The portable version returns -1 in kr_init() because then the fd is skipped in the poll loop. Now the problem is I changed this some time ago to exit bgpd. I changed the function to pass the fd a pointer arg and so the return -1 still works.
Additionally introduce a tcp_md5_unset() function which will be used by the linux compat to unregister TCP MD5SUM keys from listening sockets when a peer is removed. Last but not least, remove the call to pfkey_remove() in session.c (the session engine does not even have the pfkey socket to talk to) and also use the right bgpd_config pointer in merge_peers (don't fall back to the gloabl conf). OK? -- :wq Claudio Index: bgpd.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v retrieving revision 1.225 diff -u -p -r1.225 bgpd.c --- bgpd.c 8 Aug 2019 11:33:08 -0000 1.225 +++ bgpd.c 30 Sep 2019 13:28:42 -0000 @@ -234,7 +234,7 @@ main(int argc, char *argv[]) imsg_init(ibuf_se, pipe_m2s[0]); imsg_init(ibuf_rde, pipe_m2r[0]); mrt_init(ibuf_rde, ibuf_se); - if ((rfd = kr_init()) == -1) + if (kr_init(&rfd) == -1) quit = 1; keyfd = pfkey_init(); Index: bgpd.h =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v retrieving revision 1.393 diff -u -p -r1.393 bgpd.h --- bgpd.h 27 Sep 2019 10:33:06 -0000 1.393 +++ bgpd.h 30 Sep 2019 13:28:21 -0000 @@ -1185,7 +1185,7 @@ int prefixset_cmp(struct prefixset_item RB_PROTOTYPE(prefixset_tree, prefixset_item, entry, prefixset_cmp); /* kroute.c */ -int kr_init(void); +int kr_init(int *); int ktable_update(u_int, char *, int, u_int8_t); void ktable_preload(void); void ktable_postload(u_int8_t); Index: kroute.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v retrieving revision 1.238 diff -u -p -r1.238 kroute.c --- kroute.c 8 Aug 2019 20:06:29 -0000 1.238 +++ kroute.c 30 Sep 2019 13:28:13 -0000 @@ -213,7 +213,7 @@ RB_GENERATE(kif_tree, kif_node, entry, k */ int -kr_init(void) +kr_init(int *fd) { int opt = 0, rcvbuf, default_rcvbuf; unsigned int tid = RTABLE_ANY; @@ -257,7 +257,8 @@ kr_init(void) if (fetchifs(0) == -1) return (-1); - return (kr_state.fd); + *fd = kr_state.fd; + return (0); } int Index: pfkey.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v retrieving revision 1.59 diff -u -p -r1.59 pfkey.c --- pfkey.c 30 Sep 2019 12:10:38 -0000 1.59 +++ pfkey.c 30 Sep 2019 14:05:16 -0000 @@ -866,3 +866,9 @@ tcp_md5_listen(struct listen_addr *la, s } return 0; } + +/* dummy function for portable */ +void +tcp_md5_unset(struct bgpd_config *conf, struct peer *p) +{ +} Index: session.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/session.c,v retrieving revision 1.391 diff -u -p -r1.391 session.c --- session.c 30 Sep 2019 12:10:38 -0000 1.391 +++ session.c 30 Sep 2019 14:03:50 -0000 @@ -276,7 +276,7 @@ session_main(int debug, int verbose) log_peer_warnx(&p->conf, "removed"); RB_REMOVE(peer_head, &conf->peers, p); timer_remove_all(p); - pfkey_remove(p); + tcp_md5_unset(conf, p); free(p); peer_cnt--; continue; @@ -3170,7 +3170,7 @@ merge_peers(struct bgpd_config *c, struc { struct peer *p, *np, *next; - RB_FOREACH(p, peer_head, &conf->peers) { + RB_FOREACH(p, peer_head, &c->peers) { /* templates are handled specially */ if (p->template != NULL) continue; @@ -3203,7 +3203,7 @@ merge_peers(struct bgpd_config *c, struc /* apply the config to all clones of a template */ if (p->conf.template) { struct peer *xp; - RB_FOREACH(xp, peer_head, &conf->peers) { + RB_FOREACH(xp, peer_head, &c->peers) { if (xp->template != p) continue; session_template_clone(xp, NULL, xp->conf.id, @@ -3218,7 +3218,7 @@ merge_peers(struct bgpd_config *c, struc /* pfkeys of new peers already loaded by the parent process */ RB_FOREACH_SAFE(np, peer_head, &nc->peers, next) { RB_REMOVE(peer_head, &nc->peers, np); - if (RB_INSERT(peer_head, &conf->peers, np) != NULL) + if (RB_INSERT(peer_head, &c->peers, np) != NULL) fatalx("%s: peer tree is corrupt", __func__); } } Index: session.h =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/session.h,v retrieving revision 1.140 diff -u -p -r1.140 session.h --- session.h 30 Sep 2019 12:10:38 -0000 1.140 +++ session.h 30 Sep 2019 14:05:40 -0000 @@ -286,6 +286,7 @@ int pfkey_init(void); int tcp_md5_check(int, struct peer *); int tcp_md5_set(int, struct peer *); int tcp_md5_listen(struct listen_addr *, struct peer_head *); +void tcp_md5_unset(struct bgpd_config *, struct peer *); /* printconf.c */ void print_config(struct bgpd_config *, struct rib_names *);