Subject: Re: Reminder that we are supporting two parallel IPsec implementations
To: None <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 09/11/2003 17:32:41
In message <> writes

Itojun, you're not helping yourself. The kindest interpretation of
your reply is that the PF_KEY wasn't ready to be committed to our tree
in the first place.

>	and i wanted /kern/ipsec{sa,sp} for a long time, not just to workaround
>	the issue.  it is not ad-hoc.  now i would like to hear an apology for
>	calling it ad-hoc.

You must be kidding. From the NeBSD cvs log:

}RCS file: /cvsroot/src/sys/netkey/key.c,v
}Working file: key.c
}revision 1.93
}date: 2003/09/08 06:51:56;  author: itojun;  state: Exp;  lines: +57 -8
}add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
}it allows easier access to ipsecsa/sp.  it works around problem where
}setkey -D does not work with large number of ipsec SAs due to socket buffer

I repeat, this is ad-hoc. In future, please do not commit ad-hoc
kludges like this to the NetBSD tree. Instead, fix the darn bug.