> > Ok, so to confirm: > Your only issue here is that patch is that we have to split ipsec-secgw SADB > into > two? > > No objections to other part: > - search for given SPI value across both SPDs (IPv4 and IPv6) > - for each positive result create a new SA. > So if we have same SPI in both IPv4 and IPv6 SPDs instead of one SA that > would be referred by both SPD tables (current situation), > we will create 2 independent SAs - one for IPv4, second for IPv6. > For each one a separate rte_security/crypto session will be created and > programmed. > ? > > Because, I think that part will still be needed even when will have new SAD in > place. Agreed.
> Konstantin >
