[...]
>	freebsd uses unified inpcb for IPv4 and IPv6.   netbsd uses separate
>	inpcb/in6pcb.  therefore code has to be different.
>	i thought about unification of inpcb/in6pcb for a long time, but
>	end up not doing it due to increased memory usage/too many changes

``too many changes?'' That doesnt' strike me ais not a good reason.
Nor is it in the traditions of the NetBSD Project.

>	(i would name common portion as inpcb and IPv4-only portion in4pcb,
>	hence many IPv4 code has to be changed).

I'd name it somewhat differently.


>> Can you please defer chagne the inpcb6* to an struct socket*, until
>> after that review?
>
>	sorry no, i will change it to struct socket * now.  

Then I reserve the right to revert to passing inpcb6* at some later
date, shuold that be the appropriate thing to do.

	with your commit
>	you *broke* KAME IPsec policy checking for the case where IPv4 mapped
>	address is used on AF_INET6 socket.


Can you explain just how the code is ``broken''?  The previous code
took an in6pcb, followed the pointer to the struct socket*, and passed
the struct socket* via the set_socket() kludge.  The code I checked in
simply passes the same in6pcb* which the KAME code started with to
ip6_output() as an explicit argument. Then, ip6_output() immediately
follows the *VERY SAME* pointer, to obtain the struct socket* it used
to receive via the aux-mbuf/packet-tag.

Interally, ip6_output() and the KAME ipsec code continues to use the
struct socket *.  There is effectively change to the struct socket*
seen by the KAME-code internals. I dont see how that will break
anything, which wasn't already broken before.

Why do you think the code needs to be changed immediately?
Is there a corner case which I missed?