",
        "X-ClientProxiedBy": "AM5PR0602CA0012.eurprd06.prod.outlook.com\n\t(2603:10a6:203:a3::22) To AM4PR0501MB2273.eurprd05.prod.outlook.com\n\t(2603:10a6:200:53::10)",
        "X-MS-PublicTrafficType": "Email",
        "X-MS-Office365-Filtering-Correlation-Id": "aa6f7fbb-eeb4-4372-c3bb-08d4ef816f61",
        "X-MS-Office365-Filtering-HT": "Tenant",
        "X-Microsoft-Antispam": "UriScan:; BCL:0; PCL:0;\n\tRULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(48565401081)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);\n\tSRVR:AM4PR0501MB2273; ",
        "X-Microsoft-Exchange-Diagnostics": [
            "1; AM4PR0501MB2273;\n\t3:STRM62uW5t65MwK14DPNvra9Q04hzmv7ecnV7Ho5vpcX3fY7vRqEcquVX7YsUspDLVAjLP/aVj3Wd72ZCSvz37ALbeKZ3OQnOMiadbiu1xWBbKwY81G7UTluvl6uAjJacbb+JfcDAsjnIwx5lKp5fDI8aPH//l70/ZB9LNihT6sCgd7JT21Gkb6cqMmRqBsamfEd3SO19SCufxnfWbd3cXZW5k8w9cK/JMmQonh+6/rce6AHSYl7FGMHSlJiL+PN;\n\t25:PlgLTbNUoKocs47oxRFsUI0LZfCPXAKQplS+GsPFRb2hYFyRRk6RooUTu1TdPBYDUSn/R8COOUFRJ6X7goNZ68eiG8LLu8TxMqmB7IDYIJ+yBTWnJF6POtoq/YA1bO+GQPAtlzoIS911ndBDizIVzYtbBKYyXOGRGVKRfh3Hu4K2s109nyRpAp+T6BjRIOzemeB3LOQksIb5s55PRC27iPb1rUP88UiACd0j1OjIKYPrJds4VwJZlTkyrKI5nLGgdag5VGOEWzt6S9S4dWxFWlr5xzqj3gW0QciRWaZpBN4grHQIXqIBYJc4T4WPL+oDEmrVkoiIsQ7Iip3OomCVtQ==;\n\t31:lhP4MT4LwUueTJz+/HeBRV9vCEwyEKdIejtfdNepSttZ6kcqVQTHNuxKN3IroxPBbrx7YusItr+iFe2DNU8S0EwQq/TZcju3CcGe2on4iuwSP3Nl2E6gap6ErPiQM/s9/LdDIlUlLkhcnhcfmvXlwbTBleECWeXfOpruae6mPZrlcCceUroyD2TIjfnqO/YJ0jlJce8dmwYN5ICjPcwLzyvYbps1ksbTjM8hn91W+r0=",
            "1; AM4PR0501MB2273;\n\t20:ato7UDfm+Hyih4BHr53yRtE+D0iq6lvxeD/eGEeFA6QvOq3RAwRkwxubHZBz6O/qEp7WGBZ5rRNLErla5ddW2qEK1ByRWwFABKoKdmE3e7uwGE9mPGsMUA1zZVQdp9we9Gl0gKW2RtAEqrMaG2u1g6EejZ/zrYxkvVhv9PIG0javBC24cOffkC0LbXGruykkOLP17HnOnfXIdzmtRM6eyVwhSwb6b7jf1FvdQp+bMCirXQ2YjwwdqrEAv5cahLvN/7ojM9HFK9Gqhv5PueRxapQu5EOanUHklcZAfVfw86BG0MxYspYFT2vnf1GvwvPWURvtWvoyFVp6MeYRl1AM4FiCIvAq657cbnwO7+Xwo1xIQoSjf41KYTJ1rrmRbz3VX0RneKYzRU0KmkKplP/DRyVqsDFIzQTwv1JtkbLgUeImTo8932Tc1v2DjA7j03p5HRzU4YsehjZUE7RattuK5SCa9vKggLTm3PMgVjD66tXmnI+ngm8GNqpnh4eIIn93;\n\t4:QDQ952W918Z1S8S1fENWdgP2NJQBgxnIeimICIelal50pXWxQegCDejwD3V428tj88+ZH9a9Vpu2mDxClTWhH963VN/4NcuI5mjlaYVzLieGybgWBSW4XIQKB5wqEaWo5J5Qf1U8sWDESE4ahB0C7ABXJDWmhCKUDIkb4Pbt6q1SZbBzxbdAOfUptQdkePpScarY5Offs2ZGCqICE3cFepGNDHzzrcEAGUPu5EfK81xODFMNhP0zYYP3a8xquyF1fido8NBzxN73vQ91F2VrsmFuVoW4e0mSH5D6CtNybHjXqcPe9fEVU5R489x7YMBimSIZ+PTNVAGZy1pgperlEQ==",
            "1; AM4PR0501MB2273;\n\t23:1K/mWZkQHH2kHV6KAaTmnwPNfkbyZc8+Y7zxFVkW05RR8vNIlGtGqkg3f/9ejKncPy4Wj4EdoQWa6mj5KNgl9oypOCAuJ16aVjtR3M0Bam84iim/ODdyZ47IP+2ymdPTPfzbXh00Ppec6TQXsIPpnv/KJS2uLju+NkXp4fNlpH1HfYAZqvR0krvcimFo1VeXTxUgv2kJVNLn6AFuEix7OuiKUhCBCsPzipDIFHmh2TmxjrJ/ce6YXlBxUVvbq87l77HkMTw37ZC1fkl67pHMTnyM+7hJf35Sbj1zbyYcaN/QAZ8yl301w2r1UpWshGe4IEr/AVh9BkOxYbc7NDCjgInGH5NW3G0TIcX7jw47rdnEpOgt/pXUBbfOxwzWXXhQ8cSOsIyBRKfvzcPyipdKFvPGfRNo9DK8sAwou/sxiyYd