Re: [PATCH net] xfrm: skip templates check for packet offload tunnel mode

Next message: Ron Economos: "Re: [PATCH 5.15 000/206] 5.15.199-rc1 review"
Previous message: Arnd Bergmann: "Re: [PATCH] riscv: Fix __kernel_off_t to 64 Bits in RV32"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steffen Klassert

Date: Thu Feb 05 2026 - 03:03:20 EST

On Tue, Jan 27, 2026 at 02:49:23PM +0200, Tariq Toukan wrote:
> From: Leon Romanovsky <leonro@xxxxxxxxxx>
>
> In packet offload, hardware is responsible to check templates. The
> result of its operation is forwarded through secpath by relevant
> drivers. That secpath is actually removed in __xfrm_policy_check2().
>
> In case packet is forwarded, this secpath is reset in RX, but pushed
> again to TX where policy is rechecked again against dummy secpath
> in xfrm_policy_ok().
>
> Such situation causes to unexpected XfrmInTmplMismatch increase.
>
> As a solution, simply skip template mismatch check.
>
> Fixes: 600258d555f0 ("xfrm: delete intermediate secpath entry in packet offload mode")
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
> Reviewed-by: Jianbo Liu <jianbol@xxxxxxxxxx>
> Reviewed-by: Cosmin Ratiu <cratiu@xxxxxxxxxx>
> Signed-off-by: Tariq Toukan <tariqt@xxxxxxxxxx>

Applied, thanks everyone!