diff options
| author |   henning <henning@openbsd.org> | 2006-10-26 13:17:00 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2006-10-26 13:17:00 +0000 |
| commit | 829332498957f93b5fdfa77a152fbed81954e587 (patch) | |
| tree | 87d797feaa979c01701e065d42f2c3ace58ab678 /usr.sbin/bgpd/pfkey.c | |
| parent | tweak; (diff) | |
| download | wireguard-openbsd-829332498957f93b5fdfa77a152fbed81954e587.tar.xz wireguard-openbsd-829332498957f93b5fdfa77a152fbed81954e587.zip | |
storing the dynamically acquired SPIs for tcpmd5 inside the conf struct
is not such a good idea - it gets nulled on config reloads, and thus
we fail to clear the old SAs when the session is restarted after a config
reload occured. obvious solution: store the SPIs outside the config area.
ok claudio
Diffstat (limited to 'usr.sbin/bgpd/pfkey.c')
| -rw-r--r-- | usr.sbin/bgpd/pfkey.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c index 33196d05901..b0ad05e849e 100644 --- a/usr.sbin/bgpd/pfkey.c +++ b/usr.sbin/bgpd/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.32 2006/08/30 17:58:40 henning Exp $ */ +/* $OpenBSD: pfkey.c,v 1.33 2006/10/26 13:17:00 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -497,34 +497,34 @@ pfkey_sa_remove(struct bgpd_addr *src, struct bgpd_addr *dst, u_int32_t *spi) int pfkey_md5sig_establish(struct peer *p) { - if (!p->conf.auth.spi_out) + if (!p->auth.spi_out) if (pfkey_sa_add(&p->conf.local_addr, &p->conf.remote_addr, p->conf.auth.md5key_len, p->conf.auth.md5key, - &p->conf.auth.spi_out) == -1) + &p->auth.spi_out) == -1) return (-1); - if (!p->conf.auth.spi_in) + if (!p->auth.spi_in) if (pfkey_sa_add(&p->conf.remote_addr, &p->conf.local_addr, p->conf.auth.md5key_len, p->conf.auth.md5key, - &p->conf.auth.spi_in) == -1) + &p->auth.spi_in) == -1) return (-1); - p->auth_established = 1; + p->auth.established = 1; return (0); } int pfkey_md5sig_remove(struct peer *p) { - if (p->conf.auth.spi_out) + if (p->auth.spi_out) if (pfkey_sa_remove(&p->conf.local_addr, &p->conf.remote_addr, - &p->conf.auth.spi_out) == -1) + &p->auth.spi_out) == -1) return (-1); - if (p->conf.auth.spi_in) + if (p->auth.spi_in) if (pfkey_sa_remove(&p->conf.remote_addr, &p->conf.local_addr, - &p->conf.auth.spi_in) == -1) + &p->auth.spi_in) == -1) return (-1); - p->auth_established = 0; + p->auth.established = 0; return (0); } @@ -597,7 +597,7 @@ pfkey_ipsec_establish(struct peer *p) if (pfkey_reply(fd, NULL) < 0) return (-1); - p->auth_established = 1; + p->auth.established = 1; return (0); } @@ -662,7 +662,7 @@ pfkey_ipsec_remove(struct peer *p) if (pfkey_reply(fd, NULL) < 0) return (-1); - p->auth_established = 0; + p->auth.established = 0; return (0); } @@ -680,7 +680,7 @@ pfkey_establish(struct peer *p) int pfkey_remove(struct peer *p) { - if (!p->auth_established) + if (!p->auth.established) return (0); else if (p->conf.auth.method == AUTH_MD5SIG) return (pfkey_md5sig_remove(p)); |