Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append

netdev

Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_dat

To:	"David S. Miller" <davem@xxxxxxxxxxxxx>
Subject:	Re: [15/*] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Wed, 16 Mar 2005 22:31:49 +1100
Cc:	Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to:	<20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx>
References:	<20050214221200.GA18465@xxxxxxxxxxxxxxxxxxx> <20050214221433.GB18465@xxxxxxxxxxxxxxxxxxx> <20050214221607.GC18465@xxxxxxxxxxxxxxxxxxx> <20050306213214.7d8a143d.davem@xxxxxxxxxxxxx> <20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6+20040907i

Hi Dave:

On Tue, Mar 15, 2005 at 08:19:04PM +1100, herbert wrote:
> 
> This patch fixes the IPsec overhead handling in ip_append_data and
> ip6_append_data.  As it is they assume that the IPsec overhead is
> constant.  This is not true as with ESP the IPsec overhead will vary
> as the MTU varies.

This patch is wrong.  This is the *one* place where we do need to
use the path MTU.  The reason is that when the packet is fragmented
we only pay for the IPsec overhead once over all and not once for
each fragment.

Please revert it for now.

The trailer_len in ip_append_data is not quite right as the trailer's
length depends on the length of the entire packet.  However, it should
be harmless since ESP knows how to extend the packet when necessary.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
*Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, (continued)* *Extending xfrm_selector (Was: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS)*, Herbert Xu* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, David S. Miller* *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Patrick McHardy* Netfilter+IPsec, Patrick McHardy Re: Netfilter+IPsec, David S. Miller Re: Netfilter+IPsec, Herbert Xu Re: Netfilter+IPsec, Patrick McHardy *Re: [22/] [NETFILTER] Use correct IPsec MTU in TCPMSS*, Herbert Xu* *Re: [21/] [IPv4] Fix MTU check in ipmr_queue_xmit*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* <= *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Mika Penttilä* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Mika Penttilä* *Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *Re: [13/] [IPV4] Fix room calculation in icmp_send*, David S. Miller* *Re: [12/] [IPSEC] Handle local_df in IPv4*, David S. Miller* *Re: [12/] [IPSEC] Handle local_df in IPv4*, YOSHIFUJI Hideaki / 吉藤英明* *Re: [12/] [IPSEC] Handle local_df in IPv4*, YOSHIFUJI Hideaki / 吉藤英明* Re: [4/4] [IPSEC] Store MTU at each xfrm_dst, Patrick McHardy

Previous by Date:	[IPV4] Make ipt_REJECT use icmp_send again, Herbert Xu
Next by Date:	Re: [patch 2.6.11] bonding: avoid tx balance for IGMP (alb/tlb mode), John W. Linville
Previous by Thread:	*Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller*
Next by Thread:	*Re: [15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, David S. Miller*
Indexes:	[Date] [Thread] [Top] [All Lists]