summaryrefslogtreecommitdiff
path: root/include/linux/netfilter_ipv4
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2005-10-10 21:11:34 -0700
committerDavid S. Miller <davem@davemloft.net>2005-10-10 21:11:34 -0700
commitd4875b049b2e6401a6e1fae90b7f09e20a636fcf (patch)
treea5021c091cbd141675cdd90ac330d33188284c03 /include/linux/netfilter_ipv4
parenta02a64223eddb410712b015fb3342c9a316ab70b (diff)
downloadlinux-3.10-d4875b049b2e6401a6e1fae90b7f09e20a636fcf.tar.gz
linux-3.10-d4875b049b2e6401a6e1fae90b7f09e20a636fcf.tar.bz2
linux-3.10-d4875b049b2e6401a6e1fae90b7f09e20a636fcf.zip
[IPSEC] Fix block size/MTU bugs in ESP
This patch fixes the following bugs in ESP: * Fix transport mode MTU overestimate. This means that the inner MTU is smaller than it needs be. Worse yet, given an input MTU which is a multiple of 4 it will always produce an estimate which is not a multiple of 4. For example, given a standard ESP/3DES/MD5 transform and an MTU of 1500, the resulting MTU for transport mode is 1462 when it should be 1464. The reason for this is because IP header lengths are always a multiple of 4 for IPv4 and 8 for IPv6. * Ensure that the block size is at least 4. This is required by RFC2406 and corresponds to what the esp_output function does. At the moment this only affects crypto_null as its block size is 1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/netfilter_ipv4')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 06:31:52 +0000