[redhat-lspp] Re: different cipso mapping behavior
Loulwa Salem
loulwas at us.ibm.com
Tue Feb 27 16:11:54 UTC 2007
Paul Moore wrote:
> On Monday, February 26 2007 7:17:19 pm Loulwa Salem wrote:
...
>
> Something odd is happening as based on the packet dump the CIPSO option is 10
bytes long, which for tag type 1 would indicate a lack of categories yet you are
using "c2" which should map to CIPSO category "1" based on your DOI settings.
To further complicate things, assuming I've done my quick math correctly the
ICMP parameter error is pointing at the CIPSO length field in the tag. It's
hard to say for certain at this point, but it kinda looks like the packet is not
being created correctly.
>
> Please retry with the following CIPSO DOI configuration:
>
> # netlabelctl cipsov4 add pass doi:1 tags:1
The setting above works fine .. that's what I've been using for most of my test
cases. I am able to log in to the system with above setting enabled.
>
>
>> In the past this test used to pass.. so I was wondering if this is an
>> intended change, or something is not working.
>
>
>
> Which was the latest kernel which worked correctly?
>
I don't know for sure .. I constantly update my systems to latest drops and lspp
kernels. I am in the process of trying older kernels to see where it last worked.
so far .65 and .64 don't work... will update more as I try a few others ..
Thanks,
- Loulwa
More information about the redhat-lspp
mailing list