sasyncd and pfkey promiscuous

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

sasyncd and pfkey promiscuous

nathanael-3
I found that sasyncd was not reliably enabling pfkey promiscuous mode
which results in the master failing to send SA changes to the slaves.
I noticed the following in src/sys/net/pfkeyv2.c:

        i = (pfkeyv2_socket->flags &
            PFKEYV2_SOCKETFLAGS_PROMISC) ? 1 : 0;
        j = smsg->sadb_msg_satype ? 1 : 0;

        if (i ^ j) {
                if (j) {
                        pfkeyv2_socket->flags |=
                            PFKEYV2_SOCKETFLAGS_PROMISC;
                        npromisc++;
                }
        } else {
                pfkeyv2_socket->flags &=
                    ~PFKEYV2_SOCKETFLAGS_PROMISC;
                npromisc--;
        }

The bracketing was correct up until revision 1.86, where it was broken
by a KNF update. I have included a patch below.

Nathanael

diff -u src/sys/net/pfkeyv2.c.orig src/sys/net/pfkeyv2.c
--- src/sys/net/pfkeyv2.c.orig Sun Apr 30 09:44:05 2006
+++ src/sys/net/pfkeyv2.c Sun Apr 30 09:49:28 2006
@@ -1733,11 +1733,11 @@
  pfkeyv2_socket->flags |=
     PFKEYV2_SOCKETFLAGS_PROMISC;
  npromisc++;
+ } else {
+ pfkeyv2_socket->flags &=
+    ~PFKEYV2_SOCKETFLAGS_PROMISC;
+ npromisc--;
  }
- } else {
- pfkeyv2_socket->flags &=
-    ~PFKEYV2_SOCKETFLAGS_PROMISC;
- npromisc--;
  }
  }