On Fri, Aug 04, 2006 at 12:09:18PM +0200, Patrick McHardy wrote: > > I was wondering why the old code distinguished between transport mode > and tunnel mode, I couldn't spot anything that would be affected. I'll > look into the transport mode case again.
The problem is basically you don't know a priori the size of the IP options. So you assume the worst case where the IP options causes the largest amount of padding for encryption (IP option length itself must be a multiple of 4, so for a block size of 8 the worst is 4, and the worst is 12 for a block size of 16). Of course it gets hairier if you have ESP padding. I'm not even sure if the current code gets that right. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
