one point i guess you misunderstood: i have never, never propose
	to remove ipfilter from NetBSD.  i'm proposing
	- addition of PF to the system
	then
	- upgrade of ALTQ to the latest (ALTQ-and-PF integration)
	- upgrade of KAME IPsec to the latest (IPsec-and-PF integration)

	please read diff before you make further comments.
	orange.kame.net:~ftp/pub/kame/misc/netbsd-pf-20030629.diff

>I thought Darren's suggestion of importing a slightly older ALTQ into
>NetBSD while cooperating to work on a formal API for use of other
>packet filters with KAME was a pretty good one, but I can see how it might
>not really appeal to you or to the other KAME developers.  Do you see any
>middle ground that might work better for all involved?

	there are a lot of ioctl changes made during ALTQ-and-PF integration.
	what we have now is like this (in kame tree):
		ALTQ-and-PF with new ioctl (openbsd/sys/altq)
		standalone ALTQ with old ioctl (kame/sys/altq)
	and i don't think it worthwhile to put time on kame/sys/altq to
	catch up with the former.

itojun