Itojun writes:

>i will be more comfortable if you remove tags related to fast-ipsec
>only.

Which would be OK with me, if there was a section 9 manpage describing
the semantics of tags. If that's currently not well-defined, then lets
flesh it out.

Right now all I have to go on is intuition. My own intuition goes
something like this: ICMP reflection (e.g, icmp echo) should behave as
if ICMP reception and it was implemented in userspace, on a normal
socket.  A userspace implementation would strip all tags, and so
therefore a kernel implementation should strip all tags, too.

A similar analogy with a host transmitting and receiving its own
packets suggests (to me at least) that if_loop should strip all tags,
too.

...  both of which are orthogonal to fast-ipsec doesn't work as I (and
Jason?)  expected, unless the tags *are* stripped.