I'm trying to use TrustedBSD MAC network subsytem hooks to implement MLS packet labeling. These hooks are mac_update_mbuf_from_cipso() and mac_create_inpcb_from_socket(). The first one is called in ip_dooptions() in order to label mbuf with packets' label. The second fills inp->inp_options. As i understand this must point to mbuf, holding ip options (struct ipoptions), which later will be inserted in the outgoing packet. Options are inserted, peer IP level recognizes and processes them correctly. But TCP level drops the packet because of invalid check sum. I've used this scheme in 2.2.5 and 5.0-current(april or may 2002), but it didn't work in 5.2.1. How can i figure out my mistake, or what may i do wrong?
thanks in advance _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
