On Fri, Jul 14, 2006 at 09:54:59AM -0400, James Morris wrote:
>
> Herbert, any review from you on this would be greatly appreciated.
Looks good to me.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~he
On Fri, Jul 14, 2006 at 09:54:59AM -0400, James Morris wrote:
>
> Herbert, any review from you on this would be greatly appreciated.
OK, I'll try to have a look tomorrow (I'm GMT-4 at the moment).
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECT
On Thu, 13 Jul 2006, David Miller wrote:
> The other changes I'm either OK with, or they are outside my scope of
> knowledge (the stuff that lives inside of SELINUX).
The security side of things looks ok to me.
Herbert, any review from you on this would be greatly appreciated.
- James
--
Jame
From: Venkat Yekkirala <[EMAIL PROTECTED]>
Date: Wed, 12 Jul 2006 16:14:42 -0500
> This labels the flows that could utilize IPSec xfrms at the points they
> are defined so that IPSec policy and SAs at the right label can be used.
>
> The following protos are currently not handled, but they should
On Wed, 12 Jul 2006, Venkat Yekkirala wrote:
> This labels the flows that could utilize IPSec xfrms at the points they
> are defined so that IPSec policy and SAs at the right label can be used.
>
> The following protos are currently not handled, but they should continue
> to be able to use single
On Wed, 12 Jul 2006, Venkat Yekkirala wrote:
> +static inline void security_xfrm_skb_secid(struct sk_buff *skb, u32 *secid)
> {
> - return security_ops->xfrm_decode_session(skb, fl);
> + BUG_ON(security_ops->xfrm_decode_session(skb, secid, 0));
>
BUG_ON looks wrong here, in that you don'
This labels the flows that could utilize IPSec xfrms at the points they
are defined so that IPSec policy and SAs at the right label can be used.
The following protos are currently not handled, but they should continue
to be able to use single-labeled IPSec like they currently do.
ipmr
ip_gre
ipi
