Questions about PF_KEY interface

blue susan.lan at
Mon Jun 25 06:50:08 UTC 2007

Dear all:

I found there are two directories about PF_KEY interface: netkey and 
netipsec under $FreeBSD src$\sys\.

Looking into the makefile, the one that is currently used and built in 
is netkey.

However, I am wondering what's the purpose for netipsec?

Besides, the handling for the global variable "regtree", which is used 
for key registery, in netipsec seems more proper to me.

For example, when a key is needed to register, the static function, 
key_register(), which is defined in [netkey/netipsec]/key.c, will be called.

However, in netkey/key.c, key_register() will not call mtx_lock before 
the operation of the global variable, regtree. On the other hand, in 
netipsec/key.c, key_register() will mtx_lock. In my opinion, I think the 
latter should be correct since there may be various processes to call 
the function. Without the protection, race condition will occur!

Many thanks.


More information about the freebsd-net mailing list