[Swan-dev] timings of STATE_PARENT_R1 in EVENT_CRYPTO_FAILED
Paul Wouters
paul at nohats.ca
Mon Feb 2 07:27:34 EET 2015
Why do we have STATE_PARENT_R1 waiting on the initiator
to come back using event EVENT_CRYPTO_FAILED ?
according to our definition:
EVENT_CRYPTO_FAILED, /* v1/v2 after some time, give up on crypto helper */
However, once we do the crypto and sent the packet, we should no longer
wait for EVENT_CRYPTO_FAILED event. We should wait for how long it is
that we are willing to wait with a half-open SA. There is currently no
define for that. I would expect we would give up at at the same time
as EVENT_RETRANSMIT_DELAY_0
Additionally, EVENT_CRYPTO_FAILED is scheduled to last
EVENT_CRYPTO_FAILED_DELAY which is 5 minutes! That seems rather insane.
I would expect any crypto operation on an overloaded system to last
maybe up to 10 seconds. Anything beyond that just adds to an
unrecoverable backlog.
Finally, event_schedule time values for half-open and established IKE
SA's is the same, so half-open SA's linger way too long, preventing
us from a speedy recovery of a burst of spoofed packets. Currently for
5 minutes!
So, I think I would like to:
1) Change the crypto helper to re-schedule a time out event for
a new PLUTO_HALFOPEN_SA_LIFE of 10 seconds.
2) Use PLUTO_HALFOPEN_SA_LIFE as timeout value on the responder
for all IKE SA's in STATE_PARENT_R1 (eg not source address verified)
3) Use a a longer timeout value on the responder
for all IKE SA's that have been source address verified but not
yet been authenticated. Not the current 5 minutes, but let's say 1
or 2 minutes (to give the user time to enter their onetime token input)
Paul
More information about the Swan-dev
mailing list