commit | 9bbcdd49f8154fb4d26651a2882165c8ac5a1f79 | [log] [tgz] |
---|---|---|
author | developer <developer@mediatek.com> | Thu Sep 07 23:36:01 2023 +0800 |
committer | developer <developer@mediatek.com> | Fri Sep 08 10:05:33 2023 +0800 |
tree | ed844e37ac9ab7b648fb9e62b917dbd5d4050d0f | |
parent | 22ed7c71e31285728cf91e58486c107dd4315725 [diff] |
[][openwrt][mt7988][tops][Fix TCP not binding over L2TP/IPSec] [Description] Fix TCP not binding over L2TP/IPSec tunnel in encap flow. Previous patches prevent UDP flow from binding but accidently prevent TCP from binding over L2TP/IPSec. [Release-log] N/A Change-Id: I7352a049c0bad11f4a31ced694ace92c99929d3c Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/7983501
diff --git a/package-21.02/kernel/crypto-eip/src/xfrm-offload.c b/package-21.02/kernel/crypto-eip/src/xfrm-offload.c index 1f29dd0..0119b0a 100644 --- a/package-21.02/kernel/crypto-eip/src/xfrm-offload.c +++ b/package-21.02/kernel/crypto-eip/src/xfrm-offload.c
@@ -286,8 +286,9 @@ * EIP197 does not support fragmentation. As a result, we can not bind UDP * flow since it may cause network fail due to fragmentation */ - if (ntohs(skb->protocol) != ETH_P_IP - || ip_hdr(skb)->protocol != IPPROTO_TCP) { + if (!skb_hnat_tops(skb) + && (ntohs(skb->protocol) != ETH_P_IP + || ip_hdr(skb)->protocol != IPPROTO_TCP)) { skb_hnat_alg(skb) = 1; return false; }