git: fd53b8d609da - stable/15 - ipsec_offload: add comment stating why ipsec_accel_sa_newkey_cb() returns 0

The branch stable/15 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=fd53b8d609da8c83b43171e1d94a44fa2d505ff1

commit fd53b8d609da8c83b43171e1d94a44fa2d505ff1
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2026-02-04 02:34:59 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2026-03-04 01:15:59 +0000

    ipsec_offload: add comment stating why ipsec_accel_sa_newkey_cb() returns 0
    
    (cherry picked from commit 0e5caac7d543687d540fa83a7125726c7c9e6e58)
---
 sys/netipsec/ipsec_offload.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c
index 09c57d0a54cc..21a2e24518d7 100644
--- a/sys/netipsec/ipsec_offload.c
+++ b/sys/netipsec/ipsec_offload.c
@@ -343,6 +343,13 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg)
 		}
 	}
 out:
+	/*
+	 * Return 0, ignoring any errors from the SA installation.
+	 * This function is a callback for if_foreach_sleep(), which
+	 * stops iteration if one of the callbacks returns non-zero.
+	 * We need to offer the SA to all interfaces that could
+	 * offload it.
+	 */
 	return (0);
 }