source-changes: re: CVS commit: src

Subject: re: CVS commit: src
To: None <itojun@netbsd.org>
From: matthew green <mrg@eterna.com.au>
List: source-changes
Date: 09/09/2003 11:31:24

   
   Module Name:	src
   Committed By:	itojun
   Date:		Mon Sep  8 06:52:01 UTC 2003
   
   Modified Files:
   	src/sbin/mount_kernfs: mount_kernfs.8
   	src/sys/lkm/vfs/miscfs/kernfs: Makefile
   	src/sys/miscfs/kernfs: files.kernfs kernfs.h kernfs_vfsops.c
   	    kernfs_vnops.c
   	src/sys/netkey: key.c key.h
   Added Files:
   	src/sys/miscfs/kernfs: kernfs_subr.c
   
   Log Message:
   add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
   it allows easier access to ipsecsa/sp.  it works around problem where
   setkey -D does not work with large number of ipsec SAs due to socket buffer
   size.


so.... does this mean that /kern is now REQUIRED for a netbsd feature?


sounds like not such a great idea to me.  is there no way to do this
without resorting to forcing /kern to be mounted?  on my "secure"
systems i don't even include kernfs in my kernel (nor LKM.)  yet, this
is the machine i'm most likely to want to run ipsec on.


.mrg.