> > > ------------------------------------------------------ > > > Subject: Smack: unlabeled outgoing ambient packets > > > From: Casey Schaufler <[EMAIL PROTECTED]> > > > > > > Smack uses CIPSO labeling, but allows for unlabeled packets by > > > specifying an "ambient" label that is applied to incoming > > > unlabeled packets. Because the other end of the connection may > > > dislike IP options, and ssh is one know application that behaves > > > thus ...
I forgot to mention this earlier, but RHEL/Fedora/Rawhide has a patched version of SSH (see RH bugzilla #202856 for the discussion/patch) that fixes the problem of IPv4 options causing SSH to reject the connection. It turns out that SSH is being a bit overzealous (rejecting all IPv4 options) in trying to reject source-routed packets. -- paul moore linux security @ hp -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
