Commit e35d7da8 authored by Jianbo Liu's avatar Jianbo Liu Committed by Paolo Abeni
Browse files

net/mlx5e: Use ip6_dst_lookup instead of ipv6_dst_lookup_flow for MAC init 



Replace ipv6_stub->ipv6_dst_lookup_flow() with ip6_dst_lookup() in
mlx5e_ipsec_init_macs() since IPsec transformations are not needed
during Security Association setup - only basic routing information is
required for nexthop MAC address resolution.

This resolves an issue where XfrmOutNoStates error counter would be
incremented when xfrm policy is configured before xfrm state, as the
IPsec-aware routing function would attempt policy checks during SA
initialization.

Fixes: 71670f76 ("net/mlx5e: Support routed networks during IPsec MACs initialization")
Signed-off-by: default avatarJianbo Liu <jianbol@nvidia.com>
Reviewed-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarTariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1765284977-1363052-7-git-send-email-tariqt@nvidia.com


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 367e501f

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+2 −3
Original line number Diff line number Diff line
@@ -342,9 +342,8 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry, 
		rt_dst_entry = &rt->dst;

		break;

	case AF_INET6:

		rt_dst_entry = ipv6_stub->ipv6_dst_lookup_flow(

			dev_net(netdev), NULL, &fl6, NULL);

		if (IS_ERR(rt_dst_entry))

		if (!IS_ENABLED(CONFIG_IPV6) ||

		    ip6_dst_lookup(dev_net(netdev), NULL, &rt_dst_entry, &fl6))

			goto neigh;

		break;

	default: