itd->flags = 0;
if (xs->id.proto == IPPROTO_ESP) {
+ struct sk_buff *skb = first->skb;
+ int ret, authlen, trailerlen;
+ u8 padlen;
+
itd->flags |= IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP |
IXGBE_ADVTXD_TUCMD_L4T_TCP;
if (first->protocol == htons(ETH_P_IP))
itd->flags |= IXGBE_ADVTXD_TUCMD_IPV4;
- itd->trailer_len = xs->props.trailer_len;
+
+ /* The actual trailer length is authlen (16 bytes) plus
+ * 2 bytes for the proto and the padlen values, plus
+ * padlen bytes of padding. This ends up not the same
+ * as the static value found in xs->props.trailer_len (21).
+ *
+ * The "correct" way to get the auth length would be to use
+ * authlen = crypto_aead_authsize(xs->data);
+ * but since we know we only have one size to worry about
+ * we can let the compiler use the constant and save us a
+ * few CPU cycles.
+ */
+ authlen = IXGBE_IPSEC_AUTH_BITS / 8;
+
+ ret = skb_copy_bits(skb, skb->len - (authlen + 2), &padlen, 1);
+ if (unlikely(ret))
+ return 0;
+ trailerlen = authlen + 2 + padlen;
+ itd->trailer_len = trailerlen;
}
if (tsa->encrypt)
itd->flags |= IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN;