Comments (3)
tobiasbrunner
commented on May 25, 2024
This makes it very difficult to find out to which connection these lines belong.
That's because many of these don't belong to a connection. There are simply some messages that are logged without a checked out IKE_SA, so no context can be provided to the logger plugins.
In particular sending/receiving IKE messages happens in different threads before/after IKE_SAs have been checked out/in. Same goes for the job creation based on kernel events, which happens before an SA is checked out based on that information.
The DHCP messages are currently logged by the thread that receives packets on the AF_PACKET socket, before the threads waiting for them (which run in the context of an IKE_SA) pick them up. I guess we could move them, see the 417-dhcp-log branch.
from strongswan.
harridu
commented on May 25, 2024
I am pretty sure that a DHCP_OFFER or a DHCP_ACK do belong to a connection. Same goes for "sending packet ... to 10.145.142.13[50894]". How would strongswan know the destination address and port number?
from strongswan.
tobiasbrunner
commented on May 25, 2024
Did you read my explanation above?
from strongswan.
Related Issues (20)
- byacc syntax error? HOT 1
- Interrupted VPN communication after some period of time
- ipsec setup two SAs with one config HOT 1
- Wrong route installed on FreeBSD? HOT 10
- Strongswan is dropping IKE_SA_INIT response packets
- network-manager-strongswan fails to build with --with-gtk4 and warnings as errors HOT 2
- strongswan scepclient error parsing distinguished name HOT 8
- DNS is not working with NetworkManager + dnsmasq HOT 2
- two child SAs have same reqid only after DPD loss HOT 9
- Bugfix: Solution - Issue connecting to vici.Session on Windows via Python. HOT 2
- IKEv2 rekey: outbound SPI is not installed in detected CHILD_REKEY collision with CHILD_REKEY with lost packet HOT 6
- The revocation doesn't seem to be working. HOT 2
- Issue with multiple wan interfaces
- Add support for AWS-LC in the openssl plugin HOT 2
- Make fails with ha plugin (Ubuntu 22.04 LTS with stock/unpatched kernel) HOT 6
- Throughput Performance on Gateway-to-Gateway is very low after inserting a rule that accepts packets with a matching IPsec policy in the POSTROUTING chain
- ipsec setup many SAs when rekey_time is less than reauth_time with IKE1 HOT 1
- Reject ECDSA Keys/Certificates With Explicitly Encoded Curve Parameters
- Libsharon crashes (somehow related to ppk_id) HOT 3
- Mobike Port Change unable to add attribute, buffer too small HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strongswan.