On Thu, 2007-03-29 at 12:35 -0400, James Morris wrote:
On Thu, 29 Mar 2007, Eric Paris wrote:
Right before FC6 we turned off CONFIG_SECURITY_NETWORK_XFRM since there was a lot of development still going on in that areas especially concerning secid reconciliation between that and secmark. The reconciliation work was killed upstream and XFRM labeling has been worked on upstream and has been tested by the LSPP group for quite some time now with success.
I'd like to get both of them turned back on so Fedora users can make use of xfrm labeled networking.
I definitely think it needs to be enabled, and I don't think it should impact any normal users (you need to specially configure ipsec for anything to happen).
Do we have the userland patches for racoon etc. in Fedora ?
I just checked and the rawhide ipsec tools appear to have all of the patches the could be needed for labeled net to work. I see no reason this couldn't be turned on in both FC6 and devel.
-Eric