Hello! > Since it doesn't make sense to have a wildcard reqid match, the patch > can and should be simplified as follows. Actually, it makes lots of sense. On output wildcard template is not permitted to use SA reserved for some policy via reqid. But on input it would be something strange. BTW you have just scared me off. :-) I have almost accomodated to that your idea about blocking redundant transformations, now I returned to initial state of denial. :-) > BTW, is there any reason why we don't cater for hardcoded outbound SPIs > in xfrm_state_find? No. pfkey simply did not allow to set a fixed SPI in template, so this possibility remained unused. I do not even know, is SPI not supposed to be a random number? If so, static SPIs may be even illegal. Anyway, KAME's idea with reqid's provides more smart and more general replacement. Alexey - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
