Subject: CVS commit: [netbsd-2-0] src/sys/netipsec
To: None <>
From: Matthias Scheler <>
List: source-changes
Date: 05/30/2004 07:02:32
Module Name:	src
Committed By:	tron
Date:		Sun May 30 07:02:32 UTC 2004

Modified Files:
	src/sys/netipsec [netbsd-2-0]: key.c

Log Message:
Pull up revision 1.19 (requested by jonathan in ticket #405):
Rework to make  FAST_IPSEC PF_KEY dumps unicast and reliable:
Introduce new socket-layer function sbappendaddrchain() to
sys/kern/uipc_socket2.c: like sbappendaddr(), only takes a chain of
records and appends the entire chain in one pass. sbappendaddrchain()
also takes an `sbprio' argument, which indicates the caller requires
special `reliable' handling of the socket-buffer.  `sbprio' is
described in sys/sys/socketvar.h, although (for now) the different
levels are not yet implemented.
Rework sys/netipsec/key.c PF_KEY DUMP responses to build a chain of
mbuf records, one record per dump response. Unicast the entire chain
to the requestor, with all-or-none semantics.
Changed files;
 	sys/socketvar.h kern/uipc_socket2.c netipsec/key.c
Reviewed by:
	Jason Thorpe, Thor Lancelot Simon, post to tech-kern.
Todo: request pullup to 2.0 branch.  Post-2.0, rework sysctl() API for
dumps to use new record-chain constructors. Actually implement
the distinct service levels in sbappendaddrchain() so we can use them
to make PF_KEY ACQUIRE messages more reliable.

To generate a diff of this commit:
cvs rdiff -r1.11.2.5 -r1.11.2.6 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.