-----Original Message----- From: James Morris [mailto:jmorris@intercode.com.au] Sent: 2003年7月25日 23:12 To: Zhao, Forrest Cc: kuznet@ms2.inr.ac.ru; linux-net@vger.kernel.org Subject: Re: [IPSec]A problem with xfrm_check_output() On Fri, 25 Jul 2003, Zhao, Forrest wrote: > The function xfrm_check_output() has the same problem, because it's > invoked > before doing transformation. It's fine. The check is made only on the innermost xfrm, which carries all of the overhead of the bundle in dst->header_len and dst->trailer_len, which is checked against the fundamental mtu. Maybe it's not the case, for example, when doing the ESP transformation the real "header_len" after transformation may be larger than "dst->header_len" because we can't know the length of alignment padding bits before doing the transformation. What's your opinion? Thanks, Forrest - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
