Description of problem:
For RHEL 5 LSPP, racoon was modified to leverage ipsec to do MAC networking.
(The MAC being SELinux) racoon was modified to include security contexts
in its SA proposal/negotiation via an SA attribute. Unfortunately, its using
an SA attribute number not assigned by IANA and not from the private-use range.
It is using the number 10, which was later assigned to ECN SA attribute.
racoon needs to be modified such that the SA attribute number for 
security contexts are from the private use range, 32001-32767.

This affects interoperability on the internet.

Version-Release number of selected component (if applicable):
RHEL 5

How reproducible:
Reproducible when code is compiled to use security contexts

Steps to Reproduce:
1. compile racoon to use security contexts
2. configure ipsec to use security contexts
  

Solution:

diff -urpN ipsec-tools-0.6.5.orig/src/racoon/ipsec_doi.h ipsec-tools-0.6.5/src/racoon/ipsec_doi.h
--- ipsec-tools-0.6.5.orig/src/racoon/ipsec_doi.h       2011-02-09 13:23:31.000000000 -0600
+++ ipsec-tools-0.6.5/src/racoon/ipsec_doi.h    2011-02-09 13:24:01.000000000 -0600
@@ -134,7 +134,7 @@
 #define IPSECDOI_ATTR_COMP_PRIVALG            9 /* V */

 #ifdef HAVE_SECCTX
-#define IPSECDOI_ATTR_SECCTX                10 /* V */
+#define IPSECDOI_ATTR_SECCTX                32001 /* V */
 #endif

 /* 4.6.1 Security Association Payload */