8/moCgNHD3mO5yrbrpB4FbROb6U+3mc0MZzM8SBO4szPhQlw8DR7nluB89+8JcAM0pSm7/O4ySR66El4Mag6+CPziPZcItPdrjE0Gnsgh60U88mbqMKJyn0h+dPdPXKSQeBtdl6RJ16wxLwBHTkhaFL6E8br/UEkMGtUid1JGPv/Lh7ZtI31g2lwyvDB6uloKYjftCVMkNJlJHFgnT5M1djWVVYVuB9vVktnkFOzW29zokmsjbMBaqsfJ3pGaibVO91rtdZHqsbQi+LVt/SPdkJQpNtZjgfoHQbsMVFIi5WvwVRtGQMAto4XY16a4o5nD315GkIny2CynYE/LXYeXPX23G8ecGgyenvA/Iig0AI6yV2TDGL229JBVA+gZp/QUUFwOFGkn8WS/3F9S+KoGTTzjUuC+4JjnGdYnX9Obm6BZQDDIFuMPCaJEz35LOnf/ueJsYo8Jppd52smzAvp/5tICcEsMgCZjXf2OPPA96s7DiCEOW1RfAam6HxcdlhD5MykxE8wLjvj51HILF7yaAb06m8Fw/VwZbPWb3KMPckOrwhHLrKpO2jxclOmdsVxvUiYcRi/zNuCP3txvh+eCBIxtLFxJTZj3wJ6iSO2ogjtgBRLxkxC96udO5T1tlPXBuJMEsfh5yiWgc2XT+dWzto73E/1ZNccM97nwPJ3oA==",
            "1; AM4PR0501MB2273;\n\t6:BbCm/h1KYXZqyog2phs6WND6nk6oAr1wlA7sssdVf/3RKLK/BwXWwl+0W2gjGM9GZqRG7wk1K4xPE/QYHg7L2tPsXP9qdVrM2u5iGja43NFID374n6RwDcTObwkSjVwI9JfzjWydYw7Tkqy0RprmJmOcb/YxMaU794SDajxNeU5sSkjZgsJtr0lpdMgGhv2bbNyaMcyqyIGOlghkKzKN+kT6eqSqnGDrOUTOel3hToEcFgPo5tpdNNqkHtw4HlUCnaTjF9YA4FtxOP10iHQ/BfVGVm4xZ4HEorsA04zykS30WlUPcp3Y9yjqaYS4vJNYGyvzXWxCLgEHmgkNwVPpWQ==;\n\t5:1G431J6C/aLTarKWaDZE0EY4ea/2m4wzGOxc3y9kaq3AN+aXOREt05LnHInlnEy1c863msiYZXHbfymfydZNl+6n6uYDgNjxlRcod5qXPWz6uD+MdPLXM6hI49ear3uaXecU2vjdg7aC5DtIwju7Qw==;\n\t24:nVR5uLvIXyJ/zlwSEUlDkoEFUojXuQGr1wqtDDOqnnfsND2NzxDFYmuX9tI6JhJgt6yMrrW9DKwmSvUPj4tFRY3eJ9/I0yIN2SmUiLJzuwA=;\n\t7:J7lvqwCTm8RNPiitlHZqPlX2mL62qHoUPSAF2KxTRR9E6zVZptbPVjDTw0i7qHUwqnadHmOWmf4XHqW3anNXcyWdnz8SrOs0+PCO6TeiIpzyQFYRUblMvLBNHAnwRPpPtWb5nHiaDkdVkP0P98NOX01Ua42BbhejThXawM0Z4Hrt1YbhfMMFRub8yMeiIgrKFmhgM48CmyLe16jTAeq992ipTVeSQDg+cjGfkg6EUdk="
        ],
        "X-MS-TrafficTypeDiagnostic": "AM4PR0501MB2273:",
        "X-Exchange-Antispam-Report-Test": "UriScan:(9452136761055)(278021516957215);",
        "X-Microsoft-Antispam-PRVS": "<AM4PR0501MB227308E67A6F5A234CF63C85C49C0@AM4PR0501MB2273.eurprd05.prod.outlook.com>",
        "X-Exchange-Antispam-Report-CFA-Test": "BCL:0; PCL:0;\n\tRULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123558100)(20161123560025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);\n\tSRVR:AM4PR0501MB2273; BCL:0; PCL:0;\n\tRULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);\n\tSRVR:AM4PR0501MB2273; ",
        "X-Forefront-PRVS": "041517DFAB",
        "X-Forefront-Antispam-Report": "SFV:NSPM;\n\tSFS:(10009020)(7370300001)(4630300001)(6009001)(189002)(199003)(105586002)(33646002)(50986999)(47776003)(101416001)(4326008)(25786009)(106356001)(3846002)(6116002)(42186005)(50466002)(48376002)(81166006)(8676002)(53936002)(9686003)(50226002)(478600001)(81156014)(6306002)(6486002)(6666003)(97736004)(68736007)(6512007)(5003940100001)(305945005)(7736002)(7350300001)(2906002)(107886003)(189998001)(66066001)(966005)(36756003)(86362001)(85782001)(5660300001)(85772001);\n\tDIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0501MB2273;\n\tH:dev-l-vrt-187.mtl.labs.mlnx; FPR:; SPF:None;\n\tPTR:InfoNoRecords; MX:1; A:1; LANG:en; ",
