[Swan-dev] Retransmits logging

Andrew Cagney andrew.cagney at gmail.com
Tue Mar 26 18:37:02 UTC 2019


On Tue, 26 Mar 2019 at 13:59, Paul Wouters <paul at nohats.ca> wrote:
>
> Of course, we wanted to suppress logging for duplicates to prevent DOS attacks. I guess that might have been the wrong choice but there was a reason

Yea.

Some sort of breadcrumb is needed - the complete absence of retransmit
logging leaves the impression that the remote end sent only one
packet.

Perhaps a heuristic where a ludicrous number of duplicates for a given
state triggers DDOS mode?

> Sent from mobile device
>
> Begin forwarded message:
>
> From: Andrew Cagney <cagney at vault.libreswan.fi>
> Date: March 26, 2019 at 18:51:22 GMT+1
> To: swan-commit at lists.libreswan.org
> Subject: [Swan-commit] Changes to ref refs/heads/master
> Reply-To: swan-dev at lists.libreswan.org
>
> New commits:
> commit 4b58c22bb03f83617308aece39af0550968b994b
> Merge: 9db87e4 f62bd38
> Author: Andrew Cagney <cagney at gnu.org>
> Date:   Tue Mar 26 13:50:17 2019 -0400
>
>    ikev2: clearly log when re-transmitting in response to a duplicate request
>
>    Merge commit 'f62bd383251195e75c2ff33e351d59e17a3afe88'
>
> commit f62bd383251195e75c2ff33e351d59e17a3afe88
> Author: Andrew Cagney <cagney at gnu.org>
> Date:   Tue Mar 26 13:47:47 2019 -0400
>
>    ikev2: log (not debug-log) when a duplicate request triggers a retransmit response
>
>    Was only logging when a duplicate was received mid-crypto.
>
> commit ddbf8d8a99b9dc52104a14d8ff8e8bc70878a33d
> Author: Andrew Cagney <cagney at gnu.org>
> Date:   Tue Mar 26 13:47:17 2019 -0400
>
>    testing: add more duplicate packet tests
>
> _______________________________________________
> Swan-commit mailing list
> Swan-commit at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-commit
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev


More information about the Swan-dev mailing list