-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jonathan" == Jonathan Stone <jonathan@DSG.Stanford.EDU> writes:
    Jonathan> I fear this will'd break the existing apps, which depend on the
    Jonathan> SADB_DUMP responses to a given SADB_DUMP request being implicitly
    Jonathan> atomic; and that the responses are never being interleaved with
    Jonathan> other
    Jonathan> messages (such as a kernel-generated ACQUIRE).  For an example,
    Jonathan> see 
    Jonathan> the loop in racoon/pfkey.c:pfkey_dump_sadb().

  I'd say that we should fix the API :-)
  The issue of atomic view is a very important one though. 
  The question is, when does it really matter? (I have answers, but I'm not
clear they are really that important)

  a) fix it so that there is no deadlock.

  b) create a new API for things that really want to see everything.
     No, a counter is not sufficient, but providing an SA back to the 
     kernel to say "resume here" might work better. But, that isn't atomic.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy");  [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat

iQCVAwUBP23kAYqHRg3pndX9AQFPmQP/ZX3M3CPGFQ8rOI+jdiM0BzWBW1+WZ8pr
9Dcw17/v5xoX1uFjDMnqrM6TMLSiny6Y1Wqi6Zr10XsRkU/MIq26I1gbu8NwJyZk
FrjAXfMbtmfl5bEv2ZbNV/6rnCg+pU8oQvj8d+BrlB+Rm+Elgi8fzhAvdD4/giVM
vfPwPWmQNPo=
=7T5G
-----END PGP SIGNATURE-----