>    > 	additional interface breaks IPv6 scoping.  please don't do
>    > 	that. 
>
>  Yes, you've said this many times in the past.
>
>  I agree that it is an issue for IPv6. It is not for IPv4.

	it is if you filter packets using incoming interfaces information.

>  I would like to get past this. Can't we create an interface that has an
>extremely local scope (a la loopback), or some other "undefined" scope?

	the problem is not just "scope" itself (linklocal or whatever), but
	also the scope identification associated with the packet (= incoming
	interface).  anything that changes m->m_pkthdr.rcvif will break IPv6.

	part of the problem is that RFC2401 does not say how the IPsec tunnel
	should be modeled - if RFC2401 does not include tunnel mode in the
	spec and we are to use GRE/whatever with transport mode, the problem
	should have never happened.  i don't like the way RFC2401 is specified.
	see draft-touch-ipsec-vpn-05.txt.

itojun