Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append

netdev

Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_dat

To:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data
From:	Mika Penttilä <mika.penttila@xxxxxxxxxxx>
Date:	Mon, 21 Mar 2005 18:14:07 +0200
Cc:	"David S. Miller" <davem@xxxxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to:	<20050316113149.GA10960@gondor.apana.org.au>
References:	<20050214221200.GA18465@gondor.apana.org.au> <20050214221433.GB18465@gondor.apana.org.au> <20050214221607.GC18465@gondor.apana.org.au> <20050306213214.7d8a143d.davem@davemloft.net> <20050307103536.GB7137@gondor.apana.org.au> <20050308102741.GA23468@gondor.apana.org.au> <20050314102614.GA9610@gondor.apana.org.au> <20050314105313.GA21001@gondor.apana.org.au> <20050314111002.GA29156@gondor.apana.org.au> <20050315091904.GA6256@gondor.apana.org.au> <20050316113149.GA10960@gondor.apana.org.au>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041020

Herbert Xu wrote:

Hi Dave:
On Tue, Mar 15, 2005 at 08:19:04PM +1100, herbert wrote:

This patch fixes the IPsec overhead handling in ip_append_data and ip6_append_data. As it is they assume that the IPsec overhead is constant. This is not true as with ESP the IPsec overhead will vary as the MTU varies.
This patch is wrong.  This is the *one* place where we do need to
use the path MTU.  The reason is that when the packet is fragmented
we only pay for the IPsec overhead once over all and not once for
each fragment.
Please revert it for now.
The trailer_len in ip_append_data is not quite right as the trailer's
length depends on the length of the entire packet.  However, it should
be harmless since ESP knows how to extend the packet when necessary.
Thanks,

Shouldn't ip_output also use the path variant, dst_mtu(skb->dst->path), it's surely after ipsec- processing?

--Mika

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
*Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, (continued)* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* Netfilter+IPsec, Patrick McHardy Re: Netfilter+IPsec, David S. Miller Re: Netfilter+IPsec, Herbert Xu Re: Netfilter+IPsec, Patrick McHardy *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* *Re: [21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Mika Penttilä* <= *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Mika Penttilä* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *Re: [13/] [IPV4] Fix room calculation in icmp_send*, David S. Miller* *Re: [12/] [IPSEC] Handle local_df in IPv4*, David S. Miller* *Re: [12/] [IPSEC] Handle local_df in IPv4*, YOSHIFUJI Hideaki / 吉藤英明* *Re: [12/] [IPSEC] Handle local_df in IPv4*, YOSHIFUJI Hideaki / 吉藤英明* Re: [4/4] [IPSEC] Store MTU at each xfrm_dst, Patrick McHardy [IPSEC] Move xfrm_flush_bundles into xfrm_state GC, Herbert Xu Re: [IPSEC] Move xfrm_flush_bundles into xfrm_state GC, Patrick McHardy

Previous by Date:	[IPSEC] Too many SADs!, Stephen Frost
Next by Date:	[IPROUTE2] Routing attribute alignment fix, Thomas Graf
Previous by Thread:	*Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller*
Next by Thread:	*Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu*
Indexes:	[Date] [Thread] [Top] [All Lists]