With NETIF_F_HW_TLS_TX packets are encrypted in HW. This cannot be
logically done when HW_CSUM offload is off.
Fixes: 2342a8512a1e ("net: Add TLS TX offload features")
Signed-off-by: Tariq Toukan <tar...@nvidia.com>
Reviewed-by: Boris Pismenny <bor...@nvidia.com>
---
Documentation/networking/tls-offload.rst | 4 ++++
net/core/dev.c | 5 +++++
2 files changed, 9 insertions(+)
Hi,
Please queue to -stable >= v4.18.
Thanks.
v2:
- Documented the change in tls-offload.rst.
diff --git a/Documentation/networking/tls-offload.rst
b/Documentation/networking/tls-offload.rst
index 37773da2bee5..f315feae3a65 100644
--- a/Documentation/networking/tls-offload.rst
+++ b/Documentation/networking/tls-offload.rst
@@ -528,3 +528,7 @@ Drivers should ignore the changes to TLS the device feature
flags.
These flags will be acted upon accordingly by the core ``ktls`` code.
TLS device feature flags only control adding of new TLS connection
offloads, old connections will remain active after flags are cleared.
+
+The TLS encryption cannot be offloaded to device if checksum calculation
+is not, hence the TLS TX device feature flag is cleared when HW_CSUM is
+disabled.
diff --git a/net/core/dev.c b/net/core/dev.c
index 9499a414d67e..26c9b059cade 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -9584,6 +9584,11 @@ static netdev_features_t netdev_fix_features(struct
net_device *dev,
}
}
+ if ((features & NETIF_F_HW_TLS_TX) && !(features & NETIF_F_HW_CSUM)) {
+ netdev_dbg(dev, "Dropping TLS TX HW offload feature since no
CSUM feature.\n");
+ features &= ~NETIF_F_HW_TLS_TX;
+ }
+
return features;
}
--
2.21.0
