From 8b2f4e6b3a478faaa4b0b23efc9c65f5db913df4 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Wed, 29 Oct 2025 18:37:17 +0200 Subject: [PATCH] ipsec offload: never return error from the newkey/spdadd callbacks Returning an error causes premature termination of if_foreach_sleep() loop over the interfaces. Whatever problem we have with the specific interface trying to install an element, should not prevent an attempt to install the same element into all other interfaces. Noted by: Ariel Ehrenberg Sponsored by: NVidia networking MFC after: 1 week --- sys/netipsec/ipsec_offload.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c index 8a09d5f37b4..59a10788167 100644 --- a/sys/netipsec/ipsec_offload.c +++ b/sys/netipsec/ipsec_offload.c @@ -300,7 +300,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) dprintf("ipsec_accel_sa_install_newkey: cannot alloc " "drv_spi if %s spi %#x\n", if_name(ifp), be32toh(tq->sav->spi)); - return (ENOMEM); + return (0); } error = ifp->if_ipsec_accel_m->if_sa_newkey(ifp, tq->sav, drv_spi, &priv); @@ -329,7 +329,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg) } } out: - return (error); + return (0); } static void @@ -663,7 +663,7 @@ ipsec_accel_spdadd_cb(if_t ifp, void *arg) if (error != 0) { dprintf("ipsec_accel_spdadd: %s if_spdadd %p remember res %d\n", if_name(ifp), sp, error); - return (error); + return (0); } error = ifp->if_ipsec_accel_m->if_spdadd(ifp, sp, inp, &i->ifdata); if (error != 0) { @@ -671,7 +671,7 @@ ipsec_accel_spdadd_cb(if_t ifp, void *arg) dprintf("ipsec_accel_spdadd: %s if_spdadd %p res %d\n", if_name(ifp), sp, error); } - return (error); + return (0); } static void