[Swan-dev] problem from IRC: confusing message and action of lost final packet
Paul Wouters
paul at nohats.ca
Wed Sep 26 13:52:27 UTC 2018
On Sat, 22 Sep 2018, D. Hugh Redelmeier wrote:
> <mcp> since libreswan 3.26 + 83e33a69b27f6c5d5f4aff2fc94a1357d5126ed1 I
> get these syslog messages very often:
> http://paste.debian.net/hidden/a99f6aa9/ - that's annoying ;)
this is reproduced in test case ikev1-responder-retransmit-01-Q2
> No. STATE_MAIN* and STATE_QUICK* are IKEv1
>
> Did you not delete the retained packets in these states? This is my
> vague recollection. Also that I questioned whether this would cause
> problems.
I thought that was only related to XAUTH states, which live sort of
between Main/Aggr and Quickmode, for which retransmiting a "last"
packet was tricky because it of the initiator role change mid-exchange?
It seems to be we are simply mismatching state machine entry. We should
have one for the established IKE SA and recognise it is established and
therefor a retransmit.
Paul
More information about the Swan-dev
mailing list