Hey guys, Thanks for the extremely detailed answers. The main take-away from this is that passing unaligned packets to the networking stack kills kittens. So now it's a question of mitigation. I have three options: 1. Copy the plaintext to three bytes before the start of the cipher text, overwriting parts of the header that aren't actually required. Pros: no changes required, MTU stays small. Cons: scatterwalk's fast paths aren't hit, which means two page table mappings are taken instead of one. I have no idea if this actually matters or will slow down anything relavent. 2. Add 3 bytes to the plaintext header, set to zero, marked for future use. Pros: satisfies IETF mantras and makes unaligned in-place decryption straightforward. Cons: lowers MTU, additional unauthenticated cleartext bits in the header are of limited utility in protocol. 3. Add 3 bytes of padding, set to zero, to the encrypted section just before the IP header, marked for future use. Pros: satisfies IETF mantras, can use those extra bits in the future for interesting protocol extensions for authenticated peers. Cons: lowers MTU, marginally more difficult to implement but still probably just one or two lines of code. Of these, I'm leaning toward (3). Anyway, thanks a lot for the input. "Doing nothing" is no longer under serious consideration, thanks to your messages. Thanks, Jason
