From owner-freebsd-current@FreeBSD.ORG  Tue Apr 15 10:35:45 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 875BF37B401
	for <current@FreeBSD.org>; Tue, 15 Apr 2003 10:35:45 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 74BAD43FE3
	for <current@FreeBSD.org>; Tue, 15 Apr 2003 10:35:44 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.9/8.12.9) with SMTP id h3FHZxrE036997;
	Tue, 15 Apr 2003 13:35:59 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 15 Apr 2003 13:35:58 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: "Ilmar S. Habibulin" <ilmar@watson.org>
In-Reply-To: <20030415092837.G92160@fledge.watson.org>
Message-ID: <Pine.NEB.3.96L.1030415133458.33292F-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@FreeBSD.org
Subject: Re: m_pkthdr.label now moved to m_tag
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2003 17:35:45 -0000


On Tue, 15 Apr 2003, Ilmar S. Habibulin wrote:

> On Tue, 15 Apr 2003, Robert Watson wrote:
> 
> > This change is in the implementation details regarding how internalized
> > labels are stamped onto m_tag's -- it doesn't make any changes to where
> > those labels come from.  As with before, I think the three most useful
> > approaches to take are CIPSO, IPsec, and firewall-derived labels, none of
> > which are implemented in the base system or MAC tree currently.
> 
> I understood, that this only changes labels' location. My question was -
> would RIPSO/CIPSO/IPSEC labels implemented and included in the base
> freebsd system. Are there any plans about that? 

There are no current plans, although your CIPSO and IPsec patches have
been floating around and we've been meaning to update and adapt them for
ages.  Unfortunately, time constraints have thus far prevented that.  I
have hopes we will get to it within a few months, however.  I'd like very
much to ship 5.1 with at least IPsec support. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories