Re: [IPSec]A problem with xfrm_check_output()

From: James Morris (
Date: Fri Jul 25 2003 - 10:12:15 EST

On Fri, 25 Jul 2003, Zhao, Forrest wrote:

> The function xfrm_check_output() has the same problem, because it's
> invoked
> before doing transformation.

It's fine.

The check is made only on the innermost xfrm, which carries all of the
overhead of the bundle in dst->header_len and dst->trailer_len, which is
checked against the fundamental mtu.

- James

James Morris

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to More majordomo info at

This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:01 EST