>Heh I made the same mistake when I first read this piece of >code too :) The optional flag isn't saying that it doesn't need >to be protected, but rather that the SA may not be present on >input. It's only used for IPComp where we may skip the IPComp >if the data is not compressible. > >In other words the optional flag is really only meaningful on >inbuond policy checks.
Thanks for clearing that up for me. :-) I think it is not documented clearly in ipsec-tools. Joy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html