I believe this one got bounced as well (last one). -----Original Message----- From: Venkat Yekkirala Sent: Wednesday, June 14, 2006 2:31 PM To: 'James Morris' Cc: [email protected]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [RFC] [MLSXFRM 00/04] Granular IPSec associations for use in MLS environments
> Are these bug fixes independent of the new functionality? If > so, they > need to be submitted first under separate cover. They are really architectural level fixes and as such are available as part of this patch. > > > Outstanding items/issues: > > - xfrm_user needs to be altered also to include the > security context in acquire messages. This > > patch set already includes changes for PF_KEY/acquire. > > Given that xfrm_user is the native Linux interface, it needs > to be done > (preferrably first). Yes. Joy has offered to help and is currently working on this. Since this effort was geared toward lspp project I initially concentrated on the PF_KEY interface. But you are right. > > > - Timewait acknowledgements and such are generated in the > current/upstream implementation using > > a NULL socket resulting in the any_socket sid > (SYSTEM_HIGH) to be used. This problem is not > > addressed by this patch set. > > This seems fairly problematic. Yes. We should figure this out in due course. I just wanted to make people aware. > > Also, as Trent is the original author of this work, his input > on these > changes is critical. > Very much so. Thanks. -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
