Subject: re: CVS commit: src
To: None <itojun@netbsd.org>
From: matthew green <mrg@eterna.com.au>
List: source-changes
Date: 09/09/2003 11:31:24
Module Name: src
Committed By: itojun
Date: Mon Sep 8 06:52:01 UTC 2003
Modified Files:
src/sbin/mount_kernfs: mount_kernfs.8
src/sys/lkm/vfs/miscfs/kernfs: Makefile
src/sys/miscfs/kernfs: files.kernfs kernfs.h kernfs_vfsops.c
kernfs_vnops.c
src/sys/netkey: key.c key.h
Added Files:
src/sys/miscfs/kernfs: kernfs_subr.c
Log Message:
add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
it allows easier access to ipsecsa/sp. it works around problem where
setkey -D does not work with large number of ipsec SAs due to socket buffer
size.
so.... does this mean that /kern is now REQUIRED for a netbsd feature?
sounds like not such a great idea to me. is there no way to do this
without resorting to forcing /kern to be mounted? on my "secure"
systems i don't even include kernfs in my kernel (nor LKM.) yet, this
is the machine i'm most likely to want to run ipsec on.
.mrg.