> > Considering the above change, I wonder if it would also > make sense to > > update the secmark to SECINITSID_UNLABELED in the abscence of any > > external labeling (labeled IPsec or NetLabel)? > > > > Ungh, my apologies ... I meant to say "SECINITSID_NETMSG" *not* > "SECINITSID_UNLABELED".
In the xfrm/NetLabel/semark case, you have configured (domain) labels that are meant to be carried by the skb. Whereas that's not the case with network_t. So, just a flow_in check was in order here. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html