Re: [Swan-dev] IKEv2 nhelpers == 0 failures

Thu, 05 Jun 2014 15:26:12 -0700 

Here is a proposed patch, add timeout_event EVENT_SO_DISCARD to
STATE_PARENT_R1 with timeout value of:

MAXIMUM_RETRANSMISSIONS_INITIAL + EVENT_RETRANSMIT_DELAY_0 
The default is 30 seconds.

I am not sure what would be the optimal timout value. Any suggestions?
regards,
-antony



On Fri, May 30, 2014 at 08:59:25PM +0200, Antony Antony wrote:
> Good catch!
> 
> On Fri, May 30, 2014 at 03:34:34AM -0400, D. Hugh Redelmeier wrote:
> 
> > The fix should be that responder state transitions set an event at the 
> > limit of their patience for the next Initiator message.  What event?  
> > Probably a new one so that an appropriate message is logged "v2 responder
> > got tired of waiting for the next message and will declare failure". 
> 
> some of the SMC entries, e.g STATE_PARENT_R1,
> have timeout_event = EVENT_SA_REPLACE. So I imagined that will take care.
> 
> the timeout could be
> maximum_retransmissions_initial + event_retransmit_delay_0 * 
> maximum_retransmissions 
> 
> -antony
> _______________________________________________
> Swan-dev mailing list
> [email protected]
> https://lists.libreswan.org/mailman/listinfo/swan-dev
> 

commit b8498744174a66f58f3a6beef27bef888496b908
Author: Antony Antony <[email protected]>
Date:   Fri Jun 6 00:07:47 2014 +0200

    ikev2: STATE_PARENT_R1 add time out event EVENT_SO_DISCARD

diff --git a/programs/pluto/ikev2.c b/programs/pluto/ikev2.c
index 807c860..8e6773b 100644
--- a/programs/pluto/ikev2.c
+++ b/programs/pluto/ikev2.c
@@ -255,7 +255,8 @@ static const struct state_v2_microcode 
v2_state_microcode_table[] = {
          .flags =  /* not SMF2_INITIATOR, not SMF2_STATENEEDED */ SMF2_REPLY,
          .req_clear_payloads = P(SA) | P(KE) | P(Ni),
          .processor  = ikev2parent_inI1outR1,
-         .recv_type  = ISAKMP_v2_SA_INIT, },
+         .recv_type  = ISAKMP_v2_SA_INIT, 
+         .timeout_event  =  EVENT_SO_DISCARD, },
 
        /* STATE_PARENT_R1: I2 --> R2
         *                  <-- HDR, SK {IDi, [CERT,] [CERTREQ,]
@@ -1066,6 +1067,12 @@ static void success_v2_state_transition(struct 
msg_digest **mdp)
                        event_schedule(kind, delay, st);
                        break;
 
+               case EVENT_SO_DISCARD:
+                       delete_event(st);
+                       event_schedule(kind, (MAXIMUM_RETRANSMISSIONS_INITIAL + 
+                                               EVENT_RETRANSMIT_DELAY_0), st);
+                       break;
+
                case EVENT_NULL:
                        /* XXX: Is there really no case where we want to set no 
timer? */
                        /* dos_cookie is one 'valid' event, but it is used 
more? */

_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev

Reply via email to