From its conception, there was a portability requirement in isakmpd. It should run on various platforms, and with different IPsec stacks. Because of this demand, the ``sysdep'' module was introduced. Each platform we support needs to provide its own version of this module. In principle, all of the IPsec API could be dealt with here, but as APIs can be shared among several platforms (and there even exist standards now), most often the sysdep module only has stub code to call the right API module, like PF_KEY.
PF_KEY may become a standard, but it is only an API for maintaining SAs, and IPsec also needs policy maintenance. All PF_KEY systems we support have chosen to add policy extensions to PF_KEY because of the fact that the API is flexible enough to pass such data as well, and it is easier to extend something working than to invent something entirely new. However, extensions tend to be platform specific, so the PF_KEY support code in isakmpd has to deal with several different variants of the protocol. This problem is recognized, and there actually is some consensus between OpenBSD, KAME, and FreeS/WAN that this needs to change, and that the extensions need to converge, if not even be standardized.
With respect to differences in the build environment, we have seen a need to support both main ``make'' dialects, BSD and GNU. This is of course less than optimal, but given the alternatives it is currently our best option. Furthermore, every supported platform has to provide a makefile fragment wherein constraints on what isakmpd should support on that particular platform can be expressed, as well as instructions on how to build system-dependent code.