Herbert Xu wrote: > On Fri, Aug 04, 2006 at 12:09:18PM +0200, Patrick McHardy wrote: > >>I was wondering why the old code distinguished between transport mode >>and tunnel mode, I couldn't spot anything that would be affected. I'll >>look into the transport mode case again. > > > The problem is basically you don't know a priori the size of the IP > options. So you assume the worst case where the IP options causes > the largest amount of padding for encryption (IP option length itself > must be a multiple of 4, so for a block size of 8 the worst is 4, > and the worst is 12 for a block size of 16). > > Of course it gets hairier if you have ESP padding. I'm not even sure > if the current code gets that right.
Unless I'm missing something, the padding caused by IP options is always less than the worst case that can happen anyway (max(block size, padlen)-1), so it can simply be ignored. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
