[redhat-lspp] using ah and esp protocols in ipsec
Venkat Yekkirala
vyekkirala at trustedcs.com
Wed Oct 18 15:47:04 UTC 2006
> > I am not sure what to look for to verify that your socket
> patches are
> > in the 52 kernel, but I'll try and take a look tomorrow
> morning. It was
> > working in eric's kernel.
>
> I believe the secid patches are *not* in the lspp.52 kernel.
That's correct. The mlsxfrm fixes should have been in a separate
patch. I am planning to do a separate mlsxfrm patch anyway with
this as well as moving the association sendto into the kernel.
Meanwhile, Joy, can you rebuild the lspp-52 kernel with the following
change to include/linux/security.h:security_xfrm_state_alloc_acquire()
@@ -3151,7 +3186,11 @@ static inline int security_xfrm_state_al
{
if (!polsec)
return 0;
- return security_ops->xfrm_state_alloc_security(x, NULL, polsec,
secid);
+ /*
+ * No need to pass polsec along since we want the context to be
+ * taken from secid which is usually from the sock.
+ */
+ return security_ops->xfrm_state_alloc_security(x, NULL, NULL,
secid);
}
static inline int security_xfrm_state_delete(struct xfrm_state *x)
More information about the redhat-lspp
mailing list