Description of problem:
Given an interface ipsec0 which works fine, 'ifdown ipsec0' fails to
remove the SPD entries for it and 'setkey -FP' is necessary to stop it.

Version-Release number of selected component (if applicable):
ipsec-tools-0.2.5-2
kernel-2.6.5-1.358

How reproducible:
Every time.

Steps to Reproduce:
1. Define an ipsec interface.
2. ifup the interface 
3. Observe that IPSEC communication works (with correct remote config)
4. ifdown the interface (produces error messages - see Actual results)
  
Actual results:
The result of line 1: No entry.
The result of line 2: No entry.


Expected results:
'setkey -DP' still shows configured in/out entries for interface

Additional info:
'setkey -FP' clears them, and unencrypted communication works again.
ifdown use of setkey worked as expected with kernel-2.6.3-2.1.240 and
ipsec-tools-0.2.2-8 on FC1.