> That's fine by me, I just wanted to make sure something like > that would > be acceptable. So, in summary, we would do the normal flow_in checks > for both IPsec and NetLabel and then set the secmark using the IPsec > label as the "base sid" for the NetLabel's generated SID?
That's correct (in short you won't care if IPSec was in use or not, you would just use the secmark at that point as the base sid in coming up with the NetLabel sid, and if it flow controls fine vis a vis the secmark you would replace secmark with the NetLabel sid. The logic flow is quite natural and intuitive for the users as well). - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
