Bill Sommerfeld wrote: > http://www.opensolaris.org/os/project/txipsec/Design/
Section 5.3 - I believe you intended to refer to the NET_MAC_AWARE privilege in this section? I don't understand what is meant by "exempt from labeling". Can you describe what checks are bypassed or modified on the incoming and outgoing sides? I noticed that section 5.5.2 describes labeling rules for IKE traffic on the outgoing side. Section 5.4.2 - I assume the phrase "any existing packet label" refers to both the dblk label and a possible cipso label in the message text? Section 5.4.3 - Will there be any consistency checks on the outer label of received messages? Section 5.5.2 item 2 - You should also route IKE Key management traffic as if it has the specified label. Ken
