RE: [IPSec]A problem with xfrm_check_output()

From: Zhao, Forrest (forrest.zhao@intel.com)
Date: Sun Jul 27 2003 - 20:37:46 EST


>
> As you have pointed out in the last mail, if we check against
> precaluclated
> dst->pmtu before doing transformation, it will result in
underestimation
> of mtu
> for esp due to alignment paddings and for IPCOMP it will be totally
> unfair.

I disagree with the part about IPCOMP SAs. We should always calculate
the MTUs for IPCOMP based on the worst-case scenario, that is, as if
the packet is not compressible.

This might seem unfair to the packet that has just arrived, but sooner
or later we're going to get an uncompressible packet forcing the MTU
down.

Hi, Herbert

What you said give me some inspiration.
1 if IPCOMP is used in tunnel mode, we should calculate the MTU for
IPCOMP on the worst-case scenario. That is we should calculate the MTU
before doing the compression.
2 if IPCOMP is used in transport mode, it's unfair to calculate the MTU
for IPCOMP before doing the compression. That is we should calculate the
MTU after doing the compression.

Do you agree with me? And what's your opinion?

Thanks,
Forrest
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:01 EST