On 1 February 2018 at 11:37, Paul Wouters <p...@nohats.ca> wrote:
> On Thu, 1 Feb 2018, D. Hugh Redelmeier wrote:
>> - several failures that were only IKE retransmissions. Just ignore them.
>> But a bit weird when IMPAIR_RETRANSMITS is set.
> can happen in IKEv1 were both ends retransmit?
There seems to be two reasons for suppressing re-transmits:
- the connection is expected to fail, so speed things up with a quick
timeout. --impair retransmits does this by aborting the connection
when the first re-transmit timeout expires
- the connection is expected to succeed but crypto might make it slow;
hence wait the full timeout but don't send intervening re-transmits.
--impair send-no-retransmits (new) does this (up until now we've used
'retransmit-interval=15000 # slow retransmits')
Tests often use the former when the intent seems to be the latter.
Swan-dev mailing list