Re: ESP trailer_len calculation

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: David Miller

Subject: Re: ESP trailer_len calculation

Date: Sunday, September 26, 2010 - 6:46 pm

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sat, 25 Sep 2010 14:23:17 +0800

quoted text> The number 17 does look very strange, however, after going through
> the logic it does seem correct.
> 
> To calculate the minimum safe trailer length we need to consider
> the worst-case scenario, and that is a packet where the payload
> just happens to be one byte less than the cipher block size.
> 
> ESP always adds two bytes, then pads to at least the cipher
> block size, follwed by the authentication value.  So in the
> worst case we need to add
> 
> 	2 + (blocksize - 1) + authlen	=
> 	blocksize + 1 + authlen
> 
> which is exactly what Patrick's patch does.

Thanks for explaining this Herbert, but I have to admit it's a bit
disappointing :-)

So what we have is that headerlen is actually a function f() which
depends upon the payload length and the size of any IP options, rather
than a fixed value that can be computed based upon the cipher
blocksize, encap mode, and device MTU.

I guess if we really cared about this we could make headerlen a method
rather than a value, but I doubt it's that much of an issue.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

ESP trailer_len calculation, David Miller, (Fri Sep 24, 2:40 pm)

Re: ESP trailer_len calculation, Herbert Xu, (Fri Sep 24, 11:23 pm)

Re: ESP trailer_len calculation, David Miller, (Sun Sep 26, 6:46 pm)


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set