git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Lama Kayal <lkayal@nvidia.com>
	Mon, 15 Sep 2025 12:24:34 +0000 (15:24 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 25 Sep 2025 09:16:44 +0000 (11:16 +0200)
commit	948381b58298b11a2630bb98a12f2e67849b9c26
tree	ec8cad1045256172efb582bd54c3e1b07f012f9f	tree
parent	8df354eb2dd63d111ed5ae2e956e0dbb22bcf93b	commit \| diff

net/mlx5e: Add a miss level for ipsec crypto offload

[ Upstream commit 7601a0a46216f4ba05adff2de75923b4e8e585c2 ]

The cited commit adds a miss table for switchdev mode. But it
uses the same level as policy table. Will hit the following error
when running command:

# ip xfrm state add src 192.168.1.22 dst 192.168.1.21 proto \
esp spi 1001 reqid 10001 aead 'rfc4106(gcm(aes))' \
0x3a189a7f9374955d3817886c8587f1da3df387ff 128 \
mode tunnel offload dev enp8s0f0 dir in
Error: mlx5_core: Device failed to offload this state.

The dmesg error is:

mlx5_core 0000:03:00.0: ipsec_miss_create:578:(pid 311797): fail to create IPsec miss_rule err=-22

Fix it by adding a new miss level to avoid the error.

Fixes: 7d9e292ecd67 ("net/mlx5e: Move IPSec policy check after decryption")
Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Signed-off-by: Chris Mi <cmi@nvidia.com>
Signed-off-by: Lama Kayal <lkayal@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://patch.msgid.link/1757939074-617281-4-git-send-email-tariqt@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/net/ethernet/mellanox/mlx5/core/en/fs.h		diff \| blob \| blame \| history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h		diff \| blob \| blame \| history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c		diff \| blob \| blame \| history
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c		diff \| blob \| blame \| history