Subject: CVS commit: [netbsd-2-0] src/sys/netipsec
To: None <source-changes@NetBSD.org>
From: Matthias Scheler <email@example.com>
Date: 05/30/2004 07:02:32
Module Name: src
Committed By: tron
Date: Sun May 30 07:02:32 UTC 2004
src/sys/netipsec [netbsd-2-0]: key.c
Pull up revision 1.19 (requested by jonathan in ticket #405):
Rework to make FAST_IPSEC PF_KEY dumps unicast and reliable:
Introduce new socket-layer function sbappendaddrchain() to
sys/kern/uipc_socket2.c: like sbappendaddr(), only takes a chain of
records and appends the entire chain in one pass. sbappendaddrchain()
also takes an `sbprio' argument, which indicates the caller requires
special `reliable' handling of the socket-buffer. `sbprio' is
described in sys/sys/socketvar.h, although (for now) the different
levels are not yet implemented.
Rework sys/netipsec/key.c PF_KEY DUMP responses to build a chain of
mbuf records, one record per dump response. Unicast the entire chain
to the requestor, with all-or-none semantics.
sys/socketvar.h kern/uipc_socket2.c netipsec/key.c
Jason Thorpe, Thor Lancelot Simon, post to tech-kern.
Todo: request pullup to 2.0 branch. Post-2.0, rework sysctl() API for
dumps to use new record-chain constructors. Actually implement
the distinct service levels in sbappendaddrchain() so we can use them
to make PF_KEY ACQUIRE messages more reliable.
To generate a diff of this commit:
cvs rdiff -r18.104.22.168 -r22.214.171.124 src/sys/netipsec/key.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.