> Let me repeat myself: anyone CAPABLE to answer (and understand the > question) ? > > I really admire and appreciate your (misc) commitment.
netstat was largely rewritten to not use kvm snooping. It now only gets information from the kernel via sysctl. The result is that it does not race against the kernel in uncomfortable ways, shows atomic data, and loses a setgid bit. A few pieces of functionality went away. I believe ipsecctl will show you what you need.
