>>>	i don't understand why sys/netipsec has to have another PF_KEY
>>>	implementation.  could you tell me why?
>> Sam Leffler's fast-ipsec is a rework in detail, to improve performance
>> The re-implemenetation of PF_KEY is part and parcel of that "rework in
>> detail".  I understand the rework is ongoing (that is, more performance
>> enhancments are planned), but you'd be better off asking Sam.
>
> 	i looked at the diff between netipsec/key* and netkey/key*.
> 	the changes are minimal.  i will remove the former and put #ifdef
> 	FAST_IPSEC into the former.

I'm not sure this is a good idea.  I intentionally duplicated all KAME code 
because I intended to change it significantly.  (I also wanted to insure 
neither code base affected the other.)

In this case I'm close to working on the PF_KEY implementation s.t. it will 
diverge from the KAME implementation.  If netbsd wants to track this work 
then doing the above will be wasted effort.

	Sam