xfrm: Fix GSO for IPsec with GRE tunnel.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We reset the encapsulation field of the skb too early
in xfrm_output. As a result, the GRE GSO handler does
not segment the packets. This leads to a performance
drop down. We fix this by resetting the encapsulation
field right before we do the transformation, when
the inner headers become invalid.

Fixes: f1bd7d659ef0 ("xfrm: Add encapsulation header offsets while SKB is not encrypted")
Reported-by: Vicente De Luca <vdeluca@zendesk.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Steffen Klassert 8 years ago 73b9fc49 2b06cdf3

+3 -1

1 changed file

expand all

net

xfrm

xfrm_output.c

+3 -1

net/xfrm/xfrm_output.c

··· 105 105 if (xfrm_offload(skb)) { 106 106 x->type_offload->encap(x, skb); 107 107 } else { 108 + /* Inner headers are invalid now. */ 109 + skb->encapsulation = 0; 110 + 108 111 err = x->type->output(x, skb); 109 112 if (err == -EINPROGRESS) 110 113 goto out; ··· 211 208 int err; 212 209 213 210 secpath_reset(skb); 214 - skb->encapsulation = 0; 215 211 216 212 if (xfrm_dev_offload_ok(skb, x)) { 217 213 struct sec_path *sp;