> > Fix SO_PEERSEC for tcp sockets to return the security context of > > the peer (as represented by the SA from the peer) as opposed to the > > SA used by the local/source socket. > > What about the case of a localhost TCP connection not using > xfrm labeling? > > Joe Nall raised this as an important requirement.
Yes. We need to come up with some new ideas on this (the failed secid-recon patchset sought to do this using the secmark field on the skb). The scope of this patchset is to strictly fix things related to labeled-xfrm. > > > > (Also, 'mlsxfrm' is MLS-specific). Will switch to "labeled-ipsec". - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html