Subject: Re: Problems with PF_KEY SADB_DUMP
To: None <tech-net@NetBSD.org>
From: Michael Richardson <firstname.lastname@example.org>
Date: 09/21/2003 13:46:42
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jonathan" == Jonathan Stone <jonathan@DSG.Stanford.EDU> writes:
Jonathan> I fear this will'd break the existing apps, which depend on the
Jonathan> SADB_DUMP responses to a given SADB_DUMP request being implicitly
Jonathan> atomic; and that the responses are never being interleaved with
Jonathan> messages (such as a kernel-generated ACQUIRE). For an example,
Jonathan> the loop in racoon/pfkey.c:pfkey_dump_sadb().
I'd say that we should fix the API :-)
The issue of atomic view is a very important one though.
The question is, when does it really matter? (I have answers, but I'm not
clear they are really that important)
a) fix it so that there is no deadlock.
b) create a new API for things that really want to see everything.
No, a counter is not sufficient, but providing an SA back to the
kernel to say "resume here" might work better. But, that isn't atomic.
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] email@example.com http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat
-----END PGP SIGNATURE-----