tech-kern: Re: IPSEC in GENERIC

Subject: Re: IPSEC in GENERIC
To: Jonathan Stone <jonathan@Pescadero.dsg.stanford.edu>
From: Christos Zoulas <christos@zoulas.com>
List: tech-kern
Date: 02/21/2006 17:17:37
On Feb 21,  2:08pm, jonathan@Pescadero.dsg.stanford.edu (Jonathan Stone) wrote:
-- Subject: Re: IPSEC in GENERIC

| >He is merging inpcb and in6pcb, the same way FreeBSD and OpenBSD have done.
| >
| >| Or to turn that around: what else is is in-progress that that'd break?
| >
| >This will break his branch, 
| 
| Sure. But if we finished clean-implmented code to using the struct
| inpcbhdr, and removes all the pointer-jumping, then we don't *need*
| Rui's branch, do we?
| 
| To turn my question around: after my first pass at this, we discussed
| various approaches: merging pcbs, or introducing a common prefix.
| 
| What changed beetwen the introduction of struct inpbcbhdr and now, so
| as to make a unified inpcb/in6pcb desirable now, when back then, that
| wasn't a desirable approach?

1. Makes our code similar to other BSD's.
2. Without it we cannot make mapped addresses work easily and this breaks
   java.
3. It eliminates a lot of common code.

| >and it will make us look very different than
| >FreeBSD and OpenBSD which have a merged inpcb/in6pbc.
| 
| FreeBSD's networking stack is already so different (SMP locking, ...)
| that as I see it, this marginal compatibility with FreeBSD buys us
| nothing, in practical terms.  Is there something in OpenBSD which this
| buys us?

The major issues are SMP locking and the function dispatch instead of switch in
ctlinput(). I like the function dispatcher more and I think it is simpler
to read and maintain. Once we have merged pcb's it will be easy to move
to that.

Practically making our code diverge from the others for no good reason
increases our maintenance cost. There aren't many people who have the
time and expertise to devote to improving the NetBSD stack...

| I guess I'm partly confused becuase, from where I'm sitting, a common
| header followed by IPv4 or IPv6-specific portions seems cleaner and
| more in our spirit of "doing things right".

The problem here is that you end up with 2 pcb structures that need to
be passed back and forth between v4 and v6 code in the mapped address
case. 

christos