[Openswan dev] Phase 2 Negotiation Reliability

Herbert Xu herbert at gondor.apana.org.au
Sat Sep 18 12:03:19 CEST 2004 

On Fri, Sep 17, 2004 at 12:23:56PM -0400, Michael Richardson wrote:
> 
>   I think that this is a good patch in general.
>   Did you just increase MAXIMUM_RETRANSMISSIONS in include/pluto_constants.h?

Here is the patch.

>   I'm thinking that the state structure should have a maximum field, 
> which could be initialized to different values.
> 
>   Do you think this useful in general?
>   I.e. there are states when we want to try harder?

Well in my case I only need a global setting.  The reason is that what
I've got is a VPN server that only responds to incoming connections.
The problem occurs when there is a large wave of incoming connections.
So having a per-state setting isn't useful for me.

However, it might be useful others.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-------------- next part --------------
Index: programs/pluto/constants.h
===================================================================
RCS file: /var/cvs/snwb/packages/freeswan-new/programs/pluto/constants.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- programs/pluto/constants.h	3 Aug 2004 05:56:21 -0000	1.5
+++ programs/pluto/constants.h	2 Sep 2004 00:48:56 -0000	1.6
@@ -337,6 +337,7 @@
 
 #define MAXIMUM_RETRANSMISSIONS              2
 #define MAXIMUM_RETRANSMISSIONS_INITIAL      20
+#define MAXIMUM_RETRANSMISSIONS_QUICK_R1     20
 
 #define MAX_INPUT_UDP_SIZE             65536
 #define MAX_OUTPUT_UDP_SIZE            65536
Index: programs/pluto/timer.c
===================================================================
RCS file: /var/cvs/snwb/packages/freeswan-new/programs/pluto/timer.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- programs/pluto/timer.c	21 Jul 2003 02:17:07 -0000	1.1.1.1
+++ programs/pluto/timer.c	2 Sep 2004 00:48:56 -0000	1.2
@@ -236,6 +236,10 @@
 	     * MAXIMUM_RETRANSMISSIONS_INITIAL times, with all these
 	     * extended attempts having the same patience.  The intention
 	     * is to reduce the bother when nobody is home.
+	     *
+	     * Since IKEv1 is not reliable for the Quick Mode responder,
+	     * we'll extend the number of retransmissions as well to
+	     * improve the reliability.
 	     */
 	    {
 		time_t delay = 0;
@@ -249,6 +253,9 @@
 		else if (st->st_state == STATE_MAIN_I1
 		&& c->sa_keying_tries == 0
 		&& st->st_retransmit < MAXIMUM_RETRANSMISSIONS_INITIAL)
+		    delay = EVENT_RETRANSMIT_DELAY_0 << MAXIMUM_RETRANSMISSIONS;
+		else if (st->st_state == STATE_QUICK_R1
+		&& st->st_retransmit < MAXIMUM_RETRANSMISSIONS_QUICK_R1)
 		    delay = EVENT_RETRANSMIT_DELAY_0 << MAXIMUM_RETRANSMISSIONS;
 
 		if (delay != 0)

More information about the Dev mailing list