Hosting Provided By

Re: [Design] compression request kills OEself?

From: Michael Richardson <mcr(at)sandelman.ottawa.on.ca>
Date: Sun Feb 16 2003 - 10:55:59 EST

-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul@xtdnet.nl> writes:

Paul> After upgrading to 2.x I noticed I couldn't talk to Paul> activeoe.freeswan.nl anymore. I find these log entries:

    Paul> Feb 14 01:34:21 bofh Pluto[1369]: "OEself"[7187] ...193.110.157.75
    Paul> #8021: compression proposed by 193.110.157.75, but policy for
    Paul> "OEself" forbids it Feb 14 01:34:21 bofh Pluto[1369]:

    Paul> Is there a reason why we don't do a connection with compression?

Paul> What is the "forbid" part? Would the remote end actually allow no Paul> compression as well?

I do not know why this is like this.
We should be tolerant in what we accept wrt compression. Certainly we should be willing to accept it by default.

I am making this a story.

    Paul> I don't think this should need to be a fatal error? And if so, then
    Paul> we need an exponential backoff from this error, because it's quite
    Paul> spammy.

We need exponential backoff on a lot of things...

Paul> I also get a lot of:

    Paul> Feb 14 01:38:01 bofh Pluto[1369]: "OEself"[7084]
    Paul> ...193.110.157.75===? #7918: Quick Mode I1 message is unacceptable
    Paul> because it uses a previously used Message ID 0xbce36a69 (perhaps
    Paul> this is a duplicated packet)

Yeah... I don't have a good explanation of why this seems to happen. It should be a sign to give up and maybe try again from scratch.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr(at)sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPk+0jYqHRg3pndX9AQFxDAQAsWzPo624hJGtXS2yXl5B6aBxRMbpHEDH jdpKvsMaAd4h5nZDoDr9q7pb1/cyxBQ9EzaBv4nxHWxVbm5QWXjpx6vzJSwZx398 hsE3MrkCpNTOTUtzIa9TDpEY0ZiSDYpiylmm8fxp8n6Q75kEGxRbw7YA5kKSjpSo aFKJWqAyL0M=
=Otzw
-----END PGP SIGNATURE-----

Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Sun Feb 16 14:29:19 2003

Do you need help?

This message: [ Message body ]
Next message: Hugh Daniel: "Re: [Design] We should name conn's begining with underscore"
Previous message: D. Hugh Redelmeier: "Re: [Design] We should name conn's begining with underscore"
In reply to: Paul Wouters: "[Design] compression request kills OEself?"
Reply: Michael Richardson: "Re: [Design] Re: [Users] multiple ipsec.secrets entries"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:32 EDT