On Wed, 2011-08-03 at 21:01 -0700, Casey Schaufler wrote: > On 8/3/2011 4:24 PM, Serge E. Hallyn wrote: > > Quoting Andre Nathan (an...@digirati.com.br): > >> Hi Mike > >> > >> On Wed, 2011-08-03 at 17:52 -0400, Michael H. Warfield wrote: > >>> That's v4 syntax. Does it not work at all? Did you try this: > >>> > >>> echo ::/0 @ > /smack/netlabel > >>> > >>> Not having tried this myself at all, I'm just asking. If it doesn't > >>> work, that needs to be fixed but it's a SMACK bug. > >> Olivier's IPv4 example works fine, but with IPv6 I get an error: > >> > >> # echo ::/0 @ > /smack/netlabel > >> -bash: echo: write error: Invalid argument > > Looking at linux-2.6/security/smack/smackfs.c, nothing but > > 'a.b.c.d label' or 'a.b.c.d/mask label' is allowed. Now, > > smack_lsm.c does suggest that it wants to work with IPV6, > > but I haven't looked closely enough to tell how it will > > try to match the labels. > > > > Casey, is Smack netlabel supposed to work with IPV6?
> IPv6 support is a pending work item for Smack. The whole > IPSEC thing makes it much more difficult than IPv4. ??? Whoa... Hold da phone a minute! I'm a contributor and developer to Openswan (I'm the author of some code for some Cisco ASA compatibility) and other VPN projects. That does not compute to me. How does IPsec make IPv6 more difficult? Are you saying you do not support IPsec on IPv4 but support is required on IPv6 or is there something else in v6 that I'm missing here. IPv6 does complicate things when you get into IKE v2 world where you can directly tunnel a v6 network over v4 endpoints which IKE v1 did not provide for. Is this the problem? The cross protocol encapsulations? Openswan supports 3 stacks, Netkey (the kernel native), KLIPS (the original FreeS/WAN stack), and Mast. My personal primary focus has been on the Netkey stack which is managed through the "ip xfrm" commands and functions. To the user space, IPv6 and IPv4 are agnostic. How does v6 in SMACK space become more difficult for v6? It shouldn't be... > > thanks, > > -serge Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users