Re: New hooks for sock structure

• Previous message: James Morris: "Re: Submitting LSM (Was: Re: OLS Bof info)"
• In reply to: James Morris: "Re: New hooks for sock structure"
• Next in thread: James Morris: "Re: New hooks for sock structure"
• Reply: James Morris: "Re: New hooks for sock structure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 11 Jul 2002 22:03:59 +1000, James Morris said:
> On Thu, 11 Jul 2002, Wayne Salamon wrote:

> > Also, what about
> > IPV6? It looks like the sock is zero'd by sk_alloc then the fields are
> > set. Are we going to support IPV6 in LSM?
> We could, but it may be better to wait until somebody needs it.  

I can't speak for others, but at least at my site, we'd want to deploy
anything on both v4 and v6 (and yes, enough of our traffic is already v6
that it would be a good-sized backdoor).  Our security policies tend to
be very transport-protocol neutral.

Only saving grace is that most of the *really* critical stuff for our
needs is doable with iptables.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

• application/pgp-signature attachment: stored

• Next message: Chris Wright: "Re: New hooks for sock structure"
• Previous message: James Morris: "Re: Submitting LSM (Was: Re: OLS Bof info)"
• In reply to: James Morris: "Re: New hooks for sock structure"
• Next in thread: James Morris: "Re: New hooks for sock structure"
• Reply: James Morris: "Re: New hooks for sock structure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 08:59:31 PDT