Herbert, This is a simplified version of one of your earlier patches that never made it in. I liked it so much that i reduced it to this and infact given the cycles today, tested it (with transport and tunnel mode only;->).
We re-inject a decrypted ipsec (other than tunnel mode) back and let it bubble up the network stack. This improves debugability (since sniffers like tcpdump can see the packet) and usability since ingress tc filters can act on it. Ive broken it down into two: IPv4 and IPV6. If you want to go through the xfrm reinject() method, then I am gonna need more time to resubmit or you be my guest and go for it and i will test it. cheers, jamal - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
