In message <D61D5D79-A6B7-11D8-A7A8-000A957650EC@wasabisystems.com>
Jason Thorpe  writes:
>

>Ick.  The kernfs and PF_KEY interfaces should return the same info!

One could make a quite cogent argument tha the kernfs interface should
just die.  NetBSD prides itself on doing ``the right thing''; in this
context the ``right thing'' was clearly and indisuputably to fix the
implementation bugs in PF_KEY, not to ad-hoc invent another API.

If we need a second API, then we should go with the sysctl()-based
API: at least that exists for FAST_IPSEC.  (Personally, I dont want to
see a kernfs api added to FAST_IPSEC. Some users often don't want
kernfs for good and sufficient reasons of their own)