On Fri, Aug 04, 2006 at 01:50:15PM +0200, Patrick McHardy wrote: > > Now I get it, thanks :) I missed that the IP header isn't part of the > length when it is aligned. So the worst-case increases by block-size > - 4 (- 8 for IPv6). How does this look?
That should work. If you want to be fancy you can also take any bits you shaved off outside the encrypted block into account. For example, in the 1500 case we have to shave off 4 bytes to make it a multiple of 8, therefore there is no extra overhead for transport mode at all. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
