> I found the  patch below necessary to get Fast-IPsec to work
> correctly over the local-loopback interface (using static-keyed SAs).
> That configuration is pointless for real use, but very useful for
> development (I test fast-IPsec with just my laptop).   The patch
> deletes packet-tags as a  packet ricochets off the loopback interface,
> and before reflecting an inbound ICMP echo-request back as an echo-response.
> 
> >From reading of the packet-tag code, needing the patch indicates a bug
> somewhere in the packet-tag code (the tags for IPsec input and output
> are distinct?).  I'd like to commit the patch below, at least until
> the questionable behaviour is reslobved. Any objections to that?

	i will be more comfortable if you remove tags related to fast-ipsec
	only.

itojun