xfrm: Support crypto offload for inbound IPv4 UDP-encapsulated ESP packet

If xfrm_input() is called with UDP_ENCAP_ESPINUDP, the packet is
already processed in UDP layer that removes the UDP header.
Therefore, there should be no much difference to treat it as an
ESP packet in the XFRM stack.

Test: Enabled dir=in IPsec crypto offload, and verified IPv4
      UDP-encapsulated ESP packets on both wifi/cellular network
Signed-off-by: Mike Yu <yumike@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index ba8deb0235ba691f91adcc9c4bb2c1f13ee470b0..7cee9c0a2cdce604006b4428a938a59fa6ffb3df 100644 (file)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -471,7 +471,8 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
        struct xfrm_offload *xo = xfrm_offload(skb);
        struct sec_path *sp;
 
-       if (encap_type < 0 || (xo && (xo->flags & XFRM_GRO || encap_type == 0))) {
+       if (encap_type < 0 || (xo && (xo->flags & XFRM_GRO || encap_type == 0 ||
+                                     encap_type == UDP_ENCAP_ESPINUDP))) {
                x = xfrm_input_state(skb);
 
                if (unlikely(x->dir && x->dir != XFRM_SA_DIR_IN)) {