CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/05/29 02:48:00
Modified files:
usr.sbin/bgpd : bgpd.c config.c pfkey.c
Log message:
Rework pfkey handling a bit. The old remove then add way of inserting md5sig
hit a race frequently where a session ended up with no key/SPI in the kernel.
Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE
the code is adding a new one then removing the old one.
Also make sure keys are correctly cleared when peers are deconfigured.
May not be perfect but a lot better than what was there before.
Tested by and OK sthen@
