On Friday, August 22, 2003, at 06:46  PM, Jun-ichiro itojun Hagino 
wrote:

> 	because L2 driver behavior is different, ip_output() needs to behave
> 	differently.  yes, ip_output() should remove ipsec tags used in L3
> 	logic, and then add ipsec-hardware tags to tell L2 to do special 
> stuff.

No, I don't like that idea.  All that extra allocating/freeing of the 
L2-specific IPsec tags is added expense.  Better for the IPsec tags to 
be generic enough so as to be useful all over.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>