[PATCH] fix DTLS_OVERHEAD and GlobalProtect ESP overhead calculation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 15, 2017 at 2:17 PM, Daniel Lenski <dlenski at gmail.com> wrote:
> On Tue, Aug 15, 2017 at 12:30 PM, David Woodhouse <dwmw2 at infradead.org> >> So from wire packet MTU, subtract headers and MAC and IV, round *down*
>> to a multiple of blocksize, subtract one byte for the *minimal*
>> padding, and that's the largest payload you can carry.
>
> Aha, thanks, I'll look at dtls_get_data_mtu() and try to get this exactly right.

I've got a patch to do exactly what you described for the ESP-based MTU.

As long as I'm on this, however, many GP users are unable to use ESP
(firewalls, misconfiguration, etc.).

So when ESP is not in use, I think I should set the MTU using the TCP
MSS? but then I'd have to account for the *TLS* overhead. Does GnuTLS
have a library function to compute the maximums-size TLS application
record that can fit in a single TCP segment? I couldn't find anything.

Dan



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux