I am about to start a stress test for labeled ipsec and ran into a question about change to create SAs.
I am running labeled ipsec. If after I start racoon, I do ping, an SA is created with context root:sysadm_r:ping_t:s0-s15:c0.c1023. This looks right to me. But when I issue an sftp, or start my stress test with netperf, I notice that no new SAs are created. Looks like I am using the same one. Is this correct? I am afraid I am missing some logic, thus my question. I thought a new SA would be created per socket and mls level? It appears to be per flow... Oh, my ipsec spd label is system_u:object_r:unconfined_t:s2, for no particular reason but to test. Sorry to bombard you with so many questions. :-) I am using Eric's kernel. Joy -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
