Hosting Provided By

(no subject)

From: Hugh Daniel <hugh(at)road.toad.com>
Date: Tue Nov 10 1998 - 18:45:37 EST

Good news folks, yesterdays fixes for both Pluto and KLIPS work! Check this Pluto log out:

Nov 10 15:03:08 east Pluto[163]: replacing stale IPsec SA #2511 for 209.157.90.146
Nov 10 15:03:08 east Pluto[163]: initiating Quick Mode, state #2512, connection "ew"
Nov 10 15:03:23 east Pluto[163]: replacing stale IPsec SA #2512 for 209.157.90.146
Nov 10 15:03:23 east Pluto[163]: initiating Quick Mode, state #2513, connection "ew"
Nov 10 15:03:23 east Pluto[163]: IPsec SA #2511 expired for 209.157.90.146
Nov 10 15:03:23 east Pluto[163]: deleting state #2511
Nov 10 15:03:38 east Pluto[163]: replacing stale IPsec SA #2513 for 209.157.90.146
Nov 10 15:03:38 east Pluto[163]: initiating Quick Mode, state #2514, connection "ew"
Nov 10 15:03:38 east Pluto[163]: IPsec SA #2512 expired for 209.157.90.146
Nov 10 15:03:38 east Pluto[163]: deleting state #2512

  I have seen NO in the clear packets today using:
	tcpdump -i hme1 port not ssh and not ip proto 50

while a flood ping is running. The flood ping looses a *very* few packets, one in two or three hundred UDP flood ping round trips. Not bad for this point in the game folks!

root@sunrise $ ping -f sunset
PING sunset (209.157.90.161): 56 data bytes

................................................................................

--- sunset ping statistics ---

146672 packets transmitted, 146239 packets received, 0% packet loss round-trip min/avg/max = 3.6/486.5/1680.7 ms

The two second pings are bothersome here, I think the 400ms time is an odd statistical anomaly as a non-flood ping gives a figure more like 4ms as in:

root@sunrise $ ping sunset
...
64 bytes from 209.157.90.161: icmp_seq=256 ttl=62 time=3.2 ms
--- sunset ping statistics ---

257 packets transmitted, 255 packets received, 0% packet loss round-trip min/avg/max = 3.2/3.5/6.6 ms

Pluto is growing fat though:

FLAGS UID PID PPID PRI NI SIZE RSS WCHAN STA TTY TIME COMMAND east:
100140 0 163 1 12 0 2928 2296 do_select S ? 6:44 pluto west:
100140 0 164 1 7 0 2796 2160 do_select S ? 6:46 pluto north: (no activity)
100140 0 139 1 0 0 988 304 do_select S ? 0:00 pluto

So there are memory leaks in Pluto, but we can always ask other folks to work on them as they are not killer for now (how many folks are going to run over 4000 key exchanges a day?). Still this needs to go on the list of real work that our community needs to do.

So, while FreeS/WAN is not perfect (work needs to be done on the (very minor) packet loss, memory leeks in Pluto and speed of Pluto as well as all sorts of other work) it is rather close to being usable!

		||ugh Daniel
		hugh@toad.com

			Systems Testing & Project mis-Management
			The Linux FreeS/WAN Project
			
http://www.xs4all.nl/~freeswan

Received on Tue Nov 10 19:43:12 1998

Do you need help?

This message: [ Message body ]
Next message: Richard Guy Briggs: "linux-ipsec: Re: your mail"
Previous message: Henry Spencer: "Re: linux-ipsec: More error message problems"
Next in thread: Richard Guy Briggs: "linux-ipsec: Re: your mail"
Reply: Richard Guy Briggs: "linux-ipsec: Re: your mail"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:06 EDT