Tons of "Failed to decrypt and verify packet"

Julien Muchembled jm at jmuchemb.eu
Tue Apr 1 19:25:50 CEST 2014 

Attached a testcase.
This is not a good one because it does not always fail. And any of these 2 changes seem to hide the issue:
- replace "sleep 1" by "sleep 5"
- remove the 4th node

Hoping it will help.

Le 03/25/14 17:58, Julien Muchembled a écrit :
> Just an email to confirm the bug.
> 
> I was doing tests in a virtual network using network namespaces, with ExperimentalProtocol=yes
> So obsviously all nodes are running the same executable.
> In addition to the many "Failed to decrypt and verify packet", I had many dropped packets.
> 
> Downgrading to 1.1pre9 fixed the issue.
> 
> --
> Debian x86_64 / Linux 3.13.7
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc

-------------- next part --------------
#!/bin/sh

. ./testlib.sh

at_exit () {
  at_exit="$*; $at_exit"
}

# Skip this test if we aren't root or if "ip netns" does not exist

test "`id -u`" = "0" || exit 77
ip netns list || exit 77

# Initialize nodes

[ ! -d $_.d ] || rm -r $_.d
mkdir -p $_.d/hosts
iface=tinc-${0#*/}

d () { d=$PWD/$_.d/$1; }

init () {
  d $1
  mkdir $d
  ln -s ../hosts $d
  ns=$iface-$1
  $tinc -c$d <<EOF
init n$1
set Mode router
set Interface $ns
set Port `expr 32572 + $1`
set Address localhost
set Subnet 192.168.1.$1
EOF
  cat >$d/tinc-up <<EOF
#!/bin/sh
ip netns add $ns
ip link set dev \$INTERFACE netns $ns
ip netns exec $ns ip addr add 192.168.1.$1/24 dev \$INTERFACE
ip netns exec $ns ip link set \$INTERFACE up
EOF
  cat >$d/tinc-down <<EOF
#!/bin/sh
ip netns del $ns
EOF
  chmod +x $d/tinc-down
}

ns () {
  ns=$iface-$1
  shift
  ip netns exec $ns "$@"
}

for i in `seq 1 4`; do
  init $i
done

d 2; $tinc -c$d add ConnectTo n1
d 3; $tinc -c$d add ConnectTo n1
d 4; $tinc -c$d add ConnectTo n2
d 4; $tinc -c$d add ConnectTo n3

# Start tinc

for i in `seq 1 4`; do
  d $i; $tinc -c$d --pidfile=$d/pid start --logfile=$d/log -d5
  at_exit="$tinc -c$d --pidfile=$d/pid stop; $at_exit"
done
trap "$at_exit" 0

sleep 1

ns 2 ping -W1 -c3 192.168.1.1

More information about the tinc mailing list