Re: IPsec and Path MTU

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: IPsec and Path MTU
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Thu, 17 Jun 2004 10:58:43 -0700
Cc: kuznet@xxxxxxxxxxxxx, herbert@xxxxxxxxxxxxxxxxxxx, jmorris@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <>
References: <> <>
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 17 Jun 2004 09:11:50 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> This is what prompted me to look at this two months ago.  The stack
> assumes that the MTU for an xfrm dst is equal to
>       dst_pmtu(dst) - dst->header_len - dst->trailer_len
> But this is not true for ESP due to block padding.  The trailer_len
> is variable and the one we store in trailer_len is not the maximum.
> There are two approaches to this problem.  We can either store the
> maximum trailer_len, or make dst_pmtu(dst) return the correct MTU
> directly.
> The former is simple to do, but has the disadvantage of wasting
> bandwidth up to a block.  The latter looks non-trivial, but is
> pretty simple once we solve the following problems.

Do you see what xfrm_get_mss() does?  It calls into x->type->get_max_size()
and this is where ESP reports this kind of thing (re: block padding).

