late or replayed packet warning
Guus Sliepen
guus at sliepen.eu.org
Tue Nov 9 21:17:11 CET 2004
On Tue, Nov 09, 2004 at 12:27:33PM -0700, Jason wrote:
> > I'm wearing a paper bag at the moment. Try the latest from Subversion
> > again, I hope it really fixes the problem this time.
>
> So far, so good. Clean log :)
Great!
> What does the new code do; allow for packets to be received out of order
> within a reasonable threshhold before complaining?
Yes, that is what it was supposed to do in the first place. The idea is
that tinc filters out duplicate packets (because they might be replay
attacks). Because packets can be sent out of order (although that is
rather unusual), it has to remember which it has already received and
which not. Tinc by default keeps track of the state (already received or
late) of the last 128 packets, although you can easily change the amount
by changing the size of the array "late" in src/node.h, but that should
not be necessary.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20041109/2f9119cb/attachment.pgp
More information about the tinc
mailing list