>> 	I'm now trying to upgrade KAME IPsec portion to more recent one.
>> 	Since KAME tree changed kernel IPsec policy engine, there's binary
>> 	compatibility issue with old binary and new binary.
>> 	the most important change is in sys/netkey/keyv2.h.  the attached
>> 	part declares PF_KEY message type.
>> 
>> 	the problem is that, now binary compiled with old header is not usable
>> 	on new kernel.  due to semantics change, it is not trivial to emulate
>> 	old calls in new kernel.  for safety reasons, we may want to
>
>Well, NetBSD has yet to see a release with IPsec -- so we're only talking
>about compatibility with -currents of different dates.

	The above is correct, this is backward-compat issue between
	1.4[A-Z] and 1.4[A-Z].

>Therefore it may
>be excusable to break binary compatibility in this case.
>This is just a thought, but not a firm recommendation :-)

	Hmm, I think I'll commit it as is (breaks binary compatibility),
	and fix it afterwards whenever it becomes necessary.  I'll bump up
	shlib major for libipsec.

itojun