git: 8b2f4e6b3a47 - main - ipsec offload: never return error from the newkey/spdadd callbacks

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Thu, 30 Oct 2025 14:55:04 UTC

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=8b2f4e6b3a478faaa4b0b23efc9c65f5db913df4

commit 8b2f4e6b3a478faaa4b0b23efc9c65f5db913df4
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-10-29 16:37:17 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-10-30 14:54:36 +0000

    ipsec offload: never return error from the newkey/spdadd callbacks
    
    Returning an error causes premature termination of if_foreach_sleep()
    loop over the interfaces.  Whatever problem we have with the specific
    interface trying to install an element, should not prevent an attempt to
    install the same element into all other interfaces.
    
    Noted by:       Ariel Ehrenberg
    Sponsored by:   NVidia networking
    MFC after:      1 week
---
 sys/netipsec/ipsec_offload.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c
index 8a09d5f37b4a..59a107881676 100644
--- a/sys/netipsec/ipsec_offload.c
+++ b/sys/netipsec/ipsec_offload.c
@@ -300,7 +300,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg)
 		dprintf("ipsec_accel_sa_install_newkey: cannot alloc "
 		    "drv_spi if %s spi %#x\n", if_name(ifp),
 		    be32toh(tq->sav->spi));
-		return (ENOMEM);
+		return (0);
 	}
 	error = ifp->if_ipsec_accel_m->if_sa_newkey(ifp, tq->sav,
 	    drv_spi, &priv);
@@ -329,7 +329,7 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg)
 		}
 	}
 out:
-	return (error);
+	return (0);
 }
 
 static void
@@ -663,7 +663,7 @@ ipsec_accel_spdadd_cb(if_t ifp, void *arg)
 	if (error != 0) {
 		dprintf("ipsec_accel_spdadd: %s if_spdadd %p remember res %d\n",
 		    if_name(ifp), sp, error);
-		return (error);
+		return (0);
 	}
 	error = ifp->if_ipsec_accel_m->if_spdadd(ifp, sp, inp, &i->ifdata);
 	if (error != 0) {
@@ -671,7 +671,7 @@ ipsec_accel_spdadd_cb(if_t ifp, void *arg)
 		dprintf("ipsec_accel_spdadd: %s if_spdadd %p res %d\n",
 		    if_name(ifp), sp, error);
 	}
-	return (error);
+	return (0);
 }
 
 static void