net/mlx5e: Use ip6_dst_lookup instead of ipv6_dst_lookup_flow for MAC init

Replace ipv6_stub->ipv6_dst_lookup_flow() with ip6_dst_lookup() in
mlx5e_ipsec_init_macs() since IPsec transformations are not needed
during Security Association setup - only basic routing information is
required for nexthop MAC address resolution.

This resolves an issue where XfrmOutNoStates error counter would be
incremented when xfrm policy is configured before xfrm state, as the
IPsec-aware routing function would attempt policy checks during SA
initialization.

Fixes: 71670f766b8f ("net/mlx5e: Support routed networks during IPsec MACs initialization")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1765284977-1363052-7-git-send-email-tariqt@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index 35d9530037a65598cc266dffb4f7c77425b3cced..6c79b9cea2efbc5c0079df67692982c6b17918ac 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -342,9 +342,8 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry,
                rt_dst_entry = &rt->dst;
                break;
        case AF_INET6:
-               rt_dst_entry = ipv6_stub->ipv6_dst_lookup_flow(
-                       dev_net(netdev), NULL, &fl6, NULL);
-               if (IS_ERR(rt_dst_entry))
+               if (!IS_ENABLED(CONFIG_IPV6) ||
+                   ip6_dst_lookup(dev_net(netdev), NULL, &rt_dst_entry, &fl6))
                        goto neigh;
                break;
        default: