The accreditation checks conducted on a Trusted Solaris gateway host are:
If the next hop is an unlabeled host, then the label of the source host must match the label of the destination host.
If the packet has the CIPSO option, the following conditions for forwarding must be true:
The route's emetric (or next-hop gateway) must be able to accept data in the CIPSO protocol.
The route's emetric (or next-hop gateway) must be in the data packet's DOI.
The DOI (from the tnrhtp database) for the outgoing interface must be the same as the data packet's DOI.
If the packet has the RIPSO option, the following conditions for forwarding must be true:
The route's emetric (or next-hop gateway) must be able to accept data in the RIPSO protocol.
The route's emetric (or next-hop gateway) must have the same RIPSO label (or RIPSO error) as the data packet's RIPSO label (or RIPSO error).