netdev
[Top] [All Lists]

Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_dat

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Mar 2005 22:31:49 +1100
Cc: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20050315091904.GA6256@gondor.apana.org.au>
References: <20050214221200.GA18465@gondor.apana.org.au> <20050214221433.GB18465@gondor.apana.org.au> <20050214221607.GC18465@gondor.apana.org.au> <20050306213214.7d8a143d.davem@davemloft.net> <20050307103536.GB7137@gondor.apana.org.au> <20050308102741.GA23468@gondor.apana.org.au> <20050314102614.GA9610@gondor.apana.org.au> <20050314105313.GA21001@gondor.apana.org.au> <20050314111002.GA29156@gondor.apana.org.au> <20050315091904.GA6256@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
Hi Dave:

On Tue, Mar 15, 2005 at 08:19:04PM +1100, herbert wrote:
> 
> This patch fixes the IPsec overhead handling in ip_append_data and
> ip6_append_data.  As it is they assume that the IPsec overhead is
> constant.  This is not true as with ESP the IPsec overhead will vary
> as the MTU varies.

This patch is wrong.  This is the *one* place where we do need to
use the path MTU.  The reason is that when the packet is fragmented
we only pay for the IPsec overhead once over all and not once for
each fragment.

Please revert it for now.

The trailer_len in ip_append_data is not quite right as the trailer's
length depends on the length of the entire packet.  However, it should
be harmless since ESP knows how to extend the packet when necessary.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>