On Sat, 27 Mar 2021 at 14:36, Paul Wouters <p...@nohats.ca> wrote: > > Begin forwarded message: > > > New commits: > > commit d49d315ec8b71377a1fc9de9f0277d1396fec5c7 > > Author: Andrew Cagney <cag...@gnu.org> > > Date: Sat Mar 27 12:52:52 2021 -0400 > > > > testing: sprinkle ping-once > > > > things are getting interesting for instance, replacing: > > ping -c 2 ... > > 50% packet loss, but sometimes 100% > > with: > > ping-once --forget > > wait-for traffic status > > ping-once --up > > Remember an on-demand tunnel eats the first icmp packet, maybe two on occasion if things are slow. That is why I usually now do a single ping they triggers the tunnel and a second -c4 ping to show no packet loss.
Right, ping + sleep + ping-c4 is an improvement. However, there's still no guarantee that the sleep is long enough, and ping-c4 can miss the last response. Hence, this change: - send a single packet, barely wait for a response: # one packet, which gets eaten by XFRM, so east does not initiate road # ../../pluto/bin/ping-once.sh --forget -I 192.1.3.209 192.1.2.23 fired and forgotten road # - now wait for the negotiation to complete - notice how, at this point, in/out bytes are, as expected, zero: # wait on OE IKE negotiation road # ../../pluto/bin/wait-for.sh --match private-or-clear -- ipsec whack --trafficstatus 006 #2: "private-or-clear#192.1.2.0/24"[1] 10.0.10.1/32=== ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, id='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e ast.testing.libreswan.org, E=user-e...@testing.libreswan.org', lease= 10.0.10.1/32 road # - next send out a packet that should travel through the tunnel; since a response is expected, wait a long time for the response (at least when compared to default ping): # should show established tunnel and no bare shunts road # ../../pluto/bin/ping-once.sh --up -I 192.1.3.209 192.1.2.23 up - finally confirm the packet was tunneled: road # ipsec whack --trafficstatus 006 #2: "private-or-clear#192.1.2.0/24"[1] 10.0.10.1/32=== ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN =east.testing.libreswan.org, E=user-e...@testing.libreswan.org', lease= 10.0.10.1/32 road # ipsec whack --shuntstatus 000 Bare Shunt list: 000 (I am so tempted to sanitize outBytes=84 to outBytes=1-ping)
_______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
