On Sun, 29 Sep 2002, James Morris wrote: > Yes. There are some networking hooks which (AFAIK) are not being used by > public GPL projects, which will probably have to be omitted. Just a clarification on this. The hooks in question are ip_fragment(), ip_defragment(), ip_encapsulate() and ip_decapsulate(). Technically they are being used by SELinux, which exposes them via its NSID API for use in labeled networking. However, nothing is currently using these components of the NSID API. If the acid test for submission of hooks to the mainline kernel is use by a GPL module, I'm not sure how well this passes. Certainly, these hooks are necessary for explicitly labeled networking, and I'd really prefer not to see them go. The encap/decap hooks are also potentially useful for nested SA processing under IPsec. It would help a lot if anyone else who may be using these hooks could let us know (or preferably release some code). - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 05:06:28 PDT