From: Patrick McHardy <kaber@trash.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kernel Netdev Mailing List <netdev@vger.kernel.org>
Subject: Re: [XFRM]: Improve MTU estimation
Date: Fri, 04 Aug 2006 13:50:15 +0200 [thread overview]
Message-ID: <44D33477.2060803@trash.net> (raw)
In-Reply-To: <20060804112544.GA28774@gondor.apana.org.au>
Herbert Xu wrote:
> I've reread your patches and your handling of ESP padding is spot on.
> It's anyone's guess whether the current code gets it right or not :)
>
> However, I believe that the transport mode handling does run into
> problems with IP options. Basically, your calculation returns a
> length that is a precise multiple of block size minus 2.
>
> Now imagine that we have 4 bytes of IP options, given a block size
> of 8 taking away 4 bytes from inside the encrypted area simply causes
> them to be padded out so the encrypted length does not change. However,
> we have to put those 4 bytes outside the encrypted area. The problem is
> that we may not have those 4 bytes given the MTU.
>
> For a standard 1500 MTU and the block size of 8 it just happens that
> we do have 4 bytes (because 1500 % 8 == 4). However, this breaks down
> if you start with say 1480 (standard MTU for 1500 with IPIP on the
> outside).
>
> You run into problems even with 1500 if your block size happens to be
> 16 (AES).
Now I get it, thanks :) I missed that the IP header isn't part of the
length when it is aligned. So the worst-case increases by block-size
- 4 (- 8 for IPv6). How does this look?
next prev parent reply other threads:[~2006-08-04 11:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-04 8:50 [XFRM]: Improve MTU estimation Patrick McHardy
2006-08-04 9:27 ` Patrick McHardy
2006-08-04 10:01 ` Herbert Xu
2006-08-04 10:09 ` Patrick McHardy
2006-08-04 10:13 ` Herbert Xu
2006-08-04 11:11 ` Patrick McHardy
2006-08-04 11:16 ` Herbert Xu
2006-08-04 11:21 ` Patrick McHardy
2006-08-04 11:25 ` Herbert Xu
2006-08-04 11:50 ` Patrick McHardy [this message]
2006-08-04 11:51 ` Patrick McHardy
2006-08-04 11:55 ` Herbert Xu
2006-08-04 11:54 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44D33477.2060803@trash.net \
--to=kaber@trash.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.