Wolfram Fischer wrote: Hi,
Hi Miika,I fixed some hip encapsulation on udp related problems which seems to be also available on the latest midauth branch. However, I think you are talking about missing ESP packets here with "conntest-client-hip udp". That problem is related to IPsec, not hipd. Linux IPsec does not implement queuing for IPsec, so the first UDP packets might get dropped. The assumption in linux IPsec is that transport layer protocols implement their own retransmission mechanisms. This is not true with conntest-client-hip.. feel free to implement one if you have time :)This sounds very promising, I just wonder, why it sometimes works on the first try and sometimes not! Fortunately I think I only need to take care for the handshake - so I'll give an implementation a try ^^.
the reason for "random" behavious might be a combination of timing (race problem) and the use of networking of virtual machines.
When the first udp packet gets lost, does a second conntest-client-hip udp attempt always succeed when the host association is still alive? If yes, it is the IPsec problem that I just described.