On Mon, Jan 14, 2019 at 08:47:37AM +0000, Raed Salem wrote: > > -----Original Message----- > > From: Steffen Klassert [mailto:steffen.klass...@secunet.com] > > > > I'm thinking about removing the no_policy flag from the IPsec protocols to > > actually do the inbound policy check for these protocols too, but have to > > make sure that this has no side effects first. > > > > For HW offload, we should either refuse to do it if GRO is disabled, or to > > do > > the inbound policy check against the inner headers (they are valid in this > > case). > thanks a lot for your valued comments, > once the decision is made about the no_policy flag with IPsec including the > desired behavior > when HW offload present will may need to tweak the patch or discard it > altogether, > is this change is expected to be implemented anytime soon ?
I do it as soon as I know that I don't introduce some other bug with this. It is on my todo list, should not take for too long.
