Re: [PATCH 1/2] LSM-IPSec Networking Hooks --
revised flow cache [resend]
On Tue, Aug 09, 2005 at 02:20:45PM -0400, Trent Jaeger wrote:
>
> > What makes spddelete different from spdadd?
>
> spddelete takes a context string as input and we need to retrieve the
> policy t
On Tue, Aug 09, 2005 at 02:20:45PM -0400, Trent Jaeger wrote:
>
> > What makes spddelete different from spdadd?
>
> spddelete takes a context string as input and we need to retrieve the
> policy that matches the selector (xfrm_policy_bysel) and the security
> context. The additional code checks
Trent Jaeger <[EMAIL PROTECTED]> wrote:
>
> This is specific to CONFIG_SECURITY_NETWORK_XFRM as contexts will only be
> used in that case. I will make it conditional on that instead, if that's
> OK.
That sounds good.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{Pm
> > @@ -2108,7 +2230,18 @@ static int pfkey_spddelete(struct sock *
> > if (sel.dport)
> > sel.dport_mask = ~0;
> >
> > -xp = xfrm_policy_bysel(pol->sadb_x_policy_dir-1, &sel,
1);
> > +sec_ctx = (struct sadb_x_sec_ctx *)
ext_hdrs[
> > @@ -2703,10 +2837,22 @@ static struct xfrm_policy *pfkey_compile
> > (*dir = parse_ipsecrequests(xp, pol)) < 0)
> > goto out;
> >
> > +/* security context too */
> > +if (len >= (pol->sadb_x_policy_len*8 +
> > +
I have a few questions on your comments. The ones for which I do not have
questions, I will modify as suggested.
> > diff -puN include/net/xfrm.h~lsm-xfrm-nethooks include/net/xfrm.h
>> --- linux-2.6.13-rc4-xfrm/include/net/xfrm.h~lsm-xfrm-nethooks
2005-08-01 16:11:22.0 -0400
>> +++ li
CH 1/2] LSM-IPSec Networking Hooks --
revised flow cache [resend]
On Tue, Aug 02, 2005 at 02:04:41PM -0400, jaegert wrote:
> Resend of 20 July patch that repaired the flow_cache_lookup
> authorization (now for 2.6.13-rc4-git4).
Thanks Trent. I'm happy with the flow cache stuff n
On Tue, Aug 02, 2005 at 02:04:41PM -0400, jaegert wrote:
> Resend of 20 July patch that repaired the flow_cache_lookup
> authorization (now for 2.6.13-rc4-git4).
Thanks Trent. I'm happy with the flow cache stuff now.
However, there are still some technical details to take
care of.
> diff -puN i
On Tue, Aug 02, 2005 at 02:04:41PM -0400, jaegert wrote:
> Resend of 20 July patch that repaired the flow_cache_lookup
> authorization (now for 2.6.13-rc4-git4).
Thanks for the resend. I'll try to get back to you soon.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <
Resend of 20 July patch that repaired the flow_cache_lookup
authorization (now for 2.6.13-rc4-git4).
Verified that failed authorization results in a new resolution.
Note that the prior [PATCH 2/2] of 18 July works with this patch, so
there will be no resend of it. Please let me know if a resend
10 matches
Mail list logo
