David Miller wrote: > From: Timo_Teräs <[EMAIL PROTECTED]> > Date: Thu, 17 Jan 2008 10:11:17 +0200 > >> I thought my patch would qualify as "life support" bug fix. >> Currently racoon fails to work if there are too many SPDs or SAs >> because the kernel cannot handle the dump request properly. And this >> is what my patch fixes for pfkey. It adds no new features or >> functionality; just makes the dumping work with large databases. > > Racoon should use netlink for reasons far and beyond the > problem you are trying to address.
Yes. But this is fairly major thing to do. One needs to create API abstraction layer (still need to use pfkey in *BSD). Test it. A lot of work that is not going to happen very soon. Where as the pfkey bug fix is non-intrusive and helps all legacy applications still using af_key by _fixing a bug in kernel_. > The dumping behavior of AF_KEY is just horrific, as one of > several examples. If af_key is all that bad and does not qualify to get maintanace bug fixes, why not remove it complitely? That would make userland adapt faster. >> Then there's also the xfrm dumping changes which change the >> algorithm from O(n^2) to O(n) with some memory overhead, but >> that is a different story. Any comments on that? > > I have no general objections to those changes although I am > backlogged and thus have not studied them in detail. Jamal > is having what appears to be a healthy dialogue with you about > the details so I'm not concerned much :) Ok. I hope someone can also give feedback on the naming conventions. And about the api changes to xfrm policy/state walking. - Timo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
