Subject: re: CVS commit: src
To: None <email@example.com>
From: matthew green <firstname.lastname@example.org>
Date: 09/09/2003 11:31:24
Module Name: src
Committed By: itojun
Date: Mon Sep 8 06:52:01 UTC 2003
src/sys/miscfs/kernfs: files.kernfs kernfs.h kernfs_vfsops.c
src/sys/netkey: key.c key.h
add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
it allows easier access to ipsecsa/sp. it works around problem where
setkey -D does not work with large number of ipsec SAs due to socket buffer
so.... does this mean that /kern is now REQUIRED for a netbsd feature?
sounds like not such a great idea to me. is there no way to do this
without resorting to forcing /kern to be mounted? on my "secure"
systems i don't even include kernfs in my kernel (nor LKM.) yet, this
is the machine i'm most likely to want to run ipsec on.