Index | Thread | Search

From:
Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject:
bgpd: properly discard pfkey error messages
To:
tech@openbsd.org
Date:
Fri, 12 Sep 2025 13:34:34 +0200

Download raw body.

Thread 
pfkey_reply() needs to discard any error message (including those for
ESRCH). The fix I did in 1.64 was not quite right since for the ESRCH
case the message remained in the socket and that results into a busy
loop in the bgpd main event loop since a ESRCH message is newer flushed
from the socket.

This is a fix for the busy loop Tom Smyth reported on bugs@.
Thanks to Tom for providing me with a ktrace of bgpd that made me find the
bug in less than 5min.
-- 
:wq Claudio

Index: pfkey.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
diff -u -p -r1.72 pfkey.c
--- pfkey.c	27 Feb 2025 14:03:32 -0000	1.72
+++ pfkey.c	12 Sep 2025 11:27:44 -0000
@@ -453,13 +453,15 @@ pfkey_reply(int sd, uint32_t *spi)
 
 	if (hdr.sadb_msg_errno != 0) {
 		errno = hdr.sadb_msg_errno;
+
+		/* discard error message */
+		if (read(sd, &hdr, sizeof(hdr)) == -1)
+			log_warn("pfkey read");
+
 		if (errno == ESRCH)
 			return (0);
 		else {
 			log_warn("pfkey");
-			/* discard error message */
-			if (read(sd, &hdr, sizeof(hdr)) == -1)
-				log_warn("pfkey read");
 			return (-1);
 		}
 	}