xfrm: don't send SA_PCPU during get/delete

[ti-mo]

Since Linux v6.13 or 83dfce38c49f ("xfrm: Restrict percpu SA attribute to specific netlink message types") SA_PCPU is only allowed in MSG_NEWSA, UPDSA, ALLOCSPI, ACQUIRE. For all other commands, it needs to be unset.

Also fix accessing *sa.Pcpunum in XfrmState.String() that would panic when the field is nil.

Summary by CodeRabbit

• Bug Fixes
  • Corrected the display format of per-CPU state numbers in debug output with proper nil handling.
  • Removed incorrect attribute emission when reading or deleting IPSec states.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4fbf6a12-d5e1-4ed1-9bc3-76a2c6d37182

📥 Commits

Reviewing files that changed from the base of the PR and between d450941 and b90d8de.

📒 Files selected for processing (1)

• xfrm_state_linux.go

---

📝 Walkthrough

Walkthrough

Changes to XfrmState.String() method to print Pcpunum as a string with nil handling. Removal of PCPU attribute emission in xfrmStateGetOrDelete when reading or deleting state.

Changes

Cohort / File(s)	Summary
XfrmState String and PCPU Handling xfrm_state_linux.go	Modified XfrmState.String() to display Pcpunum as string with nil handling; removed XFRMA_SA_PCPU attribute emission in xfrmStateGetOrDelete function.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A hop through the state, a fix so fine,
Pcpunum now speaks in strings divine,
No PCPU whispers when deleting with care,
Attributes pruned with a developer's flair! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: preventing SA_PCPU attribute from being sent during get/delete operations, which is the primary behavioral change in the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[bersoare]

👍🏽

[aboch]

Thank you @ti-mo !

LGTM