relayd(8): don't create sockets between CAs and RELAYs.

CA and RELAY process types don't need to communicate with other CA
or RELAY processes respectively, so don't create and distribute ipc
socketpairs.

Tested by and ok denis@

diff --git a/usr.sbin/relayd/proc.c b/usr.sbin/relayd/proc.c
index 1b26a5e..1407f58 100644 (file)
--- a/usr.sbin/relayd/proc.c
+++ b/usr.sbin/relayd/proc.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: proc.c,v 1.41 2021/04/20 21:11:56 dv Exp $    */
+/*     $OpenBSD: proc.c,v 1.42 2021/12/30 20:38:43 dv Exp $    */
 
 /*
  * Copyright (c) 2010 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -419,6 +419,11 @@ proc_open(struct privsep *ps, int src, int dst)
                        if (src == dst && i == j)
                                continue;
 
+                       /* No need for CA to CA or RELAY to RELAY sockets. */
+                       if ((src == PROC_CA && dst == PROC_CA) ||
+                           (src == PROC_RELAY && dst == PROC_RELAY))
+                               continue;
+
                        pa = &ps->ps_pipes[src][i];
                        pb = &ps->ps_pipes[dst][j];
                        if (socketpair(AF_UNIX,