From b27c3a9c3f12d6a577e562b7402e353a60819873 Mon Sep 17 00:00:00 2001
From: dv <dv@openbsd.org>
Date: Thu, 30 Dec 2021 20:38:43 +0000
Subject: [PATCH] relayd(8): don't create sockets between CAs and RELAYs.

CA and RELAY process types don't need to communicate with other CA
or RELAY processes respectively, so don't create and distribute ipc
socketpairs.

Tested by and ok denis@
---
 usr.sbin/relayd/proc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/relayd/proc.c b/usr.sbin/relayd/proc.c
index 1b26a5ed466..1407f58fee6 100644
--- a/usr.sbin/relayd/proc.c
+++ b/usr.sbin/relayd/proc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: proc.c,v 1.41 2021/04/20 21:11:56 dv Exp $	*/
+/*	$OpenBSD: proc.c,v 1.42 2021/12/30 20:38:43 dv Exp $	*/
 
 /*
  * Copyright (c) 2010 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -419,6 +419,11 @@ proc_open(struct privsep *ps, int src, int dst)
 			if (src == dst && i == j)
 				continue;
 
+			/* No need for CA to CA or RELAY to RELAY sockets. */
+			if ((src == PROC_CA && dst == PROC_CA) ||
+			    (src == PROC_RELAY && dst == PROC_RELAY))
+				continue;
+
 			pa = &ps->ps_pipes[src][i];
 			pb = &ps->ps_pipes[dst][j];
 			if (socketpair(AF_UNIX,
-- 
2.20.1