RFC4303 (IPsec/ESP) auditing requirements

Hello all, I'm looking at RFC4303 at some of the auditing requirements and one of the gaps between what the specification requires and what we currently provide involves the SA's sequence number and the IPv6 flow ID. According the list of existing audit fields[1] there doesn't appear to any fields which are a good match. With that in mind I'd like to propose two new fields: * seqno - sequence number * flowid - flow id Any comments, objections, suggestions? [1] http://people.redhat.com/sgrubb/audit/audit-parse.txt -- paul moore linux security @ hp