Merge tag 'ipsec-2024-03-06' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;

	struct net_device *dev = x->xso.dev;

	if (!x->type_offload || x->encap)

	if (!x->type_offload)

		return false;

	if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET ||

{

	struct net *net = dev_net(skb_dst(skb)->dev);

	struct xfrm_state *x = skb_dst(skb)->xfrm;

	int family;

	int err;

	switch (x->outer_mode.family) {

	family = (x->xso.type != XFRM_DEV_OFFLOAD_PACKET) ? x->outer_mode.family

		: skb_dst(skb)->ops->family;

	switch (family) {

	case AF_INET:

		memset(IPCB(skb), 0, sizeof(*IPCB(skb)));

		IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED;

			if (xfrm[i]->props.smark.v || xfrm[i]->props.smark.m)

				mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);

			if (xfrm[i]->xso.type != XFRM_DEV_OFFLOAD_PACKET)

				family = xfrm[i]->props.family;

			oif = fl->flowi_oif ? : fl->flowi_l3mdev;

			dst = xfrm_dst_lookup(xfrm[i], tos, oif,

					      &saddr, &daddr, family, mark);

	}

	fl4->flowi4_proto = flkeys->basic.ip_proto;

	fl4->flowi4_tos = flkeys->ip.tos;

	fl4->flowi4_tos = flkeys->ip.tos & ~INET_ECN_MASK;

}

#if IS_ENABLED(CONFIG_IPV6)

	if (xp->xfrm_nr == 0)

		return 0;

	if (xp->xfrm_nr > XFRM_MAX_DEPTH)

		return -ENOBUFS;

	for (i = 0; i < xp->xfrm_nr; i++) {

		struct xfrm_user_tmpl *up = &vec[i];

		struct xfrm_tmpl *kp = &xp->xfrm_vec[i];