Re: [PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration

Next message: Thomas Gleixner: "Re: [patch V4 12/14] x86/vdso: Implement __vdso_futex_robust_try_unlock()"
Previous message: Dmitry Baryshkov: "Re: [PATCH v3 2/2] drm: verisilicon: add support for cursor planes"
In reply to: Antony Antony: "[PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration"
Next in thread: Steffen Klassert: "Re: [PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sabrina Dubroca

Date: Thu May 07 2026 - 05:33:23 EST

2026-05-05, 06:32:43 +0200, Antony Antony wrote:
> During SA migration via xfrm_state_clone_and_setup(),
> nat_keepalive_interval was silently dropped and never copied to the new
> SA. mapping_maxage was unconditionally copied even when migrating to a
> non-encapsulated SA.

mapping_maxage should be harmless (0/unused on non-encap), but I think
migrating nat_keepalive_interval should be considered a fix:

Fixes: f531d13bdfe3 ("xfrm: support sending NAT keepalives in ESP in UDP states")

(maybe even split out of this series, but that would cause a conflict
with the previous patch)

Reviewed-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>

--
Sabrina