FYI ...

On 1 February 2018 at 11:37, Paul Wouters <p...@nohats.ca> wrote:
> On Thu, 1 Feb 2018, D. Hugh Redelmeier wrote:
>
>> - several failures that were only IKE retransmissions.  Just ignore them.
>>  But a bit weird when IMPAIR_RETRANSMITS is set.
>
>
> can happen in IKEv1 were both ends retransmit?

There seems to be two reasons for suppressing re-transmits:

- the connection is expected to fail, so speed things up with a quick
timeout.   --impair retransmits does this by aborting the connection
when the first re-transmit timeout expires

- the connection is expected to succeed but crypto might make it slow;
hence wait the full timeout but don't send intervening re-transmits.
--impair send-no-retransmits (new) does this (up until now we've used
'retransmit-interval=15000 # slow retransmits')

Tests often use the former when the intent seems to be the latter.

Andrew
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Reply via email to