From: Paul Moore <[EMAIL PROTECTED]> The CIPSOv4 engine currently has MLS label limits which are slightly larger than what the draft allows. This is not a major problem due to the current implementation but we should fix this so it doesn't bite us later.
Signed-off-by: Paul Moore <[EMAIL PROTECTED]> --- include/net/cipso_ipv4.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Index: net-2.6.20_netlabel-base-work/include/net/cipso_ipv4.h =================================================================== --- net-2.6.20_netlabel-base-work.orig/include/net/cipso_ipv4.h +++ net-2.6.20_netlabel-base-work/include/net/cipso_ipv4.h @@ -58,10 +58,10 @@ #define CIPSO_V4_MAP_PASS 2 /* limits */ -#define CIPSO_V4_MAX_REM_LVLS 256 +#define CIPSO_V4_MAX_REM_LVLS 255 #define CIPSO_V4_INV_LVL 0x80000000 #define CIPSO_V4_MAX_LOC_LVLS (CIPSO_V4_INV_LVL - 1) -#define CIPSO_V4_MAX_REM_CATS 65536 +#define CIPSO_V4_MAX_REM_CATS 65534 #define CIPSO_V4_INV_CAT 0x80000000 #define CIPSO_V4_MAX_LOC_CATS (CIPSO_V4_INV_CAT - 1) -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
