Remaining issue (cont.)

If we had IPsec information (such as protocol and algorithm) notification mechanism, we could do everything in userspace
pros: simpler and generic features in kernel
cons: no such standards