struct sk_buff *skb, struct strp_msg *rxm)
{
struct tls_offload_context_rx *ctx = tls_offload_ctx_rx(tls_ctx);
- struct tls_msg *tlm = tls_msg(skb);
int is_decrypted = skb->decrypted;
int is_encrypted = !is_decrypted;
struct sk_buff *skb_iter;
tls_ctx->rx.rec_seq, rxm->full_len,
is_encrypted, is_decrypted);
- tlm->decrypted |= is_decrypted;
-
if (unlikely(test_bit(TLS_RX_DEV_DEGRADED, &tls_ctx->flags))) {
if (likely(is_encrypted || is_decrypted))
- return 0;
+ return is_decrypted;
/* After tls_device_down disables the offload, the next SKB will
* likely have initial fragments decrypted, and final ones not
*/
if (is_decrypted) {
ctx->resync_nh_reset = 1;
- return 0;
+ return is_decrypted;
}
if (is_encrypted) {
tls_device_core_ctrl_rx_resync(tls_ctx, ctx, sk, skb);
err = tls_device_decrypted(sk, tls_ctx, skb, rxm);
if (err < 0)
return err;
-
- /* skip SW decryption if NIC handled it already */
- if (tlm->decrypted) {
+ if (err > 0) {
+ tlm->decrypted = 1;
*zc = false;
goto decrypt_done;
}