ESP trailer_len calculation

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Miller <davem@davemloft.net>
To: kaber@trash.net
Cc: herbert@gondor.apana.org.au, eric.dumazet@gmail.com,
	netdev@vger.kernel.org
Subject: ESP trailer_len calculation
Date: Fri, 24 Sep 2010 14:40:44 -0700 (PDT)	[thread overview]
Message-ID: <20100924.144044.179940003.davem@davemloft.net> (raw)

Eric Dumazet and I recently were looking into a strange artifact in
ESP ->trailer_len calculations.

Eric was seeing values like "17" which looked strange.

He foudn that it's because of this line in esp4.c:esp_init_state()

	x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead);

which comes from commit:

commit c5c2523893747f88a83376abad310c8ad13f7197
Author: Patrick McHardy <kaber@trash.net>
Date:   Mon Apr 9 11:47:18 2007 -0700

    [XFRM]: Optimize MTU calculation

which is based upon discussion threads:

http://marc.info/?l=linux-netdev&m=115468159401118&w=2

and

http://marc.info/?l=linux-netdev&m=117561805827241&w=2

Even more strange, in the orignal version of this patch the
calcaluation is actually:

	x->props.trailer_len = align - 1 + esp->auth.icv_trunc_len;

(ie. 'align - 1' instead of 'align + 1')

It seems that this "- 1 " or "+ 1" term can be completely eliminated,
unless there are some funny semantics wrt. the padding area of ESP.

Patrick and Herbert, what do you guys think?

next             reply	other threads:[~2010-09-24 21:40 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-24 21:40 David Miller [this message]
2010-09-25  6:23 ` ESP trailer_len calculation Herbert Xu
2010-09-27  1:46   ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100924.144044.179940003.davem@davemloft.net \
    --to=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=kaber@trash.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).