Skip to content

Try to make DPD less sensitive #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
streambinder merged 1 commit into from
Nov 13, 2024
Merged

Try to make DPD less sensitive #51

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/config.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ static const char *config_def_udp_port(void)

static const char *config_def_dpd_idle(void)
{
return "300";
return "600";
}

static const char *config_ca_dir(void)
Expand Down
6 changes: 3 additions & 3 deletions src/tunip.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -955,7 +955,7 @@ static void vpnc_main_loop(struct sa_block *s)
time_t now = time(NULL);
if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) {
/* Wake up more often for dpd attempts */
select_timeout.tv_sec = 5;
select_timeout.tv_sec = s->ike.dpd_idle/10;
select_timeout.tv_usec = 0;
dpd_ike(s);
next_ike_dpd = now + s->ike.dpd_idle;
Expand Down Expand Up @@ -1029,8 +1029,8 @@ static void vpnc_main_loop(struct sa_block *s)
if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) {
dpd_ike(s);
next_ike_dpd = now + s->ike.dpd_idle;
if (now + 5 < next_up)
next_up = now + 5;
if (now + s->ike.dpd_idle/10 < next_up)
next_up = now + s->ike.dpd_idle/10;
}
else if (now >= next_ike_dpd) {
dpd_ike(s);
Expand Down
6 changes: 4 additions & 2 deletions src/vpnc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -801,20 +801,22 @@ void dpd_ike(struct sa_block *s)
send_dpd(s, 0, s->ike.dpd_seqno);
} else {
/* Our last dpd request has not yet been acked. If it's been
** less than 5 seconds since we sent it do nothing. Otherwise
** less than 1/10th of idle timeout since we sent it do nothing. Otherwise
** decrement dpd_attempts. If dpd_attempts is 0 dpd fails and we
** terminate otherwise we send it again with the same sequence
** number and record current time.
*/
time_t now = time(NULL);
if (now < s->ike.dpd_sent + 5)
if (now < s->ike.dpd_sent + s->ike.dpd_idle/10)
return;
if (--s->ike.dpd_attempts == 0) {
DEBUG(2, printf("dead peer detected, terminating\n"));
do_kill = -2;
return;
}
s->ike.dpd_sent = now;
if (s->ike.dpd_attempts == 3)
++s->ike.dpd_seqno; /* maybe just the dpd reply got lost let's try new seq no */
send_dpd(s, 0, s->ike.dpd_seqno);
}
DEBUG(3, printf("sent DPD packet\n"));
Expand Down