net/mlx5e: Use ip6_dst_lookup instead of ipv6_dst_lookup_flow for MAC init
authorJianbo Liu <jianbol@nvidia.com>
Tue, 9 Dec 2025 12:56:14 +0000 (14:56 +0200)
committerPaolo Abeni <pabeni@redhat.com>
Thu, 18 Dec 2025 12:39:29 +0000 (13:39 +0100)
Replace ipv6_stub->ipv6_dst_lookup_flow() with ip6_dst_lookup() in
mlx5e_ipsec_init_macs() since IPsec transformations are not needed
during Security Association setup - only basic routing information is
required for nexthop MAC address resolution.

This resolves an issue where XfrmOutNoStates error counter would be
incremented when xfrm policy is configured before xfrm state, as the
IPsec-aware routing function would attempt policy checks during SA
initialization.

Fixes: 71670f766b8f ("net/mlx5e: Support routed networks during IPsec MACs initialization")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1765284977-1363052-7-git-send-email-tariqt@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

index 35d9530..6c79b9c 100644 (file)
@@ -342,9 +342,8 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry,
                rt_dst_entry = &rt->dst;
                break;
        case AF_INET6:
-               rt_dst_entry = ipv6_stub->ipv6_dst_lookup_flow(
-                       dev_net(netdev), NULL, &fl6, NULL);
-               if (IS_ERR(rt_dst_entry))
+               if (!IS_ENABLED(CONFIG_IPV6) ||
+                   ip6_dst_lookup(dev_net(netdev), NULL, &rt_dst_entry, &fl6))
                        goto neigh;
                break;
        default: