/proc/self/attr/current will tell you the Smack label of the process. The mapping of Smack label to CIPSO tag is in /sys/fs/smackfs/cipso2. If you are running an older system it might be in /smack/cipso2. Netfilter support is relatively recent. What kernel version and Smack configuration options (grep for “SMACK” in the kernel configuration file) you have set. What kernel revision are you looking at?
From: Dev [mailto:[email protected]] On Behalf Of Saulo A. Moraes Sent: Tuesday, February 14, 2017 4:08 PM To: [email protected] Subject: Re: [Dev] Debug CIPSO content I can see the CIPSO label in "/proc/self/attr/current" (maybe some cipso parameters are missing here?). But when network packet label is included? Can label be filtered in nfqueue? Sent: Monday, February 13, 2017 at 10:03 PM From: "Schaufler, Casey" <[email protected]<mailto:[email protected]>> To: "Saulo A. Moraes" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: RE: [Dev] Debug CIPSO content You can find the Smack label to CIPSO packet mapping in /sys/fs/smackfs/cipso2 From: Dev [mailto:[email protected]] On Behalf Of Saulo A. Moraes Sent: Monday, February 13, 2017 3:53 PM To: [email protected]<mailto:[email protected]> Subject: [Dev] Debug CIPSO content Hi, What is the easiest way to debug/log CIPSO content from packet going to network output/internet? Tks
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
