On Wed, Jun 15, 2022 at 04:34:41PM +0200, Claudio Jeker wrote: > Found by accident. If the pfkey message failed (sadb_msg_errno is set) > then the pfkey code ends in an infinite loop because the erroneous message > is not removed from the queue. > > pfkey_read() PEEKS at the message and returns 0 since it is what we > expect. pfkey_reply() realizes it is an error and returns -1 but the > message is still in the buffer. Once we hit the poll loop the fd > immediatly triggers since the message is still in the buffer and we call > pfkey_read() which peeks at the message and returns 0 ... > > Fix is simple, need to flush the message out in the error case.
ok > -- > :wq Claudio > > Index: pfkey.c > =================================================================== > RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v > retrieving revision 1.63 > diff -u -p -r1.63 pfkey.c > --- pfkey.c 15 Jun 2022 14:09:30 -0000 1.63 > +++ pfkey.c 15 Jun 2022 14:23:39 -0000 > @@ -469,6 +469,9 @@ pfkey_reply(int sd, uint32_t *spi) > return (0); > else { > log_warn("pfkey"); > + /* discard error message */ > + if (read(sd, &hdr, sizeof(hdr)) == -1) > + log_warn("pfkey read"); > return (-1); > } > } >