>>>	i remember no ad-hoc changes to PF_KEY API/ABI made to netbsd tree.
>>>	which one do you think ad-hoc?
>>>	i made changes with reasons.  if you call it "ad-hoc" in public it's
>>>	quite a insult.
>>
>>There is a bug in the implementation PF_KEY which is triggered with
>>quite modest numbers of simultaneous SAs.  Addding a kernfs hook to
>>access SAs in order to sidestep that bug is *definitionally*, ad-hoc.
>
>	aha, socket buffer starvation on SADB_DUMP.  i can't really do anything
>	about it from PF_KEY point of view.  btw, PF_KEY message is like
>	SOCK_DGRAM messages, they are unreliable so it is (specwise) normal to
>	lose some of the messages.  therefore it is not a bug, but a feature.

	and i wanted /kern/ipsec{sa,sp} for a long time, not just to workaround
	the issue.  it is not ad-hoc.  now i would like to hear an apology for
	calling it ad-hoc.

itojun