By sommerfeld on Nov 15, 2007
I'm in the midst of building our own flavor of labelled IPsec for Trusted Extensions, and took a look at what the "competition" (specifically, SELinux) is doing. I was surprised to notice that (at least if the ipsec-tools-0.7 source is to be believed) they've grabbed a codepoint assigned to RFC 3168 (Explicit Congestion Negotiation) rather than actually asking for one to be assigned via the normal IANA processes, or using the long-defined but rarely used capabilities of ikev1 to carry a sensitivity label.
It looks like racoon2 gets this right (but doesn't have the SElinux security context support).
I can't be the first person to notice this, can I?