In message <20040518025301.GA13564@panix.com>Thor Lancelot Simon writes


>I think you don't understand the relevant history here.
>
>The PF_KEY interface is _broken_ due to a bug in the kernel code for
>marshalling SAs into sequences of messages.  Rather than fix that,
>some months ago a developer chose to make kernfs _required_ for correct 
>operation instead.
>
>Now you can use kernfs (which is optional) or sysctl (which isn't, but
>which is *not* the standards-defined interface for this task) but you
>still can't use PF_KEY.
>
>This is what many developers who have looked at this question find broken,
>even in some cases offensive.  kernfs is an *optional* system component.
>Requiring it for correct operation is *just not okay*, and forcing a new
>network stack to implement a kernfs hack around PF_KEY being buggy so that
>it's compatible with the old broken implementation of this stuff is... not
>good.

Exactly. Thanks for the recap.  I think it applies even more so in,
say, an embedded system which otherwise just doesn't need kernfs.

I think der Mouse is approaching this from a perspective more like
``But why *not* add end-user-visible hooks via kernfs?'', with the
burden of proof on any nay-sayers.  That just isn't so, and (given all
the history) may even (albeit unintenionally) trigger bad vibes from
those ``broken, even in some cases offensive'' assessments.