tech-net: Re: Reminder that we are supporting two parallel IPsec implementations

Subject: Re: Reminder that we are supporting two parallel IPsec implementations
To: Bill Studenmund <wrstuden@netbsd.org>
From: Jason Thorpe <thorpej@wasabisystems.com>
List: tech-net
Date: 09/12/2003 14:25:02

On Friday, September 12, 2003, at 01:28  PM, Bill Studenmund wrote:

> Ok, maybe I'm on the wrong page. I assumed that Itojun _added_ kernfs
> supoprt, and that if kernfs wasn't there, we'd use PF_KEY instead. Is 
> that
> assumption correct or incorrect?

That is correct.  However, the PF_KEY interface was a second-class 
citizen to the kernfs interface, since the PF_KEY interface has a 
restriction that the kernfs interface does not have.

That means that kernfs WOULD BE REQUIRED to support large numbers of 
IPsec SAs.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>