Hello! > In fact, I think that we need to preserve the guarantee that no > two addresses share the same XFRM tunnel for IPv6. To do that, > we will need to extend the SPI key in the SADB to at least 128 > bits. Bits of saddr saved in spi field are supposed to be just hashing helper, allowing to avoid hashing all the tunnels of all the tunnels ending at our host and, hence, having one destination address, at one hash bucket. IPv6 should do full check for saddr and can use some folded hash value of saddr as spi. Alexey - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
