Tons of "Failed to decrypt and verify packet"
Julien Muchembled
jm at jmuchemb.eu
Tue Apr 1 19:25:50 CEST 2014
Attached a testcase.
This is not a good one because it does not always fail. And any of these 2 changes seem to hide the issue:
- replace "sleep 1" by "sleep 5"
- remove the 4th node
Hoping it will help.
Le 03/25/14 17:58, Julien Muchembled a écrit :
> Just an email to confirm the bug.
>
> I was doing tests in a virtual network using network namespaces, with ExperimentalProtocol=yes
> So obsviously all nodes are running the same executable.
> In addition to the many "Failed to decrypt and verify packet", I had many dropped packets.
>
> Downgrading to 1.1pre9 fixed the issue.
>
> --
> Debian x86_64 / Linux 3.13.7
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
-------------- next part --------------
#!/bin/sh
. ./testlib.sh
at_exit () {
at_exit="$*; $at_exit"
}
# Skip this test if we aren't root or if "ip netns" does not exist
test "`id -u`" = "0" || exit 77
ip netns list || exit 77
# Initialize nodes
[ ! -d $_.d ] || rm -r $_.d
mkdir -p $_.d/hosts
iface=tinc-${0#*/}
d () { d=$PWD/$_.d/$1; }
init () {
d $1
mkdir $d
ln -s ../hosts $d
ns=$iface-$1
$tinc -c$d <<EOF
init n$1
set Mode router
set Interface $ns
set Port `expr 32572 + $1`
set Address localhost
set Subnet 192.168.1.$1
EOF
cat >$d/tinc-up <<EOF
#!/bin/sh
ip netns add $ns
ip link set dev \$INTERFACE netns $ns
ip netns exec $ns ip addr add 192.168.1.$1/24 dev \$INTERFACE
ip netns exec $ns ip link set \$INTERFACE up
EOF
cat >$d/tinc-down <<EOF
#!/bin/sh
ip netns del $ns
EOF
chmod +x $d/tinc-down
}
ns () {
ns=$iface-$1
shift
ip netns exec $ns "$@"
}
for i in `seq 1 4`; do
init $i
done
d 2; $tinc -c$d add ConnectTo n1
d 3; $tinc -c$d add ConnectTo n1
d 4; $tinc -c$d add ConnectTo n2
d 4; $tinc -c$d add ConnectTo n3
# Start tinc
for i in `seq 1 4`; do
d $i; $tinc -c$d --pidfile=$d/pid start --logfile=$d/log -d5
at_exit="$tinc -c$d --pidfile=$d/pid stop; $at_exit"
done
trap "$at_exit" 0
sleep 1
ns 2 ping -W1 -c3 192.168.1.1
More information about the tinc
mailing list