[Swan-dev] timings of STATE_PARENT_R1 in EVENT_CRYPTO_FAILED

[Paul Wouters]

Why do we have STATE_PARENT_R1 waiting on the initiator
to come back using event EVENT_CRYPTO_FAILED ?

according to our definition:

EVENT_CRYPTO_FAILED,            /* v1/v2 after some time, give up on crypto helper */

However, once we do the crypto and sent the packet, we should no longer
wait for EVENT_CRYPTO_FAILED event. We should wait for how long it is
that we are willing to wait with a half-open SA. There is currently no
define for that. I would expect we would give up at at the same time
as EVENT_RETRANSMIT_DELAY_0

Additionally,  EVENT_CRYPTO_FAILED is scheduled to last
EVENT_CRYPTO_FAILED_DELAY which is 5 minutes! That seems rather insane.
I would expect any crypto operation on an overloaded system to last
maybe up to 10 seconds. Anything beyond that just adds to an
unrecoverable backlog.

Finally, event_schedule time values for half-open and established IKE
SA's is the same, so half-open SA's linger way too long, preventing
us from a speedy recovery of a burst of spoofed packets. Currently for
5 minutes!

So, I think I would like to:

1) Change the crypto helper to re-schedule a time out event for
    a new PLUTO_HALFOPEN_SA_LIFE of 10 seconds.

2) Use PLUTO_HALFOPEN_SA_LIFE as timeout value on the responder
    for all IKE SA's in STATE_PARENT_R1 (eg not source address verified)

3) Use a a longer timeout value on the responder
    for all IKE SA's that have been source address verified but not
    yet been authenticated. Not the current 5 minutes, but let's say 1
    or 2 minutes (to give the user time to enter their onetime token input)


Paul