From: Taral <taral@taral.net> Date: Tue, 19 Nov 2002 22:51:02 -0600 The current IPSec implementation has a distinction in the security policy between transport and tunnel SAs. I think this is not the best way to do this. This distinction duplicates work already done by the ipip driver. We have a tunneling system already, we should use it. The IPSEC RFCs require this state to be per SA. The key exchange daemons also need to know this. IPIP cannot do what is needed to happen here for tunnel based SAs, it lacks the knowledge and shouldn't need to be concerned with what happens there. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