        "Received-SPF": "None (protection.outlook.com: mellanox.com does not designate\n\tpermitted sender hosts)",
        "SpamDiagnosticOutput": "1:99",
        "SpamDiagnosticMetadata": "NSPM",
        "X-OriginatorOrg": "Mellanox.com",
        "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "30 Aug 2017 08:30:55.4736\n\t(UTC)",
        "X-MS-Exchange-CrossTenant-FromEntityHeader": "Hosted",
        "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "AM4PR0501MB2273",
        "Sender": "netdev-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netdev.vger.kernel.org>",
        "X-Mailing-List": "netdev@vger.kernel.org"
    },
    "content": "From: Yossi Kuperman <yossiku@mellanox.com>\n\nIn conjunction with crypto offload [1], removing the ESP trailer by\nhardware can potentially improve the performance by avoiding (1) a\ncache miss incurred by reading the nexthdr field and (2) the necessity\nto calculate the csum value of the trailer in order to keep skb->csum\nvalid.\n\nThis patch introduces the changes to the xfrm stack and merely serves\nas an infrastructure. Subsequent patch to mlx5 driver will put this to\na good use.\n\n[1] https://www.mail-archive.com/netdev@vger.kernel.org/msg175733.html\n\nSigned-off-by: Yossi Kuperman <yossiku@mellanox.com>\n---\n include/net/xfrm.h    |  1 +\n net/ipv4/esp4.c       | 70 ++++++++++++++++++++++++++++++++++-----------------\n net/ipv6/esp6.c       | 51 ++++++++++++++++++++++++++-----------\n net/xfrm/xfrm_input.c |  5 ++++\n 4 files changed, 89 insertions(+), 38 deletions(-)",
    "diff": "diff --git a/include/net/xfrm.h b/include/net/xfrm.h\nindex 9c7b70c..f002a2c 100644\n--- a/include/net/xfrm.h\n+++ b/include/net/xfrm.h\n@@ -1019,6 +1019,7 @@ struct xfrm_offload {\n #define\tCRYPTO_FALLBACK\t\t8\n #define\tXFRM_GSO_SEGMENT\t16\n #define\tXFRM_GRO\t\t32\n+#define\tXFRM_ESP_NO_TRAILER\t64\n \n \t__u32\t\t\tstatus;\n #define CRYPTO_SUCCESS\t\t\t\t1\ndiff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c\nindex 741acd7..3190005 100644\n--- a/net/ipv4/esp4.c\n+++ b/net/ipv4/esp4.c\n@@ -499,19 +499,59 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)\n \treturn esp_output_tail(x, skb, &esp);\n }\n \n+static inline int esp_remove_trailer(struct sk_buff *skb)\n+{\n+\tstruct xfrm_state *x = xfrm_input_state(skb);\n+\tstruct xfrm_offload *xo = xfrm_offload(skb);\n+\tstruct crypto_aead *aead = x->data;\n+\tint alen, hlen, elen;\n+\tint padlen, trimlen;\n+\t__wsum csumdiff;\n+\tu8 nexthdr[2];\n+\tint ret;\n+\n+\talen = crypto_aead_authsize(aead);\n+\thlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);\n+\telen = skb->len - hlen;\n+\n+\tif (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {\n+\t\tret = xo->proto;\n+\t\tgoto out;\n+\t}\n+\n+\tif (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))\n+\t\tBUG();\n+\n+\tret = -EINVAL;\n+\tpadlen = nexthdr[0];\n+\tif (padlen + 2 + alen >= elen) {\n+\t\tnet_dbg_ratelimited(\"ipsec esp packet is garbage padlen=%d, elen=%d\\n\",\n+\t\t\t\t    padlen + 2, elen - alen);\n+\t\tgoto out;\n+\t}\n+\n+\ttrimlen = alen + padlen + 2;\n+\tif (skb->ip_summed == CHECKSUM_COMPLETE) {\n+\t\tcsumdiff = skb_checksum(skb, skb->len - trimlen, trimlen, 0);\n+\t\tskb->csum = csum_block_sub(skb->csum, csumdiff,\n+\t\t\t\t\t   skb->len - trimlen);\n+\t}\n+\tpskb_trim(skb, skb->len - trimlen);\n+\n+\tret = nexthdr[1];\n+\n+out:\n+\treturn ret;\n+}\n+\n int esp_input_done2(struct sk_buff *skb, int err)\n {\n \tconst struct iphdr *iph;\n \tstruct xfrm_state *x = xfrm_input_state(skb);\n \tstruct xfrm_offload *xo = xfrm_offload(skb);\n \tstruct crypto_aead *aead = x->data;\n-\tint alen = crypto_aead_authsize(aead);\n \tint hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);\n-\tint elen = skb->len - hlen;\n \tint ihl;\n-\tu8 nexthdr[2];\n-\tint padlen, trimlen;\n-\t__wsum csumdiff;\n \n \tif (!xo || (xo && !(xo->flags & CRYPTO_DONE)))\n \t\tkfree(ESP_SKB_CB(skb)->tmp);\n@@ -519,16 +559,10 @@ int esp_input_done2(struct sk_buff *skb, int err)\n \tif (unlikely(err))\n \t\tgoto out;\n \n-\tif (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))\n-\t\tBUG();\n-\n-\terr = -EINVAL;\n-\tpadlen = nexthdr[0];\n-\tif (padlen + 2 + alen >= elen)\n+\terr = esp_remove_trailer(skb);\n+\tif (unlikely(err < 0))\n \t\tgoto out;\n \n-\t/* ... check padding bits here. Silly. :-) */\n-\n \tiph = ip_hdr(skb);\n \tihl = iph->ihl * 4;\n \n@@ -569,22 +603,12 @@ int esp_input_done2(struct sk_buff *skb, int err)\n \t\t\tskb->ip_summed = CHECKSUM_UNNECESSARY;\n \t}\n \n-\ttrimlen = alen + padlen + 2;\n-\tif (skb->ip_summed == CHECKSUM_COMPLETE) {\n-\t\tcsumdiff = skb_checksum(skb, skb->len - trimlen, trimlen, 0);\n-\t\tskb->csum = csum_block_sub(skb->csum, csumdiff,\n-\t\t\t\t\t   skb->len - trimlen);\n-\t}\n-\tpskb_trim(skb, skb->len - trimlen);\n-\n \tskb_pull_rcsum(skb, hlen);\n \tif (x->props.mode == XFRM_MODE_TUNNEL)\n \t\tskb_reset_transport_header(skb);\n \telse\n \t\tskb_set_transport_header(skb, -ihl);\n \n-\terr = nexthdr[1];\n-\n \t/* RFC4303: Drop dummy packets without any error */\n \tif (err == IPPROTO_NONE)\n \t\terr = -EINVAL;\ndiff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c\nindex 74bde20..7fb41b0 100644\n--- a/net/ipv6/esp6.c\n+++ b/net/ipv6/esp6.c\n@@ -461,29 +461,30 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)\n \treturn esp6_output_tail(x, skb, &esp);\n }\n \n-int esp6_input_done2(struct sk_buff *skb, int err)\n+static inline int esp_remove_trailer(struct sk_buff *skb)\n {\n \tstruct xfrm_state *x = xfrm_input_state(skb);\n \tstruct xfrm_offload *xo = xfrm_offload(skb);\n \tstruct crypto_aead *aead = x->data;\n-\tint alen = crypto_aead_authsize(aead);\n-\tint hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);\n-\tint elen = skb->len - hlen;\n-\tint hdr_len = skb_network_header_len(skb);\n+\tint alen, hlen, elen;\n \tint padlen, trimlen;\n \t__wsum csumdiff;\n \tu8 nexthdr[2];\n+\tint ret;\n \n-\tif (!xo || (xo && !