lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Wed, 04 Apr 2007 15:07:34 +0200
From:	Patrick McHardy <>
To:	DiegoB <>
CC:	Kernel Netdev Mailing List <>,
	Herbert Xu <>,
	Miika Komu <>
Subject: Re: [XFRM]: Optimize MTU calculation

DiegoB wrote:
> Patrick McHardy wrote:
>> I've updated my IPsec MTU optimization patch I've posted a couple
>> of month ago to net-2.6.22 and added the further optimization
>> suggested by Herbert to account for the space lost due to alignment
>> in the room reserved for IP options in transport mode.
>> Tested with IPv4 and IPv6 in tunnel and transport mode. Beet mode
>> is untested since no keying daemon seems to support it.
> Actually for BEET mode you can check the following:

Thanks for the pointers, I'm using manual keying for testing now.
It took me a while to properly set it up though since I wasn't
expecting that I need to specify a selector for the inbound SA.
Is there a reason for not using x->props.saddr/x->id.daddr during
inbound processing as on the output side?

draft-nikander-esp-beet-mode-06.txt states ".. MUST contain the
outer source and destination addresses, as defined in the SA"
for both inbound and outbound processing, so I think it would
be easier to handle this symetrical.
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists