Hi, I dimly remember that it was possible to delete flows by specifying their SPI index in the SADB, but when I say
# ipsecctl -d 0x12345678 with 0x12345678 being a number obtained by running # ipsecctl -v -ss I only get back an error message. If I say "ipsecctl -sf" and feed one of these lines to 'ipsecctl -d', like in # ipsecctl -d 'flow esp in from 10.1.10.10 to 10.2.0.22 peer 1.2.3.4 srcid 5.6.7.8/32 dstid 1.2.3.4/32 type use' it bails out, too. Now I'm confused. :( I'd prefer to delete flows by SPI index, if possible... Help is greatly appreciated! Kind regards, --Toni++
