diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2006-10-26 13:17:01 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2006-10-26 13:17:01 +0000 |
commit | e6a841c573d32c62615ce8462fc1f5daf733772d (patch) | |
tree | ce51c9cd63eb27626e95a1f7d74b252c90c8d083 | |
parent | 6493a61aa31cd4d79542ab40405b7822a4afe55d (diff) |
storing the dynamically acquired SPIs for tcpmd5 inside the conf struct
is not such a good idea - it gets nulled on config reloads, and thus
we fail to clear the old SAs when the session is restarted after a config
reload occured. obvious solution: store the SPIs outside the config area.
ok claudio
-rw-r--r-- | usr.sbin/bgpd/pfkey.c | 28 | ||||
-rw-r--r-- | usr.sbin/bgpd/session.h | 8 |
2 files changed, 20 insertions, 16 deletions
diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c index 33196d05901..b0ad05e849e 100644 --- a/usr.sbin/bgpd/pfkey.c +++ b/usr.sbin/bgpd/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.32 2006/08/30 17:58:40 henning Exp $ */ +/* $OpenBSD: pfkey.c,v 1.33 2006/10/26 13:17:00 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -497,34 +497,34 @@ pfkey_sa_remove(struct bgpd_addr *src, struct bgpd_addr *dst, u_int32_t *spi) int pfkey_md5sig_establish(struct peer *p) { - if (!p->conf.auth.spi_out) + if (!p->auth.spi_out) if (pfkey_sa_add(&p->conf.local_addr, &p->conf.remote_addr, p->conf.auth.md5key_len, p->conf.auth.md5key, - &p->conf.auth.spi_out) == -1) + &p->auth.spi_out) == -1) return (-1); - if (!p->conf.auth.spi_in) + if (!p->auth.spi_in) if (pfkey_sa_add(&p->conf.remote_addr, &p->conf.local_addr, p->conf.auth.md5key_len, p->conf.auth.md5key, - &p->conf.auth.spi_in) == -1) + &p->auth.spi_in) == -1) return (-1); - p->auth_established = 1; + p->auth.established = 1; return (0); } int pfkey_md5sig_remove(struct peer *p) { - if (p->conf.auth.spi_out) + if (p->auth.spi_out) if (pfkey_sa_remove(&p->conf.local_addr, &p->conf.remote_addr, - &p->conf.auth.spi_out) == -1) + &p->auth.spi_out) == -1) return (-1); - if (p->conf.auth.spi_in) + if (p->auth.spi_in) if (pfkey_sa_remove(&p->conf.remote_addr, &p->conf.local_addr, - &p->conf.auth.spi_in) == -1) + &p->auth.spi_in) == -1) return (-1); - p->auth_established = 0; + p->auth.established = 0; return (0); } @@ -597,7 +597,7 @@ pfkey_ipsec_establish(struct peer *p) if (pfkey_reply(fd, NULL) < 0) return (-1); - p->auth_established = 1; + p->auth.established = 1; return (0); } @@ -662,7 +662,7 @@ pfkey_ipsec_remove(struct peer *p) if (pfkey_reply(fd, NULL) < 0) return (-1); - p->auth_established = 0; + p->auth.established = 0; return (0); } @@ -680,7 +680,7 @@ pfkey_establish(struct peer *p) int pfkey_remove(struct peer *p) { - if (!p->auth_established) + if (!p->auth.established) return (0); else if (p->conf.auth.method == AUTH_MD5SIG) return (pfkey_md5sig_remove(p)); diff --git a/usr.sbin/bgpd/session.h b/usr.sbin/bgpd/session.h index fac94d5966c..50ce6129dde 100644 --- a/usr.sbin/bgpd/session.h +++ b/usr.sbin/bgpd/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.86 2006/08/27 16:11:05 henning Exp $ */ +/* $OpenBSD: session.h,v 1.87 2006/10/26 13:17:00 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -166,6 +166,11 @@ struct peer { struct capabilities ann; struct capabilities peer; } capa; + struct { + u_int32_t spi_in; + u_int32_t spi_out; + u_int8_t established; + } auth; struct sockaddr_storage sa_local; struct sockaddr_storage sa_remote; struct msgbuf wbuf; @@ -184,7 +189,6 @@ struct peer { enum session_state state; enum session_state prev_state; u_int16_t holdtime; - u_int8_t auth_established; u_int8_t depend_ok; u_int8_t demoted; u_int8_t passive; |