[Swan-dev] unstable connection serial numbers

Andrew Cagney andrew.cagney at gmail.com
Thu Oct 8 01:16:50 UTC 2020 

On Wed, 7 Oct 2020 at 19:53, Paul Wouters <paul at nohats.ca> wrote:
>
> Run ‘ss’ or netstat and look for the listen without the whack ?

I changed it to 'whack --impair none'.  These all though have the same
problem - they wait for pluto to be running and not addconn to finish.

>
> Sent from my iPhone
>
> > On Oct 7, 2020, at 17:14, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> >
> > The stray 'whack --listen' is coming from  wait-until-pluto-started,
> > for instance:
> >
> > | whack: delete 'clear'
> > | whack: connection 'clear'
> > | whack: delete 'clear-or-private'
> > | whack: connection 'clear-or-private'
> > | from whack: got --esp=
> > | whack: delete 'private-or-clear'
> > | whack: connection 'private-or-clear'
> > | from whack: got --esp=
> > | whack: listen <------------- this is from wait-until-pluto-started
> > | whack: delete 'private'
> > | whack: connection 'private'
> > | from whack: got --esp=
> > | whack: delete 'block'
> > | whack: connection 'block'
> > | whack: listen <------ this is from addconn
> > | whack: route
> >
> > which means, in addition to screwing around with addconn, it isn't
> > waiting for addconn to finish.
> >
> > Thoughts on making this more robust?
> >
> >> On Tue, 29 Sep 2020 at 21:45, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> >> I'm trying to understand this diff
> >> https://testing.libreswan.org/v3.30-1853-gc4b35c42cb-main/newoe-25-cat-2/OUTPUT/road.console.diff
> >> -000 "block":   newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $9;
> >> +000 "block":   newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $5;
> >> Pluto is receiving something like the following from whack:
> >> - add $1 clear
> >> - add $2 clear-or-private
> >> - add $3 private-or-clear
> >> - add $4 private
> >> but then it receives either:
> >> - add $5 block
> >> - listen -> triggers groups $6-$9
> >> or:
> >> - listen-> triggers groups $5-$8
> >> - add $9 block
> >> I'm guessing there are two whacks or something?
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev
>

More information about the Swan-dev mailing list