[redhat-lspp] using ah and esp protocols in ipsec
Joy Latten
latten at austin.ibm.com
Fri Oct 20 23:36:12 UTC 2006
Venkat,
Yes, this fixes the problem. This is needed in the 52 kernel.
I will now concentrate on the mls part of labeled ipsec. :-)
Thanks!
Regards,
Joy
On Wed, 2006-10-18 at 10:47 -0500, Venkat Yekkirala wrote:
> > > I am not sure what to look for to verify that your socket
> > patches are
> > > in the 52 kernel, but I'll try and take a look tomorrow
> > morning. It was
> > > working in eric's kernel.
> >
> > I believe the secid patches are *not* in the lspp.52 kernel.
>
> That's correct. The mlsxfrm fixes should have been in a separate
> patch. I am planning to do a separate mlsxfrm patch anyway with
> this as well as moving the association sendto into the kernel.
>
> Meanwhile, Joy, can you rebuild the lspp-52 kernel with the following
> change to include/linux/security.h:security_xfrm_state_alloc_acquire()
>
> @@ -3151,7 +3186,11 @@ static inline int security_xfrm_state_al
> {
> if (!polsec)
> return 0;
> - return security_ops->xfrm_state_alloc_security(x, NULL, polsec,
> secid);
> + /*
> + * No need to pass polsec along since we want the context to be
> + * taken from secid which is usually from the sock.
> + */
> + return security_ops->xfrm_state_alloc_security(x, NULL, NULL,
> secid);
> }
>
> static inline int security_xfrm_state_delete(struct xfrm_state *x)
More information about the redhat-lspp
mailing list