In message <D83AB78C-CF6B-11D7-A454-000A957650EC@wasabisystems.com>Jason Thorpe writes

>Ok, how about a compromise, then...
>
>Add "XXX -- TEMPORARY HACK UNTIL PACKET TAG BUG IS FIXED" to the new 
>code in the patch.

Is that for both deltas, or are you OK with the one Itojun okayed?

BTW... and for those who havent heard, TCP over fast-ipsec ESP now
works, and will work with a hifn77xx (as in the soekris vpn1201).

There's still a bug in AH input (ah output to a FreeBSD or windows box
is fine, inbound packets fail the integrity check. I suspect I'm
byteswapping IP_DF somewhere; the code on my laptop has what should be
a fix, but it doesn't work, either).