[Dev] Debug CIPSO content
Hi, What is the easiest way to debug/log CIPSO content from packet going to network output/internet? Tks ___ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
Re: [Dev] Debug CIPSO content
Wireshark works reasonably well for reading packets with IP options, including CIPSO. From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Saulo A. Moraes Sent: Monday, February 13, 2017 3:53 PM To: dev@lists.tizen.org Subject: [Dev] Debug CIPSO content Hi, What is the easiest way to debug/log CIPSO content from packet going to network output/internet? Tks ___ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
Re: [Dev] Debug CIPSO content
You can find the Smack label to CIPSO packet mapping in /sys/fs/smackfs/cipso2 From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Saulo A. Moraes Sent: Monday, February 13, 2017 3:53 PM To: dev@lists.tizen.org Subject: [Dev] Debug CIPSO content Hi, What is the easiest way to debug/log CIPSO content from packet going to network output/internet? Tks ___ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
Re: [Dev] Debug CIPSO content
I can see the CIPSO label in "/proc/self/attr/current" (maybe some cipso parameters are missing here?). But when network packet label is included? Can label be filtered in nfqueue? Sent: Monday, February 13, 2017 at 10:03 PM From: "Schaufler, Casey" To: "Saulo A. Moraes" , "dev@lists.tizen.org" Subject: RE: [Dev] Debug CIPSO content You can find the Smack label to CIPSO packet mapping in /sys/fs/smackfs/cipso2 From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Saulo A. Moraes Sent: Monday, February 13, 2017 3:53 PM To: dev@lists.tizen.org Subject: [Dev] Debug CIPSO content Hi, What is the easiest way to debug/log CIPSO content from packet going to network output/internet? Tks ___ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
Re: [Dev] Debug CIPSO content
/proc/self/attr/current will tell you the Smack label of the process. The mapping of Smack label to CIPSO tag is in /sys/fs/smackfs/cipso2. If you are running an older system it might be in /smack/cipso2. Netfilter support is relatively recent. What kernel version and Smack configuration options (grep for “SMACK” in the kernel configuration file) you have set. What kernel revision are you looking at? From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Saulo A. Moraes Sent: Tuesday, February 14, 2017 4:08 PM To: dev@lists.tizen.org Subject: Re: [Dev] Debug CIPSO content I can see the CIPSO label in "/proc/self/attr/current" (maybe some cipso parameters are missing here?). But when network packet label is included? Can label be filtered in nfqueue? Sent: Monday, February 13, 2017 at 10:03 PM From: "Schaufler, Casey" mailto:casey.schauf...@intel.com>> To: "Saulo A. Moraes" mailto:sa...@gmx.com>>, "dev@lists.tizen.org<mailto:dev@lists.tizen.org>" mailto:dev@lists.tizen.org>> Subject: RE: [Dev] Debug CIPSO content You can find the Smack label to CIPSO packet mapping in /sys/fs/smackfs/cipso2 From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Saulo A. Moraes Sent: Monday, February 13, 2017 3:53 PM To: dev@lists.tizen.org<mailto:dev@lists.tizen.org> Subject: [Dev] Debug CIPSO content Hi, What is the easiest way to debug/log CIPSO content from packet going to network output/internet? Tks ___ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
Re: [Dev] Debug CIPSO content
I am testing in Tizen 3.0 with kernel version 4.4.35, it is the same image from latest Tizen Studio version, hope it is supported. Sent: Tuesday, February 14, 2017 at 10:14 PM From: "Schaufler, Casey" To: "Saulo A. Moraes" , "dev@lists.tizen.org" Subject: RE: [Dev] Debug CIPSO content /proc/self/attr/current will tell you the Smack label of the process. The mapping of Smack label to CIPSO tag is in /sys/fs/smackfs/cipso2. If you are running an older system it might be in /smack/cipso2. Netfilter support is relatively recent. What kernel version and Smack configuration options (grep for “SMACK” in the kernel configuration file) you have set. What kernel revision are you looking at? From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Saulo A. Moraes Sent: Tuesday, February 14, 2017 4:08 PM To: dev@lists.tizen.org Subject: Re: [Dev] Debug CIPSO content I can see the CIPSO label in "/proc/self/attr/current" (maybe some cipso parameters are missing here?). But when network packet label is included? Can label be filtered in nfqueue? Sent: Monday, February 13, 2017 at 10:03 PM From: "Schaufler, Casey" <casey.schauf...@intel.com> To: "Saulo A. Moraes" <sa...@gmx.com>, "dev@lists.tizen.org" <dev@lists.tizen.org> Subject: RE: [Dev] Debug CIPSO content You can find the Smack label to CIPSO packet mapping in /sys/fs/smackfs/cipso2 From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Saulo A. Moraes Sent: Monday, February 13, 2017 3:53 PM To: dev@lists.tizen.org Subject: [Dev] Debug CIPSO content Hi, What is the easiest way to debug/log CIPSO content from packet going to network output/internet? Tks ___ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
Re: [Dev] Debug CIPSO content
I am testing in Tizen 3.0 with kernel version 4.4.35, it is the same image from latest Tizen Studio version, hope it is supported. -- Sent from my Android phone with GMX Mail. Please excuse my brevity.On 15/02/2017, 10:44 "Saulo A. Moraes" wrote: I am testing in Tizen 3.0 with kernel version 4.4.35, it is the same image from latest Tizen Studio version, hope it is supported. ___ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
