On Mon, Nov 19, 2007 at 02:53:50AM -0600, Joy Latten wrote: > Although tmpl->optional is set, kernel still attempts > to create a set of SAs.
Heh I made the same mistake when I first read this piece of code too :) The optional flag isn't saying that it doesn't need to be protected, but rather that the SA may not be present on input. It's only used for IPComp where we may skip the IPComp if the data is not compressible. In other words the optional flag is really only meaningful on inbuond policy checks. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
