[redhat-lspp] using ah and esp protocols in ipsec
Joy Latten
latten at austin.ibm.com
Tue Oct 17 22:13:52 UTC 2006
Hi Venkat,
I have been using old kernel, my apologies. I have updated to 52 kernel
and will retry my test efforts. I am running in permissive. I will let
you know if I see anything unusual.
Regards,
Joy
On Tue, 2006-10-17 at 14:00 -0500, Venkat Yekkirala wrote:
> Hi Joy,
>
> Could you please tell me if you have the secid patches
> on your kernel. I ask because that's what has got the
> change where an SA gets the label from the creating
> socket/flow.
>
> As for the MLS portion, it should be whatever level ping is
> running at. Also, are you running in permissive?
>
> Thanks,
>
> venkat
>
> PS: Sorry I seem to have missed your past query on this.
>
> > -----Original Message-----
> > From: Joy Latten [mailto:latten at austin.ibm.com]
> > Sent: Monday, October 16, 2006 5:21 PM
> > To: paul.moore at hp.com
> > Cc: redhat-lspp at redhat.com
> > Subject: [redhat-lspp] using ah and esp protocols in ipsec
> >
> >
> > Paul,
> >
> > When ipsec policy is specified as:
> >
> > spdadd 9.3.189.57 9.3.192.210 any
> > -ctx 1 1 "system_u:object_r:passwd_t:s3"
> > -P out ipsec
> > esp/transport//require ah/transport//require;
> >
> > Since I specified both esp and ah protocols,
> > racoon created 4 SAs, 2 for esp and 2 for AH.
> > All four SAs created had the following security context:
> > security context: root:sysadm_r:ping_t:s0-s15:c0.c1023
> > (A ping resulted in the SAs being created.)
> >
> > Hope this helps. Let me know if there is anything else I
> > can help with.
> >
> > Regards,
> > Joy
> >
> > --
> > redhat-lspp mailing list
> > redhat-lspp at redhat.com
> > https://www.redhat.com/mailman/listinfo/redhat-lspp
> >
More information about the redhat-lspp
mailing list