m_pkthdr.label now moved to m_tag
Robert Watson
rwatson at FreeBSD.org
Tue Apr 15 10:35:45 PDT 2003
On Tue, 15 Apr 2003, Ilmar S. Habibulin wrote:
> On Tue, 15 Apr 2003, Robert Watson wrote:
>
> > This change is in the implementation details regarding how internalized
> > labels are stamped onto m_tag's -- it doesn't make any changes to where
> > those labels come from. As with before, I think the three most useful
> > approaches to take are CIPSO, IPsec, and firewall-derived labels, none of
> > which are implemented in the base system or MAC tree currently.
>
> I understood, that this only changes labels' location. My question was -
> would RIPSO/CIPSO/IPSEC labels implemented and included in the base
> freebsd system. Are there any plans about that?
There are no current plans, although your CIPSO and IPsec patches have
been floating around and we've been meaning to update and adapt them for
ages. Unfortunately, time constraints have thus far prevented that. I
have hopes we will get to it within a few months, however. I'd like very
much to ship 5.1 with at least IPsec support.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the freebsd-current
mailing list