On Fri, 7 Feb 2003, Makan Pourzandi (LMC) wrote:

Hi all,

My comments conecrn the (ip_decode_options, ip_encapsulate and
ip_decapsulate) hooks. Even, if James has done much regarding this topic
and I'm sure that he knows much more than me about it, I wanted to give
my 2 cents on why we should keep these hooks in future releases.

As mentioned during the last week, the current set of network hooks will
not directly support explicitly labeled networking.  It's not just the ip
hooks: you'd also need the skb and possibly other rejected hooks to make 
it useful.

Possibilities moving forward include reworking the design of the relevant
LSM frameork components so that they are acceptable to the network
maintainers in a future kernel release cycle, and investigating other
schemes such as implicit labeling (e.g. Ajaya Chitturi's work on the Flask
project).


- James
-- 
James Morris 
[off-list ref]