You are viewing paulmoore

Previous Entry | Next Entry

Labeled Networking in Linux 2.6.29

paulmoore
While the 2.6.28 release of the Linux Kernel brought a lot changes to the labeled networking code the 2.6.29 release is much smaller with only a handful of fixes and a partially implemented new feature, single label host support for Smack. The new single label host support for Smack allows users to specify a single, static security label for a network or single host which is used when network labeling protocols are not supported or can not be used. It essentially brings NetLabel's fallback label functionality to Smack for the first time. Unfortunately, there were some problems in the implementation that were not spotted in time to be resolved for the 2.6.29 release which means that TCP connections may not behave as you expect when using the new single label functionality in Smack. UDP should work as expected as well as TCP connections made when the single label support is not configured.

Hopefully we will have a fix in place before the 2.6.30 merge window closes, if so I'll work to get the fix backported to the -stable trees so that the Smack single label support in Linux 2.6.29 will work correctly. Once that it settled I'll post a quick How-To here so you can try it yourself (I expect this to be a very popular addition to Smack).

Tags:

counter create hit

Profile

paulmoore
paulmoore
Paul Moore

Latest Month

September 2012
S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
30      
Powered by LiveJournal.com
Designed by Tiffany Chow