[Openswan dev] Phase 2 Negotiation Reliability
mcr at sandelman.ottawa.on.ca
Sat Sep 18 15:16:25 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Herbert" == Herbert Xu <herbert at gondor.apana.org.au> writes:
>> I think that this is a good patch in general. Did you just
>> increase MAXIMUM_RETRANSMISSIONS in include/pluto_constants.h?
Herbert> Here is the patch.
>> I'm thinking that the state structure should have a maximum
>> field, which could be initialized to different values.
>> Do you think this useful in general? I.e. there are states when
>> we want to try harder?
Herbert> Well in my case I only need a global setting. The reason
Herbert> is that what I've got is a VPN server that only responds to
Herbert> incoming connections. The problem occurs when there is a
Herbert> large wave of incoming connections. So having a per-state
Herbert> setting isn't useful for me.
per-state would permit it to be different for quick_I1 vs main_R3, etc.
I don't think it would be interesting on a per-connection basis.
Note you can also make the value infinite by setting retries=0. I
think that this would work for the a responding only system.
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev