xfrm: Allow UDP encapsulation in crypto offload control path

Unblock this limitation so that SAs with encapsulation specified
can be passed to HW drivers. HW drivers can still reject the SA
in their implementation of xdo_dev_state_add if the encapsulation
is not supported.

Test: Verified on Android device
Signed-off-by: Mike Yu <yumike@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 2455a76a1cffb4560f7fba34bdd2de03a492fb35..9a44d363ba6205621d6dc30359df90ed04c0575b 100644 (file)
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -261,9 +261,9 @@ int xfrm_dev_state_add(struct net *net, struct xfrm_state *x,
 
        is_packet_offload = xuo->flags & XFRM_OFFLOAD_PACKET;
 
-       /* We don't yet support UDP encapsulation and TFC padding. */
-       if ((!is_packet_offload && x->encap) || x->tfcpad) {
-               NL_SET_ERR_MSG(extack, "Encapsulation and TFC padding can't be offloaded");
+       /* We don't yet support TFC padding. */
+       if (x->tfcpad) {
+               NL_SET_ERR_MSG(extack, "TFC padding can't be offloaded");
                return -EINVAL;
        }