diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2004-05-28 18:39:10 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-05-28 18:39:10 +0000 |
commit | 831d4b2edaf2875a6f07d2d8f046a52d9b6ce953 (patch) | |
tree | ba7afd0f8f3262765c0ab1cc4877949c658fa43e /usr.sbin/bgpd/pfkey.c | |
parent | 83d23ae0746114f947c8dd433de3dc7935c7c2bb (diff) |
detect absence of PF_KEY interface and/or the TCP_MD5SIG setsockopts
at runtime and disable said subsystems if so. helps the guys porting bgpd
to $otherBSD, and is actually the right thing to do. claudio ok
Diffstat (limited to 'usr.sbin/bgpd/pfkey.c')
-rw-r--r-- | usr.sbin/bgpd/pfkey.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c index a136adf4631..a0b02a883bd 100644 --- a/usr.sbin/bgpd/pfkey.c +++ b/usr.sbin/bgpd/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.29 2004/05/06 14:51:11 henning Exp $ */ +/* $OpenBSD: pfkey.c,v 1.30 2004/05/28 18:39:09 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -692,14 +692,17 @@ pfkey_remove(struct peer *p) } int -pfkey_init(void) +pfkey_init(struct bgpd_sysdep *sysdep) { if ((fd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) == -1) { - if (errno == EPROTONOSUPPORT) - log_warnx("no kernel support for PF_KEY"); - else + if (errno == EPROTONOSUPPORT) { + log_warnx("PF_KEY not available, disabling ipsec"); + sysdep->no_pfkey = 1; + return (0); + } else { log_warn("PF_KEY socket"); - return (-1); + return (-1); + } } return (0); } |