[redhat-lspp] Re: different cipso mapping behavior
Linda Knippers
linda.knippers at hp.com
Tue Feb 27 19:25:06 UTC 2007
Is there a bugzilla for this? If not, will you please open one?
Thanks,
-- ljk
Loulwa Salem wrote:
> Paul Moore wrote:
>
>> On Tuesday, February 27 2007 11:11:54 am Loulwa Salem wrote:
>>
>>> Paul Moore wrote:
>>> > On Monday, February 26 2007 7:17:19 pm Loulwa Salem wrote:
>>>
>>> ...
>>>
>>> > Something odd is happening as based on the packet dump the CIPSO
>>> option
>>> > is 10
>>>
>>> bytes long, which for tag type 1 would indicate a lack of categories yet
>>> you are using "c2" which should map to CIPSO category "1" based on
>>> your DOI
>>> settings. To further complicate things, assuming I've done my quick math
>>> correctly the ICMP parameter error is pointing at the CIPSO length
>>> field in
>>> the tag. It's hard to say for certain at this point, but it kinda looks
>>> like the packet is not being created correctly.
>>>
>>> > Please retry with the following CIPSO DOI configuration:
>>> >
>>> > # netlabelctl cipsov4 add pass doi:1 tags:1
>>>
>>> The setting above works fine .. that's what I've been using for most
>>> of my
>>> test cases. I am able to log in to the system with above setting
>>> enabled.
>>
>>
>>
>> Interesting, that would indicate there is a problem somewhere with the
>> "std" mapping. It will be good to know when this broke, i.e. please
>> report back when you find the kernel rev that worked for you.
>
>
> I traced it back to .63 kernel and it is still broken there .. I don't
> have access to anything prior to that. If someone has access to an older
> system .. please try it. Paul, were you able to reproduce the problem?
>
> I'll keep trying to get the bottom of this meanwhile.
>
> - Loulwa
>
>
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
More information about the redhat-lspp
mailing list