On Sat, 29 Sep 2018 at 16:29, Andrew Cagney <[email protected]> wrote: > > FYI, I'm considering a second tweak: While not necessary, it would > prevent some unnecessary decryption. > > Instead of only saving the incoming packet when the current state has > the reply flag set; add an .st_drop_duplicates flag so that the > duplicate code has something concrete to check. > > That would hopefully be conservative enough to not be screwed by xauth > exchanges reversing the initiator / responder polarity with > back-to-back packets.
I pushed this. I also tweaked ikev1-responder-retransmit-01-Q2 adding more duplicates to east so that: - every incoming packet is duplicated (this should trigger the responder to re-transmit its last reponse) - every packet being sent is also duplicated with this I would have expected east to send out 4 copies of most responses (some aren't as it is busy doing DH) but I'm not seeing this. So something to investigate further at some point - my change should be the cause of this (...). _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
