On Sun, 2005-03-27 at 03:18, Herbert Xu wrote:

For non-standard extensions like this I wouldn't worry about PF_KEY.
After all, if you're going to make sense of all the messages from
the kernel you'll have to use netlink anyway.

Just for consistency (since both call the same xfrm_state core code)
I made some minor changes to pf_key internal-to-kernel API (not exposed
to user space). Sample patch, still under construction, attached.
pfkey already does adverts on its own after a response from the generic
code. 
In the future this could be modified to do events about the same time
netlink does them i.e invocation from core xfrm_state code.
At the moment pfkey listeners are slightly delayed relative to netlink.

cheers,
jamal