> > Fine with me, unless Venkat has an immediate use case for such > > transitions in the flow_in case (but I think this is mostly > my fault for > > suggesting transitions a while ago).
I don't have a use case currently. > > Unless I'm confusing something, there still may be a need for > transitions > if we want to support both IPsec and NetLabel labeling on the same > connection. > If we don't support transitions and allow both labeling methods on the > same connection we'll need to decide how to handle resolving the two - > maybe use a transition is this one case? Since CIPSO doesn't do full contexts currently, it would be just a matter of an additional flow_in check. The base sid used here would be the current secmark at that point (which will be the xfrm sid if xfrm was used). So, no transitions needed here currently. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
