[redhat-lspp] How are SAs created in Eric's kernel?
Joy Latten
latten at austin.ibm.com
Wed Oct 4 23:26:10 UTC 2006
I am about to start a stress test for labeled ipsec and ran into a
question about change to create SAs.
I am running labeled ipsec. If after I start racoon, I do ping, an
SA is created with context root:sysadm_r:ping_t:s0-s15:c0.c1023.
This looks right to me. But when I issue an sftp, or start my stress
test with netperf, I notice that no new SAs are created. Looks like I am
using the same one. Is this correct? I am afraid I am missing some
logic, thus my question. I thought a new SA would be created per socket
and mls level? It appears to be per flow... Oh, my ipsec spd label is
system_u:object_r:unconfined_t:s2, for no particular reason but to test.
Sorry to bombard you with so many questions. :-) I am using Eric's
kernel.
Joy
More information about the redhat-lspp
mailing list