keep track of which ipsec/md5 SAs we inserted - ESRCH on blind removal

otherwise, markus ok

2 files changed, 7 insertions, 3 deletions

diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c
index 9be8aa35225..f0453e3e13c 100644
--- a/usr.sbin/bgpd/pfkey.c
+++ b/usr.sbin/bgpd/pfkey.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkey.c,v 1.22 2004/04/28 00:59:09 markus Exp $ */
+/*	$OpenBSD: pfkey.c,v 1.23 2004/04/28 02:57:00 henning Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -504,6 +504,8 @@ pfkey_md5sig_establish(struct peer *p)
 		if (pfkey_sa_add(&p->conf.remote_addr, &p->conf.local_addr,
 		    p->conf.auth.md5key, &p->conf.auth.spi_in) == -1)
 			return (-1);
+
+	p->auth_established = 1;
 	return (0);
 }
 
@@ -563,6 +565,7 @@ pfkey_ipsec_establish(struct peer *p)
 	    &p->conf.remote_addr, &p->conf.local_addr, BGP_PORT, 0) < 0)
 		return (-1);
 
+	p->auth_established = 1;
 	return (0);
 }
 
@@ -616,7 +619,7 @@ pfkey_establish(struct peer *p)
 int
 pfkey_remove(struct peer *p)
 {
-	if (!p->conf.auth.method)
+	if (!p->auth_established)
 		return (0);
 	else if (p->conf.auth.method == AUTH_MD5SIG)
 		return (pfkey_md5sig_remove(p));
diff --git a/usr.sbin/bgpd/session.h b/usr.sbin/bgpd/session.h
index 29c7bf18797..0b5eb378a90 100644
--- a/usr.sbin/bgpd/session.h
+++ b/usr.sbin/bgpd/session.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: session.h,v 1.47 2004/04/27 22:42:13 henning Exp $ */
+/*	$OpenBSD: session.h,v 1.48 2004/04/28 02:57:01 henning Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -170,6 +170,7 @@ struct peer {
 	struct sockaddr_storage	 sa_remote;
 	struct msgbuf		 wbuf;
 	struct buf_read		*rbuf;
+	u_int8_t		 auth_established;
 	struct peer		*next;
 };