On Tue, Aug 09, 2005 at 02:20:45PM -0400, Trent Jaeger wrote: > > > What makes spddelete different from spdadd? > > spddelete takes a context string as input and we need to retrieve the > policy that matches the selector (xfrm_policy_bysel) and the security > context. The additional code checks the latter. I think that the > conversion of the context string to a 'normalized' context struct must be > done by the LSM before we can do this check as done above.
What I meant is why does spdadd do pfkey_sadb2xfrm_user_ctx while spddelete doesn't? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
