Message ID | 1511862571-3494-2-git-send-email-yossefe@mellanox.com |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
Series | [net-next,1/3] xfrm: Fix xfrm_replay_overflow_offload_esn | expand |
On Tue, Nov 28, 2017 at 11:49:29AM +0200, yossefe@mellanox.com wrote: > From: Yossef Efraim <yossefe@mellanox.com> > > xfrm_dev_state_add function returns success for unsupported HW SA options. > Resulting the calling function to create SW SA without corrlating HW SA. > Desipte IPSec device offloading option was chosen. > These not supported HW SA options are hard coded within xfrm_dev_state_add > function. > SW backward compatibility will break if we add any of these option as old > HW will fail with new SW. > > This patch changes the behaviour to return -EINVAL in case unsupported > option is chosen. > Notifying user application regarding failure and not breaking backward > compatibility for newly added HW SA options. > > Signed-off-by: Yossef Efraim <yossefe@mellanox.com> Also applied to ipsec-next, thanks a lot!
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c index 30e5746..dc68d9c 100644 --- a/net/xfrm/xfrm_device.c +++ b/net/xfrm/xfrm_device.c @@ -67,7 +67,7 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x, /* We don't yet support UDP encapsulation, TFC padding and ESN. */ if (x->encap || x->tfcpad || (x->props.flags & XFRM_STATE_ESN)) - return 0; + return -EINVAL; dev = dev_get_by_index(net, xuo->ifindex); if (!dev) {