rtime.felk.cvut.cz Git - lisovros/iproute2

author	Joy Latten <jml@austin.ibm.com>
	Wed, 2 Feb 2011 23:31:39 +0000 (17:31 -0600)
committer	Stephen Hemminger <shemminger@vyatta.com>
	Thu, 17 Mar 2011 16:58:23 +0000 (09:58 -0700)
commit	2c319e1ab7ebd371c0230f549890ae6c8ba49c8e
tree	9d86471ef755418e98abee6a7137c170d0a2fed9	tree \| snapshot
parent	f0612d566b8bb76866fa772076412d290ed4cf5e	commit \| diff

xfrm security context support

In the Linux kernel, ipsec policy and SAs can include a
security context to support MAC networking. This feature
is often referred to as "labeled ipsec".

This patchset adds security context support into ip xfrm
such that a security context can be included when
add/delete/display SAs and policies with the ip command.
The user provides the security context when adding
SAs and policies. If a policy or SA contains a security
context, the changes allow the security context to be displayed.

For example,
ip xfrm state
src 10.1.1.6 dst 10.1.1.2
proto esp spi 0x00000301 reqid 0 mode transport
replay-window 0
auth hmac(digest_null) 0x3078
enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031
security context root:system_r:unconfined_t:s0

Please let me know if all is ok with the patchset.
Thanks!!

regards,
Joy

Signed-off-by: Joy Latten <latten@austin.ibm.com>

ip/ipxfrm.c		diff \| blob \| history
ip/xfrm.h		diff \| blob \| history