From: Steffen Klassert <steffen.klassert@secunet.com>
To: Benjamin Poirier <bpoirier@suse.de>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
James Morris <jmorris@namei.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] xfrm: take iphdr size into account for esp payload size calculation
Date: Thu, 10 May 2012 14:18:57 +0200 [thread overview]
Message-ID: <20120510121857.GJ1021@secunet.com> (raw)
In-Reply-To: <1336602952-10479-1-git-send-email-bpoirier@suse.de>
On Wed, May 09, 2012 at 06:35:52PM -0400, Benjamin Poirier wrote:
>
> According to what is done, mainly in esp_output(), net_header_len aka
> sizeof(struct iphdr) must be taken into account before doing the alignment
> calculation.
Why do you need to take the ip header into account here? Your patch breaks
pmtu discovery, at least on tunnel mode with aes-sha1 (aes blocksize 16 bytes).
With your patch applied:
tracepath -n 192.168.1.2
1?: [LOCALHOST] pmtu 1442
1: send failed
1: send failed
Resume: pmtu 1442
Without your patch:
tracepath -n 192.168.1.2
1?: [LOCALHOST] pmtu 1438
1: 192.168.1.2 0.736ms reached
1: 192.168.1.2 0.390ms reached
Resume: pmtu 1438 hops 1 back 64
Your patch increases the mtu by 4 bytes. Be aware that adding
one byte of payload may increase the packet size up to 16 bytes
in the case of aes, as we have to pad the encryption payload
always to a multiple of the cipher blocksize.
> -
> - switch (x->props.mode) {
> - case XFRM_MODE_TUNNEL:
> - break;
> - default:
> - case XFRM_MODE_TRANSPORT:
> - /* The worst case */
> - mtu -= blksize - 4;
> - mtu += min_t(u32, blksize - 4, rem);
> - break;
Btw. why we are doing the calculation above for transport mode?
next prev parent reply other threads:[~2012-05-10 12:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-09 22:35 [PATCH] xfrm: take iphdr size into account for esp payload size calculation Benjamin Poirier
2012-05-10 12:18 ` Steffen Klassert [this message]
2012-05-11 1:02 ` Benjamin Poirier
2012-05-11 1:07 ` [PATCH v2] " Benjamin Poirier
2012-05-14 22:39 ` David Miller
2012-05-16 19:35 ` [PATCH v3] " Benjamin Poirier
2012-05-18 0:05 ` David Miller
2012-05-24 21:32 ` [PATCH v4] xfrm: take net hdr len " Benjamin Poirier
2012-05-27 5:09 ` David Miller
2012-05-11 10:39 ` [PATCH] xfrm: take iphdr size " Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120510121857.GJ1021@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=bpoirier@suse.de \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox