The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=d02e1a3ffac76c17ac4d9fd45dd5edd8bc944c82
commit d02e1a3ffac76c17ac4d9fd45dd5edd8bc944c82 Author: Konstantin Belousov <[email protected]> AuthorDate: 2024-08-28 10:16:38 +0000 Commit: Konstantin Belousov <[email protected]> CommitDate: 2024-09-04 08:49:38 +0000 ipsec_accel_output(): do not process packet if interface rejected offload Sponsored by: NVidia networking --- sys/netipsec/ipsec_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c index bbf98ac7a676..7453fb3818a6 100644 --- a/sys/netipsec/ipsec_offload.c +++ b/sys/netipsec/ipsec_offload.c @@ -876,7 +876,8 @@ ipsec_accel_output(struct ifnet *ifp, struct mbuf *m, struct inpcb *inp, } i = ipsec_accel_is_accel_sav_ptr(sav, ifp); - if (i == NULL) + if (i == NULL || (i->flags & (IFP_HS_HANDLED | IFP_HS_REJECTED)) != + IFP_HS_HANDLED) goto out; if ((m->m_pkthdr.csum_flags & CSUM_TSO) == 0) {
