site, transform: Do not initiate rekey when packets too much out of order

[secnet.git] / site.c

diff --git a/site.c b/site.c
index 4d3a6125bfed91a8956cbc3b3c3ebd608e8f95bc..4dbebaf3cfeefbf399d21129ee56c2f081a52e73 100644 (file)
--- a/site.c
+++ b/site.c
@@ -721,6 +721,11 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0)
                                             msg0,&transform_err);
     if (!problem) return True;
 
+    if (problem==2) {
+       slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
+       return False;
+    }
+
     slog(st,LOG_SEC,"transform: %s",transform_err);
     initiate_key_setup(st,"incoming message would not decrypt");
     return False;