From: Venkat Yekkirala [EMAIL PROTECTED]
Date: Wed, 12 Jul 2006 16:14:42 -0500
This labels the flows that could utilize IPSec xfrms at the points they
are defined so that IPSec policy and SAs at the right label can be used.
The following protos are currently not handled, but they should
On Thu, 13 Jul 2006, David Miller wrote:
The other changes I'm either OK with, or they are outside my scope of
knowledge (the stuff that lives inside of SELINUX).
The security side of things looks ok to me.
Herbert, any review from you on this would be greatly appreciated.
- James
--
James
On Fri, Jul 14, 2006 at 09:54:59AM -0400, James Morris wrote:
Herbert, any review from you on this would be greatly appreciated.
OK, I'll try to have a look tomorrow (I'm GMT-4 at the moment).
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
On Wed, 12 Jul 2006, Venkat Yekkirala wrote:
This labels the flows that could utilize IPSec xfrms at the points they
are defined so that IPSec policy and SAs at the right label can be used.
The following protos are currently not handled, but they should continue
to be able to use
This labels the flows that could utilize IPSec xfrms at the points they
are defined so that IPSec policy and SAs at the right label can be used.
The following protos are currently not handled, but they should continue
to be able to use single-labeled IPSec like they currently do.
ipmr
ip_gre
On Wed, 12 Jul 2006, Venkat Yekkirala wrote:
+static inline void security_xfrm_skb_secid(struct sk_buff *skb, u32 *secid)
{
- return security_ops-xfrm_decode_session(skb, fl);
+ BUG_ON(security_ops-xfrm_decode_session(skb, secid, 0));
BUG_ON looks wrong here, in that you don't know