Subject: Re: Problems with PF_KEY SADB_DUMP
To: None <tech-net@NetBSD.org>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-net
Date: 09/21/2003 13:46:42
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jonathan" == Jonathan Stone <jonathan@DSG.Stanford.EDU> writes:
Jonathan> I fear this will'd break the existing apps, which depend on the
Jonathan> SADB_DUMP responses to a given SADB_DUMP request being implicitly
Jonathan> atomic; and that the responses are never being interleaved with
Jonathan> other
Jonathan> messages (such as a kernel-generated ACQUIRE). For an example,
Jonathan> see
Jonathan> the loop in racoon/pfkey.c:pfkey_dump_sadb().
I'd say that we should fix the API :-)
The issue of atomic view is a very important one though.
The question is, when does it really matter? (I have answers, but I'm not
clear they are really that important)
a) fix it so that there is no deadlock.
b) create a new API for things that really want to see everything.
No, a counter is not sufficient, but providing an SA back to the
kernel to say "resume here" might work better. But, that isn't atomic.
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat
iQCVAwUBP23kAYqHRg3pndX9AQFPmQP/ZX3M3CPGFQ8rOI+jdiM0BzWBW1+WZ8pr
9Dcw17/v5xoX1uFjDMnqrM6TMLSiny6Y1Wqi6Zr10XsRkU/MIq26I1gbu8NwJyZk
FrjAXfMbtmfl5bEv2ZbNV/6rnCg+pU8oQvj8d+BrlB+Rm+Elgi8fzhAvdD4/giVM
vfPwPWmQNPo=
=7T5G
-----END PGP SIGNATURE-----