I see. Yes, I need to do pfkey_sadb2xfrm_user_ctx there as well.
Regards, Trent. ------------------------------------------------------------ Trent Jaeger IBM T.J. Watson Research Center 19 Skyline Drive, Hawthorne, NY 10532 (914) 784-7225, FAX (914) 784-7225 Herbert Xu <[EMAIL PROTECTED]> 08/09/2005 07:13 PM To: Trent Jaeger/Watson/[EMAIL PROTECTED] cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], netdev@vger.kernel.org, [EMAIL PROTECTED], Serge E Hallyn/Austin/[EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PATCH 1/2] LSM-IPSec Networking Hooks -- revised flow cache [resend] On Tue, Aug 09, 2005 at 02:20:45PM -0400, Trent Jaeger wrote: > > > What makes spddelete different from spdadd? > > spddelete takes a context string as input and we need to retrieve the > policy that matches the selector (xfrm_policy_bysel) and the security > context. The additional code checks the latter. I think that the > conversion of the context string to a 'normalized' context struct must be > done by the LSM before we can do this check as done above. What I meant is why does spdadd do pfkey_sadb2xfrm_user_ctx while spddelete doesn't? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html