[PATCH net] xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto

From: Yossi Kuperman Artem Savkov reported that commit 5efec5c655dd leads to a packet loss under IPSec configuration. It appears that his setup consists of a TUN device, which does not have a MAC header. Make sure MAC header exists. Note: TUN device sets a MAC header

[PATCH net] xfrm: Fix eth_hdr(skb)->h_proto to reflect inner IP version

From: Yossi Kuperman IPSec tunnel mode supports encapsulation of IPv4 over IPv6 and vice-versa. The outer IP header is stripped and the inner IP inherits the original Ethernet header. Tcpdump fails to properly decode the inner packet in case that h_proto is different than

[PATCH net] xfrm: Add SA to hardware at the end of xfrm_state_construct()

From: Yossi Kuperman Current code configures the hardware with a new SA before the state has been fully initialized. During this time interval, an incoming ESP packet can cause a crash due to a NULL dereference. More specifically, xfrm_input() considers the packet as valid,

[PATCH net-next] xfrm: Add support for network devices capable of removing the ESP trailer

From: Yossi Kuperman In conjunction with crypto offload [1], removing the ESP trailer by hardware can potentially improve the performance by avoiding (1) a cache miss incurred by reading the nexthdr field and (2) the necessity to calculate the csum value of the trailer in

[PATCH net v2 1/2] xfrm6: Fix IPv6 payload_len in xfrm6_transport_finish

From: Yossi Kuperman IPv6 payload length indicates the size of the payload, including any extension headers. In xfrm6_transport_finish, ipv6_hdr(skb)->payload_len is set to the payload size only, regardless of the presence of any extension headers. After ESP GRO transport

[PATCH net v2 2/2] esp6_offload: Fix IP6CB(skb)->nhoff for ESP GRO

From: Yossi Kuperman IP6CB(skb)->nhoff is the offset of the nexthdr field in an IPv6 header, unless there are extension headers present, in which case nhoff points to the nexthdr field of the last extension header. In non-GRO code path, nhoff is set by ipv6_rcv before any

[PATCH net 2/2] esp6_offload: Fix IP6CB(skb)->nhoff for ESP GRO

From: Yossi Kuperman IP6CB(skb)->nhoff is the offset of the nexthdr field in an IPv6 header, unless there are extension headers present, in which case nhoff points to the nexthdr field of the last extension header. In non-GRO code path, nhoff is set by ipv6_rcv before any

[PATCH net 1/2] xfrm6: Fix IPv6 payload_len in xfrm6_transport_finish

From: Yossi Kuperman IPv6 payload length indicates the size of the payload, including any extension headers. In xfrm6_transport_finish, ipv6_hdr(skb)->payload_len is set to the payload size only, regardless of the presence of any extension headers. After ESP GRO transport