From 6d66bf43444fb4ee9bf76f882531548b94eab4c2 Mon Sep 17 00:00:00 2001 From: Anthony DeRobertis Date: Mon, 13 Jul 2020 13:30:04 -0400 Subject: [PATCH] Delete the modecfg retransmit on phase2 start MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, even once we got the response from the tablet, we kept retransmitting the modecfg response... which meant that within a minute or two we'd run out of retransmits and terminate the connection. This is due how the timers work at the phase1 → phase2 transition. Work around it well enough for now. Find a better fix once we upgrade to a newer Libreswan. Internal ticket [TABLET-1418]. --- programs/pluto/ikev1_quick.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/programs/pluto/ikev1_quick.c b/programs/pluto/ikev1_quick.c index 817e9129519..355b65cd18c 100644 --- a/programs/pluto/ikev1_quick.c +++ b/programs/pluto/ikev1_quick.c @@ -1370,6 +1370,24 @@ static stf_status quick_inI1_outR1_authtail(struct verify_oppo_bundle *b) (hv.st_nat_traversal & NAT_T_WITH_NATOA)) nat_traversal_natoa_lookup(md, &hv); + if (p1st->st_event && EVENT_v1_RETRANSMIT == p1st->st_event->ev_type) { + /* KLUGE: To work around the tablet nots retransmitting their + * ModeCfg IP request, enabled retransmits on + * STATE_MODE_CFG_R0. However, after that retransmit... + * we get forcefully transitioned to STATE_QUICK_R0 and + * suspend the phase1, so the retransmit timer never gets + * cleared. So we clear it here. Otherwise it'll keep + * retransmitting, time out, and fairly soon down the + * connection. + * + * FIXME: But nothing sets back the EVENT_SA_REPLACE timer... + * which is normally done in ikev1.c:2467 ("case + * EVENT_SA_REPLACE:"). Not sure how much it matters, + * since the p2 state gets that event too. + */ + delete_event(p1st); + } + /* now that we are sure of our connection, create our new state */ { struct state *const st = duplicate_state(p1st, IPSEC_SA);