Hello! > Why don't we check tmpl->ealgos against x->props.ealgo, tmpl->calgos > against x->props.calgo? Well, e/calgo do not assert authentity. So, checking them looked quite meaningless. > I think it's appropriate to check if these two fields match. What's your > opinion? With current state of things additional checks seem to be pointless. These bitmasks do not look as something good anyway. It is likely, the discussion under subject "RFC: Disallow unspecified SAs on inbound packets" will result in their elimination and replacing with more strict mechanism. Alexey - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html