In message <9FA9DF1A-77A9-11D8-81A9-000A957650EC@wasabisystems.com>,
Jason Thorpe  writes:

>It's truly NetBSD-specific; calls to the appropriate functions must be 
>made from non-IPsec code in order for it to work properly.  Until 
>FreeBSD's code makes such calls, it seems appropriate to keep the 
>#ifdef as-is.

I already have those calls, in my private FreeBSD tree against which I
compile my "merged" sys/netipsec.  I'm already at the point where I
need to distinguish the generic ipsec-pcb-cache code from the truly
NetBSD-specific code (such as the ipflow_* calls).

Further, the FreeBSD folks have no real reason to buy back any changes
to their sys/netinet code, unless and until the sys/netipsec code is
ready take advantage of it: chicken-and-egg.

So... I understand where you're coming from, and in other cases I'd
probably agree; but not here; your point has been heard, and
considered, and over-ridden.  Given that, I guess I'd better post a
patch for review before committing to NetBSD.