[Openswan dev] Phase 2 Negotiation Reliability

Sat Sep 18 15:16:25 CEST 2004

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Herbert" == Herbert Xu <herbert at gondor.apana.org.au> writes:
    >> I think that this is a good patch in general.  Did you just
    >> increase MAXIMUM_RETRANSMISSIONS in include/pluto_constants.h?

    Herbert> Here is the patch.

    >> I'm thinking that the state structure should have a maximum
    >> field, which could be initialized to different values.
    >> 
    >> Do you think this useful in general?  I.e. there are states when
    >> we want to try harder?

    Herbert> Well in my case I only need a global setting.  The reason
    Herbert> is that what I've got is a VPN server that only responds to
    Herbert> incoming connections.  The problem occurs when there is a
    Herbert> large wave of incoming connections.  So having a per-state
    Herbert> setting isn't useful for me.

  per-state would permit it to be different for quick_I1 vs main_R3, etc.
  I don't think it would be interesting on a per-connection basis.
  Note you can also make the value infinite by setting retries=0. I
think that this would work for the a responding only system.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQUx7eIqHRg3pndX9AQHHzQP6AjVUXZQrNqU/IBcAvKYPa9JluGl49Ndp
NYcHAKTbAo1sQcX/5r9J/2s3zniIxL1BzvUOYhrmIWlORB+rsr+Q/bZaT30KbYgx
s4/6PCEhL1TwWbENQe+Xw4gOHLaoStc1n4+657bAenPfOy26ny3ofakOcnsYDYwz
rFNTgcyx4Gg=
=7d2+
-----END PGP SIGNATURE-----