Re: [IPSec]A problem with xfrm_check_output()

From: James Morris (jmorris@intercode.com.au)
Date: Fri Jul 25 2003 - 10:12:15 EST


On Fri, 25 Jul 2003, Zhao, Forrest wrote:

> The function xfrm_check_output() has the same problem, because it's
> invoked
> before doing transformation.

It's fine.

The check is made only on the innermost xfrm, which carries all of the
overhead of the bundle in dst->header_len and dst->trailer_len, which is
checked against the fundamental mtu.

- James

-- 
James Morris
<jmorris@intercode.com.au>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:01 EST