[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: classification level filter objects


This is a good point. RFC2401 point 8.2 clearly talks about a RANGE
of sensitivity labels. So, the IPSOFilterEntry should
be changed to add a range (plus possibly ==).

BTW, I assumed that you are talking about the DMTF IPSOFilterEntry
because I cannot find ClassificationLevelFilterEntry in the current
DMTF model.



At 10:28 21/02/01 -0800, Wes Hardaker wrote:
>The ClassificationLevelFilterEntry class defines a Level parameter
>that the filter must match against.  I take it this is an exact match?
>IE, if the packet's Classification level is not exactly equal to the
>ClassificationLevelFilterEntry.Level value then it doesn't match?  (A
>< or > operator might make some sense here, possibly as a separate
>property dictating which to use (<, >, !=, ==).
>Wes Hardaker
>NAI Labs
>Network Associates 

Eric Vyncke                        
Distinguished Engineer             Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: evyncke@xxxxxxxxx          Mobile: +32-475-312.458 (CHANGED)
PGP fingerprint: D35F BEF9 643F 656F 90F5  76C5 9CA1 C289 D398 B141