projects / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0d600e) | patch
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
authorMartin Willi <martin@revosec.ch>
Tue, 17 Apr 2012 07:36:39 +0000 (09:36 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 17 Apr 2012 08:02:21 +0000 (10:02 +0200)
commit1b7debcc040189f2090c0759c34eaa4037a6c4c9
treed79f69eda6b892ad441c628e8b142e62c6c38ed9tree | snapshot
parentd0d600e1ef8d2a4e5fedeb57bd5fda5650b63b48commit | diff
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs

Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
src/libcharon/network/receiver.c diff | blob | history
strongSwan - IPsec VPN