On Wed, 5 Jul 2006, Venkat Yekkirala wrote: > The following aren't addressed in this round. These will however still be > able to use > single-labeled associations like they currently do as defined by policy, and > as such > I currently do not have any plans to add support for them. > > ipmr > ip_gre > ipip > igmp > sit > sctp > ip6_tunnel (IPv6 over IPv6 tunnel device) > decnet
This seems problematic in that it's not a general solution and depends always on hooking in at all of the right places in every protocol. Adding a bunch of hooks to protocol-specific code is what got us in trouble with the initial LSM submission. What about using secmark and connection tracking for this, instead? I'd also suggest moving this discussion to netdev, so other network developers & maintainers can participate, or just keep track of the discussion. - James -- James Morris <[EMAIL PROTECTED]> -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
