[][openwrt][mt7988][crypto][Remove is_tcp condition for IPSec binding]
[Description]
Remove is_tcp condition for IPSec binding.
Since EIP197 cannot handle fragment and reassembly, we don't bind UDP
sessions in mtk_xfrm_offload_ok().
However, those packets which need fragment after encryption will go to
software path. We can assume that all packets reach
mtk_xfrm_offload_ok() don't fragment, and we can set related hnat entry
to bind.
[Release-log]
N/A
Change-Id: I98f9c390582f3c6bff487dc2e3d52a9687f23f46
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/10639322
diff --git a/feed/kernel/crypto-eip/src/xfrm-offload.c b/feed/kernel/crypto-eip/src/xfrm-offload.c
index 09127c6..3c278ab 100644
--- a/feed/kernel/crypto-eip/src/xfrm-offload.c
+++ b/feed/kernel/crypto-eip/src/xfrm-offload.c
@@ -43,15 +43,6 @@
ip_hdr(skb)->protocol == IPPROTO_GRE);
}
-static inline bool is_tcp(struct sk_buff *skb)
-{
- if (ntohs(skb->protocol) == ETH_P_IP)
- return ip_hdr(skb)->protocol == IPPROTO_TCP;
- if (ntohs(skb->protocol) == ETH_P_IPV6)
- return ipv6_hdr(skb)->nexthdr == IPPROTO_TCP;
- return false;
-}
-
static inline bool is_hnat_rate_reach(struct sk_buff *skb)
{
return is_magic_tag_valid(skb) && (skb_hnat_reason(skb) == HIT_UNBIND_RATE_REACH);
@@ -484,12 +475,8 @@
#if IS_ENABLED(CONFIG_NET_MEDIATEK_HNAT)
skb_hnat_cdrt(skb) = xfrm_params->cdrt->idx;
- /*
- * EIP197 does not support fragmentation. As a result, we can not bind UDP
- * flow since it may cause network fail due to fragmentation
- */
- if (ra_sw_nat_hook_tx &&
- ((is_tops_tunnel(skb) || is_tcp(skb)) && is_hnat_rate_reach(skb)))
+
+ if (ra_sw_nat_hook_tx && is_hnat_rate_reach(skb))
hnat_bind_crypto_entry(skb, dst->dev, fill_inner_info);
/* Set magic tag for tport setting, reset to 0 after tport is set */