>>This last step seems premature.  Given that there has been lengthy delays
>>in the past with the integration of KAME work into NetBSD, I see no need
>>to start rushing now, especially when there are issues that need to be
>>resolved first.  I've seen no support, for this integration work besides
>>Jason saying that one less packet classifier in the kernel would be good.
>
>	by saying "KAME code" it can mean a lot of different components, so
>	i see in your statement some over-generalizing.
>
>	you misunderstood why there are lags between KAME IPv6 tree and NetBSD.
>	we specifically integrate things that made RFC status, or alike,
>	from KAME IPv6 code to NetBSD.  therefore we waited 2292bis API
>	discussion to settle down into RFC3542, for instance.

	on the contrary, KAME IPsec code and NetBSD IPsec code is mostly in
	sync, because RFC240x series are already RFC.
	PF is also stable and well tested, since it has been used from openbsd
	3.0 (or 2.9?).

itojun