Re: [PATCH] Save latest ESP sequence number even if replay protection isn't in use

On Mon, Jan 8, 2018 at 12:30 AM, David Woodhouse wrote: > On Sun, 2018-01-07 at 17:54 -0800, Daniel Lenski wrote: >> >> This patch tracks the latest sequence number even if ESP replay protection >> isn't in use -- however inadvisable that may be -- allowing the handover to >>

Re: MTU mismatch with 7.08 and "Unknown DTLS packet"

On Mon, Jan 8, 2018 at 5:51 AM, Chaskiel Grundman wrote: >> Could you be more specific which code path you are referring to? As >>far as I see openconnect seems to call gnutls_dtls_set_mtu(), as well >> as gnutls_dtls_set_data_mtu() on different code paths. > > in the

Re: [PATCH] Save latest ESP sequence number even if replay protection isn't in use

On Sun, 2018-01-07 at 17:54 -0800, Daniel Lenski wrote: > > This patch tracks the latest sequence number even if ESP replay protection > isn't in use -- however inadvisable that may be -- allowing the handover to > work correctly. This implies that the seq# *is* being set in these packets. So we