In message <20030912002321.82EBA89@coconut.itojun.org>itojun@iijlab.net writes

Itojun, you're not helping yourself. The kindest interpretation of
your reply is that the PF_KEY wasn't ready to be committed to our tree
in the first place.


>	and i wanted /kern/ipsec{sa,sp} for a long time, not just to workaround
>	the issue.  it is not ad-hoc.  now i would like to hear an apology for
>	calling it ad-hoc.

You must be kidding. From the NeBSD cvs log:

}RCS file: /cvsroot/src/sys/netkey/key.c,v
}Working file: key.c
}[...]
}
}----------------------------
}revision 1.93
}date: 2003/09/08 06:51:56;  author: itojun;  state: Exp;  lines: +57 -8
}add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
}it allows easier access to ipsecsa/sp.  it works around problem where
}setkey -D does not work with large number of ipsec SAs due to socket buffer
}size.
}----------------------------


I repeat, this is ad-hoc. In future, please do not commit ad-hoc
kludges like this to the NetBSD tree. Instead, fix the darn bug.