>>>>> "itojun" == itojun  <itojun@iijlab.net> writes:
    >>> block in log on ex0_noipsec all head 110
    >> Maybe it can be made slightly more general by adding canonical
    >> tap/filter 
    >> only interfaces and making "tap0" attach to "ex0" at tap point "noipsec"
    >> with a userland utility and then 
 
    itojun> 	additional interface breaks IPv6 scoping.  please don't do
    itojun> 	that. 

  Yes, you've said this many times in the past.

  I agree that it is an issue for IPv6. It is not for IPv4.

  I would like to get past this. Can't we create an interface that has an
extremely local scope (a la loopback), or some other "undefined" scope?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [