Paul Moore wrote:
On Tuesday, February 27 2007 11:11:54 am Loulwa Salem wrote:
Paul Moore wrote:
> On Monday, February 26 2007 7:17:19 pm Loulwa Salem wrote:
...
> Something odd is happening as based on the packet dump the CIPSO option
> is 10
bytes long, which for tag type 1 would indicate a lack of categories yet
you are using "c2" which should map to CIPSO category "1" based on your DOI
settings. To further complicate things, assuming I've done my quick math
correctly the ICMP parameter error is pointing at the CIPSO length field in
the tag. It's hard to say for certain at this point, but it kinda looks
like the packet is not being created correctly.
> Please retry with the following CIPSO DOI configuration:
>
> # netlabelctl cipsov4 add pass doi:1 tags:1
The setting above works fine .. that's what I've been using for most of my
test cases. I am able to log in to the system with above setting enabled.
Interesting, that would indicate there is a problem somewhere with the "std"
mapping. It will be good to know when this broke, i.e. please report back
when you find the kernel rev that worked for you.
I traced it back to .63 kernel and it is still broken there .. I don't have
access to anything prior to that. If someone has access to an older system ..
please try it. Paul, were you able to reproduce the problem?
I'll keep trying to get the bottom of this meanwhile.
- Loulwa
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
