The expanded blowfish key is large and takes a while to compute;
recomputing it for every packet is almost certainly what kills
performance -- expanding the key takes ~520 blowfish block
encryptions, equivalent to encrypting a bit over 4kb of data.

The solaris implementation of blowfish for ESP (which is in
"solaris-current", not yet in any product) just caches the expanded
key in per-SA state; netbsd should do likewise.

Something more sophisticated might be appropriate -- perhaps a
*drain()-like routine to reclaim the memory for idle SA's -- but
redoing the BF_set_key() on every packet is definitely a bad idea.

					- Bill