Rework pfkey handling a bit. The old remove then add way of inserting md5sig - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	claudio <claudio@openbsd.org>	2019-05-29 08:48:00 +0000
committer	claudio <claudio@openbsd.org>	2019-05-29 08:48:00 +0000
commit	14b6e38e0636cd23abf6e6bb5eadf4bf83a3ad70 (patch)
tree	34a83292c835a59e48943005cb6a95f30984e396 /lib/libc/stdlib
parent	Make the standard output messages of both methods of changing a key (diff)
download	wireguard-openbsd-14b6e38e0636cd23abf6e6bb5eadf4bf83a3ad70.tar.xz wireguard-openbsd-14b6e38e0636cd23abf6e6bb5eadf4bf83a3ad70.zip

Rework pfkey handling a bit. The old remove then add way of inserting md5sig

hit a race frequently where a session ended up with no key/SPI in the kernel. Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE the code is adding a new one then removing the old one. Also make sure keys are correctly cleared when peers are deconfigured. May not be perfect but a lot better than what was there before. Tested by and OK sthen@

Diffstat (limited to 'lib/libc/stdlib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: