From c6cc79445d39521eaa9485516d127d5a30e39c66 Mon Sep 17 00:00:00 2001
From: Rafael Zalamena <rzalamena@opensourcerouting.org>
Date: Fri, 21 Dec 2018 20:59:18 -0200
Subject: [PATCH] ldpd: fix startup on OpenBSD

We must open the PF_KEY socket before dropping privileges, otherwise the
socket creation will fail with permission problems.

Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
---
 ldpd/ldpe.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/ldpd/ldpe.c b/ldpd/ldpe.c
index 56af76d94e..c16d92f28b 100644
--- a/ldpd/ldpe.c
+++ b/ldpd/ldpe.c
@@ -139,6 +139,16 @@ ldpe(void)
 void
 ldpe_init(struct ldpd_init *init)
 {
+#ifdef __OpenBSD__
+	/* This socket must be open before dropping privileges. */
+	global.pfkeysock = pfkey_init();
+	if (sysdep.no_pfkey == 0) {
+		pfkey_ev = NULL;
+		thread_add_read(master, ldpe_dispatch_pfkey, NULL, global.pfkeysock,
+				&pfkey_ev);
+	}
+#endif
+
 	/* drop privileges */
 	ldpe_privs.user = init->user;
 	ldpe_privs.group = init->group;
@@ -159,14 +169,6 @@ ldpe_init(struct ldpd_init *init)
 		fatal("inet_pton");
 	if (inet_pton(AF_INET6, AllRouters_v6, &global.mcast_addr_v6) != 1)
 		fatal("inet_pton");
-#ifdef __OpenBSD__
-	global.pfkeysock = pfkey_init();
-	if (sysdep.no_pfkey == 0) {
-		pfkey_ev = NULL;
-		thread_add_read(master, ldpe_dispatch_pfkey, NULL, global.pfkeysock,
-				&pfkey_ev);
-	}
-#endif
 
 	/* mark sockets as closed */
 	global.ipv4.ldp_disc_socket = -1;
-- 
2.39.5