Commit 011be342 authored Jan 27, 2026 by Jianbo Liu Committed by Jakub Kicinski Jan 28, 2026

net/mlx5e: Skip ESN replay window setup for IPsec crypto offload



Commit a5e400a9 ("net/mlx5e: Honor user choice of IPsec replay
window size") introduced logic to setup the ESN replay window size.
This logic is only valid for packet offload.

However, the check to skip this block only covered outbound offloads.
It was not skipped for crypto offload, causing it to fall through to
the new switch statement and trigger its WARN_ON default case (for
instance, if a window larger than 256 bits was configured).

Fix this by amending the condition to also skip the replay window
setup if the offload type is not XFRM_DEV_OFFLOAD_PACKET.

Fixes: a5e400a9 ("net/mlx5e: Honor user choice of IPsec replay window size")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1769503961-124173-5-git-send-email-tariqt@nvidia.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent a8f930b7

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -430,7 +430,8 @@ void mlx5e_ipsec_build_accel_xfrm_attrs(struct mlx5e_ipsec_sa_entry *sa_entry,
		attrs->replay_esn.esn = sa_entry->esn_state.esn;
		attrs->replay_esn.esn_msb = sa_entry->esn_state.esn_msb;
		attrs->replay_esn.overlap = sa_entry->esn_state.overlap;
		if (attrs->dir == XFRM_DEV_OFFLOAD_OUT)
		if (attrs->dir == XFRM_DEV_OFFLOAD_OUT \|\|
		x->xso.type != XFRM_DEV_OFFLOAD_PACKET)
		goto skip_replay_window;

		switch (x->replay_esn->replay_window) {