[Swan-dev] problem from IRC: confusing message and action of lost final packet

Andrew Cagney andrew.cagney at gmail.com
Mon Oct 1 15:51:11 UTC 2018

On Sat, 29 Sep 2018 at 16:29, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> FYI, I'm considering a second tweak:  While not necessary, it would
> prevent some unnecessary decryption.
> Instead of only saving the incoming packet when the current state has
> the reply flag set; add an .st_drop_duplicates flag so that the
> duplicate code has something concrete to check.
> That would hopefully be conservative enough to not be screwed by xauth
> exchanges reversing the initiator / responder polarity with
> back-to-back packets.

I pushed this.

I also tweaked ikev1-responder-retransmit-01-Q2 adding more duplicates
to east so that:
- every incoming packet is duplicated (this should trigger the
responder to re-transmit its last reponse)
- every packet being sent is also duplicated
with this I would have expected east to send out 4 copies of most
responses (some aren't as it is busy doing DH) but I'm not seeing
this.  So something to investigate further at some point - my change
should be the cause of this (...).

More information about the Swan-dev mailing list