[][openwrt][mt7988][crypto][prevent hnat bind UDP flow] [Description] Change HNAT binding flow. HNAT will not bind UDP encrypted flow since EIP197 HW does not support fragmentation. If we bind UDP flow to encryption, it will possibly cause network fail due to fragmentation. [Release-log] N/A Change-Id: I421b20e39ccbc91b805ce2977fa662a121a0db4b Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/7962051

commit: 52e00b7cc3c2c38fb109305448f82fe63fe3b7a7 [log] [tgz]
author: developer <developer@mediatek.com> Mon Sep 04 11:13:18 2023 +0800
committer: developer <developer@mediatek.com> Tue Sep 05 11:15:35 2023 +0800
tree: 4272f6d786f181365bddc77223cb10872b8abee8
parent: b6fe9f118c6e4588820fdcf06e2f3e9eba4f3c88 [diff]
diff --git a/package-21.02/kernel/crypto-eip/src/xfrm-offload.c b/package-21.02/kernel/crypto-eip/src/xfrm-offload.c
index 9e101e8..1f29dd0 100644
--- a/package-21.02/kernel/crypto-eip/src/xfrm-offload.c
+++ b/package-21.02/kernel/crypto-eip/src/xfrm-offload.c

@@ -282,6 +282,16 @@
 {
 	struct mtk_xfrm_params *xfrm_params;
 
+	/*
+	 * EIP197 does not support fragmentation. As a result, we can not bind UDP
+	 * flow since it may cause network fail due to fragmentation
+	 */
+	if (ntohs(skb->protocol) != ETH_P_IP
+	    || ip_hdr(skb)->protocol != IPPROTO_TCP) {
+		skb_hnat_alg(skb) = 1;
+		return false;
+	}
+
 	xfrm_params = (struct mtk_xfrm_params *)xs->xso.offload_handle;
 	skb_hnat_cdrt(skb) = xfrm_params->cdrt->idx;
commit	52e00b7cc3c2c38fb109305448f82fe63fe3b7a7	[log] [tgz]
author	developer <developer@mediatek.com>	Mon Sep 04 11:13:18 2023 +0800
committer	developer <developer@mediatek.com>	Tue Sep 05 11:15:35 2023 +0800
tree	4272f6d786f181365bddc77223cb10872b8abee8
parent	b6fe9f118c6e4588820fdcf06e2f3e9eba4f3c88 [diff]