(xo->flags & CRYPTO_DONE)))\n-\t\tkfree(ESP_SKB_CB(skb)->tmp);\n+\talen = crypto_aead_authsize(aead);\n+\thlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);\n+\telen = skb->len - hlen;\n \n-\tif (unlikely(err))\n+\tif (xo && (xo->flags & XFRM_ESP_NO_TRAILER)) {\n+\t\tret = xo->proto;\n \t\tgoto out;\n+\t}\n \n \tif (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))\n \t\tBUG();\n \n-\terr = -EINVAL;\n+\tret = -EINVAL;\n \tpadlen = nexthdr[0];\n \tif (padlen + 2 + alen >= elen) {\n \t\tnet_dbg_ratelimited(\"ipsec esp packet is garbage padlen=%d, elen=%d\\n\",\n@@ -491,26 +492,46 @@ int esp6_input_done2(struct sk_buff *skb, int err)\n \t\tgoto out;\n \t}\n \n-\t/* ... check padding bits here. Silly. :-) */\n-\n \ttrimlen = alen + padlen + 2;\n \tif (skb->ip_summed == CHECKSUM_COMPLETE) {\n-\t\tskb_postpull_rcsum(skb, skb_network_header(skb),\n-\t\t\t\t   skb_network_header_len(skb));\n \t\tcsumdiff = skb_checksum(skb, skb->len - trimlen, trimlen, 0);\n \t\tskb->csum = csum_block_sub(skb->csum, csumdiff,\n \t\t\t\t\t   skb->len - trimlen);\n \t}\n \tpskb_trim(skb, skb->len - trimlen);\n \n+\tret = nexthdr[1];\n+\n+out:\n+\treturn ret;\n+}\n+\n+int esp6_input_done2(struct sk_buff *skb, int err)\n+{\n+\tstruct xfrm_state *x = xfrm_input_state(skb);\n+\tstruct xfrm_offload *xo = xfrm_offload(skb);\n+\tstruct crypto_aead *aead = x->data;\n+\tint hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);\n+\tint hdr_len = skb_network_header_len(skb);\n+\n+\tif (!xo || (xo && !(xo->flags & CRYPTO_DONE)))\n+\t\tkfree(ESP_SKB_CB(skb)->tmp);\n+\n+\tif (unlikely(err))\n+\t\tgoto out;\n+\n+\terr = esp_remove_trailer(skb);\n+\tif (unlikely(err < 0))\n+\t\tgoto out;\n+\n+\tskb_postpull_rcsum(skb, skb_network_header(skb),\n+\t\t\t   skb_network_header_len(skb));\n \tskb_pull_rcsum(skb, hlen);\n \tif (x->props.mode == XFRM_MODE_TUNNEL)\n \t\tskb_reset_transport_header(skb);\n \telse\n \t\tskb_set_transport_header(skb, -hdr_len);\n \n-\terr = nexthdr[1];\n-\n \t/* RFC4303: Drop dummy packets without any error */\n \tif (err == IPPROTO_NONE)\n \t\terr = -EINVAL;\ndiff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c\nindex f07eec5..2515cd2 100644\n--- a/net/xfrm/xfrm_input.c\n+++ b/net/xfrm/xfrm_input.c\n@@ -247,6 +247,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)\n \t\t\t\t\tgoto drop;\n \t\t\t\t}\n \n+\t\t\t\tif (xo->status & CRYPTO_INVALID_PROTOCOL) {\n+\t\t\t\t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);\n+\t\t\t\t\tgoto drop;\n+\t\t\t\t}\n+\n \t\t\t\tXFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);\n \t\t\t\tgoto drop;\n \t\t\t}\n",
    "prefixes": [
        "net-next"
    ]
}