Subject: Re: Reminder that we are supporting two parallel IPsec implementations
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Bill Studenmund <>
List: tech-net
Date: 09/12/2003 12:46:57
On Thu, 11 Sep 2003, Jonathan Stone wrote:

> In message <>Jun-ichiro itojun Hagino writes
> There is a bug in the implementation PF_KEY which is triggered with
> quite modest numbers of simultaneous SAs.  Addding a kernfs hook to
> access SAs in order to sidestep that bug is *definitionally*, ad-hoc.
> Please bear keep in mind the long-established NetBSD principle that
> kernfs is *optional*: subsystems should continue to work even if
> kernfs is not present. You can use kernfs as an optimization, if its
> present; but as I recall the consensus, we should never **equire* it.
> (Perhaps I am misremembering, or perhaps this predates your involvement with NetBSD?)

Jonathan, please stop this attack on kernfs.

As long as kernfs has to be optional, it can never be useful, as everthing
it can do has to be done another way too. As long as it can never be
useful, it will always be optional.

If kernfs is the easiest way for Itojun to export LOTS SPDs, please let
him do it that way.

Take care,