On Mon, Jun 25, 2007 at 02:50:08PM +0800, blue wrote: > Dear all: Hi.
> I found there are two directories about PF_KEY interface: netkey and > netipsec under $FreeBSD src$\sys\. > > Looking into the makefile, the one that is currently used and built in > is netkey. > > However, I am wondering what's the purpose for netipsec? netkey is used if you compile with IPSEC (KAME's stack). netipsec is used if you compile with FAST_IPSEC. > Besides, the handling for the global variable "regtree", which is used > for key registery, in netipsec seems more proper to me. > > For example, when a key is needed to register, the static function, > key_register(), which is defined in [netkey/netipsec]/key.c, will be called. > > However, in netkey/key.c, key_register() will not call mtx_lock before > the operation of the global variable, regtree. On the other hand, in > netipsec/key.c, key_register() will mtx_lock. In my opinion, I think the > latter should be correct since there may be various processes to call > the function. Without the protection, race condition will occur! KAME's IPSec stack is still giant locked, so doesn't needs more fined locking. FAST_IPSEC used fined grain locking. KAME's stack will probably be removed in the future (for 7.0 ?) thanks George V. Neville-Neil's work to provide all KAME's stack features on FAST_IPSEC. Yvan. -- NETASQ http://www.netasq.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
