On Mon, 12 Apr 2010, Toni Mueller wrote: > Hi, > > with your comments, I have produceds a second version of the patch, > which includes the following changes:
IPsec isn't really my area, but some questions: 1) Why are these flows "illegal"? 0/0 -> 0/0 seems like it might have a use as a shorthand for "tunnel absolutely everything". 2) Why are you implementing this in the kernel instead of isakmpd? 3) Why are you implementing this at all? Doesn't isakmpd have mechanisms to prevent peers from creating undesired flows? -d
