On 21 May 2018 at 23:05, Paul Wouters <[email protected]> wrote: > On Fri, 18 May 2018, Andrew Cagney wrote: > >>>> - I'm beginning to wonder if there's a race between whack >>>> --trafficstatus showing a connection being up and a connection being up? >>> >>> >>> >>> I have never seen that. >> >> >> Here's an example: >> >> - whack --trafficstatus shows things up >> - but the first of 4 ping packets goes into the weeds
My cut/paste of the diff lacked some context Before the ping there was a whack --trafficstatus command showing the connection with outBytes=0; as expected. Yet ... > >> ping -n -c 4 -I 192.0.1.254 192.0.2.254 >> PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data. >> -64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.XXX ms >> 64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.XXX ms >> 64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.XXX ms >> 64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.XXX ms >> --- 192.0.2.254 ping statistics --- >> -4 packets transmitted, 4 received, 0% packet loss, time XXXX >> +4 packets transmitted, 3 received, 25% packet loss, time XXXX >> rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms >> west # >> ipsec whack --trafficstatus >> -006 #4: "westnet-eastnet-auto", type=ESP, add_time=1234567890, >> inBytes=336, outBytes=336, id='@east' >> +006 #4: "westnet-eastnet-auto", type=ESP, add_time=1234567890, >> inBytes=252, outBytes=252, id='@east' > > > It does show the first ping got sent before the IPsec SA was installed > properly, but the reporting of trafficstatus is correct. It shows > a little less inBytes/outBytes because one ping didn't go through > IPsec. Right. The first packet didn't go through. > Maybe we only disagree about the description of the problem? > I do agree there is a race between installing the IPsec SA > and being able to use it. But I think trafficstatus works > correctly. It is the race between installing the IPsec SA, whack --traffic status showing it is up, and being able to send that first packet that I see as the problem. Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
