From: Timo_Teräs <[EMAIL PROTECTED]> Date: Thu, 17 Jan 2008 13:00:09 +0200
> IMHO, it's a lot better then losing >50% of entries and the end > of sequence message on big dumps. SPD and SADB are not that > volatile; in most of the cases the dump would be as good as an > atomic one. I humbly disagree with you. Interface behavior stability is more important. > I'm not sure if there's other major applications that we should > be concerned about, but at least ipsec-tools racoon does not > expect to get atomic dumps (which btw, comes originally from BSD). Racoon was written as an addon to the BSD stack by an IPV6/IPSEC project in Japan named KAME, it did not "come from BSD". It was added to BSD. There are also other BSD based IPSEC daemons such as the one written by the OpenBSD folks. I don't think this is arguable at all. We're not changing semantics over what we've done for 4+ years and applications might depend upon. It's for a deprecated interface, which makes any semantic changes that much less inviting. You can argue all you want, but it will not change the invariants in the previous paragraph. All of the time you've spent arguing is time not spent on adding netlink support to the daemons that do not do so already. And that would be 2 steps forwards compared to the 1 step backwards your desired change would be. I've stated my position as well as I can at this point so respectfully, since I have tons of other things to do, I'm stepping out of this specific discussion for now. Thank you. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
