[redhat-lspp] Re: [RFC] [MLSXFRM 02/04] Add enforcement to SE Linux LSM
Trent Jaeger
tjaeger at cse.psu.edu
Tue Jun 20 02:36:41 UTC 2006
On Jun 19, 2006, at 11:55 AM, Venkat Yekkirala wrote:
>
>
> The key concept here is the flow. The flow attributes (derived from
> the
> socket
> in the locally generated case, derived from the packet in the
> forwarding
> case, etc.)
> determine the xfrm policy to use on the outbound. On the inbound,
> it's again the flow attributes (derived from the packet) that need to
> satisfy
> a xfrm policy rule (the first matching one) completely
>
> REGARDLESS OF WHETHER THE PACKET IS HEADED FOR A LOCAL SOCKET OR IS
> BEING
> ROUTED OUT (FORWARDING CASE).
OK.
What you are saying makes sense. I will take a last look at the code
tomorrow, and give OK (assuming optimism).
Regards,
Trent.
----------------------------------------------
Trent Jaeger, Associate Professor
Pennsylvania State University, CSE Dept
346A IST Bldg, University Park, PA 16802
Email: tjaeger at cse.psu.edu
Ph: (814) 865-1042, Fax: (814) 865-3176
More information about the redhat-lspp
mailing list