From: Herbert Xu <herbert@gondor.apana.org.au> Date: Mon, 30 Jun 2003 08:12:59 +1000 A user can afford to do that. But a KM can't since it can't anticipate what the user is going to do. In a mobile situation, you may even need switch between the two on a regular basis. If user preempts one of your policy entries, he meant to do this. The KM must just add it to it's table and accept this. If user wants to coordinate in some higher way with KM, it must arrange a protocol by which to do so, it is not the kernel's problem. These discussions are really outside the realm of kernel side IPSEC support. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
