I see.
Yes, I need to do pfkey_sadb2xfrm_user_ctx there as well.
Regards,
Trent.
------------------------------------------------------------
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784-7225, FAX (914) 784-7225
Herbert Xu <[EMAIL PROTECTED]>
08/09/2005 07:13 PM
To: Trent Jaeger/Watson/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], netdev@vger.kernel.org, [EMAIL PROTECTED], Serge E
Hallyn/Austin/[EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [PATCH 1/2] LSM-IPSec Networking Hooks --
revised flow cache [resend]
On Tue, Aug 09, 2005 at 02:20:45PM -0400, Trent Jaeger wrote:
>
> > What makes spddelete different from spdadd?
>
> spddelete takes a context string as input and we need to retrieve the
> policy that matches the selector (xfrm_policy_bysel) and the security
> context. The additional code checks the latter. I think that the
> conversion of the context string to a 'normalized' context struct must
be
> done by the LSM before we can do this check as done above.
What I meant is why does spdadd do pfkey_sadb2xfrm_user_ctx while
spddelete doesn't?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
