diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2019-05-29 08:48:01 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2019-05-29 08:48:01 +0000 |
commit | 8843c55359d5133e4832744c65315f8b9aab0df0 (patch) | |
tree | d503657415f772cdef4b2c028ce4038dad36c7fb /usr.sbin/ldapd/validate.c | |
parent | eb74bd7b0558a0388295471368cde105bb1f7a45 (diff) |
Rework pfkey handling a bit. The old remove then add way of inserting md5sig
hit a race frequently where a session ended up with no key/SPI in the kernel.
Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE
the code is adding a new one then removing the old one.
Also make sure keys are correctly cleared when peers are deconfigured.
May not be perfect but a lot better than what was there before.
Tested by and OK sthen@
Diffstat (limited to 'usr.sbin/ldapd/validate.c')
0 files changed, 0 insertions, 0 deletions