From: James Morris <[EMAIL PROTECTED]> Date: Wed, 2 Aug 2006 12:04:31 -0400 (EDT)
> Why can't IPSec & MIP transforms be bundled on the same policy? At the first year of netconf, Yoshifuji went into detail as to why the IPSEC and MIP transformations had to live seperately. It's partly a side effect of different userland daemons controlling IPSEC vs. MIP configuration. > Or, perhaps a different approach is needed, where the disposition of a > policy can be to re-submit a packet for another policy match after the > current bundle has been traversed (something like NF_REPEAT). We can consider an approach like this as a future refinement. It would allow arbitrary nesting of sub-transforms, for sure, just like netfilter's NF_REPEAT. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
