Thanks! Sorry for the long delay. During testing, I actually noticed a regression.
While my patch fixes the packet drops I observed if the esp4|6_offload module is *not* loaded, by not modifying the skb metadata of the received packets. The latter actually breaks GRO offload for UDP- encapsulated ESP packets if the module *is* loaded (the whole point of that code path :-/). That's because the GRO ESP handling function that follows the patched code looks up the packet's SPI based on skb metadata (transport header) and not GRO metadata (GRO offset). Since my patch indirectly dropped updating the former, the SPI for the ESP state lookup is parsed from the UDP header and not the ESP header. So all these packets fall back to the slow path because no SA is found in the GRO path. So far, no IKE daemon sets the UDP_GRO flag together with UDP_ENCAP_ESPINUDP on UDP sockets, so the current behavior doesn't really change by applying the patch (i.e. UDP-encapsulated ESP packets take the slow path). And if the offload module is not loaded, which is the default, it still fixes the original issue when an IKE daemon actually does set UDP_GRO. So maybe applying the patch already now could still be an option. Anyway, I have submitted a fix on top of the patch. It got applied to the ipsec tree (https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git/commit/?id=3ac9e29211fa2df5539ba0d742c8fe9fe95fdc79) and will eventually get merged/backported to the other trees. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2113868 Title: Backport request for fix for IPsec UDP GRO option issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2113868/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
