Joy,
Thanks for your comment and sorry for the delay. Did you mean a
separate error code for 'null' context? The current code catches the
case when the sid is SECSID_NULL, and returns ENOPROTOOPT. The
question is whether we want to create a different error code for this
case. Any suggestions?
thanks,
Catherine
On 2/10/06, Joy Latten <[EMAIL PROTECTED]> wrote:
> Catherine,
> I am just wondering about something...
> Should a peer_sid of 0 or SECSID_NULL be an error here if
> the connection doesn't have a transform? I understand we only get
> peer's context if a xfrm is involved, but I am thinking
> most user applications may not kno or care if there is a xfrm.
> If not treated as an error, it looks like security_to_sid_context()
> would just return "null" for context. Would that be acceptable?
>
> Perhaps it is just important that we document the behaviour because
> I am thinking most user apps will not care or know if ipsec is
> running, so programmers may use this socket option to get peer
> context and may need to understand why they received an error of
> ENOPROTOOPT.
>
> > }
> > + else {
> > err = -ENOPROTOOPT;
> > goto out;
> > }
> >
> > - ssec = sock->sk->sk_security;
> > -
> > - err = security_sid_to_context(ssec->peer_sid, &scontext,
> > &scontext_len);
> > + err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
> > +
> > if (err)
> > goto out;
> >
> > @@ -3396,6 +3410,23 @@ out:
> > return err;
> > }
> >
> > +
>
> Regards,
> Joy
>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
