Index: src/racoon/isakmp_inf.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
retrieving revision 1.41
diff -u -r1.41 isakmp_inf.c
--- a/src/racoon/isakmp_inf.c	3 Jul 2009 06:41:46 -0000	1.41
+++ b/src/racoon/isakmp_inf.c	5 May 2010 15:56:38 -0000
@@ -1450,17 +1450,16 @@
 	struct isakmp_pl_ru *ru;
 	u_int32_t msgid;
 {
+	u_int32_t seq;
 
 	plog(LLV_DEBUG, LOCATION, iph1->remote,
 		 "DPD R-U-There-Ack received\n");
 
-	/* XXX Maintain window of acceptable sequence numbers ?
-	 * => ru->data <= iph2->dpd_seq &&
-	 *    ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */
-	if (ntohl(ru->data) != iph1->dpd_seq-1) {
+	seq = ntohl(ru->data);
+	if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
 		plog(LLV_ERROR, LOCATION, iph1->remote,
-			 "Wrong DPD sequence number (%d, %d expected).\n", 
-			 ntohl(ru->data), iph1->dpd_seq-1);
+			 "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n", 
+			 seq, iph1->dpd_last_ack, iph1->dpd_seq);
 		return 0;
 	}
 
@@ -1472,6 +1471,7 @@
 	}
 
 	iph1->dpd_fails = 0;
+	iph1->dpd_last_ack = seq;
 	sched_cancel(&iph1->dpd_r_u);
 	isakmp_sched_r_u(iph1, 0);
 
@@ -1535,12 +1535,13 @@
 	memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t));
 	memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t));
 
-	if (iph1->dpd_seq == 0){
+	if (iph1->dpd_seq == 0) {
 		/* generate a random seq which is not too big */
-		srand(time(NULL));
-		iph1->dpd_seq = rand() & 0x0fff;
+		iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff;
 	}
 
+	iph1->dpd_seq++;
+	iph1->dpd_fails++;
 	ru->data = htonl(iph1->dpd_seq);
 
 	error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
@@ -1549,12 +1550,6 @@
 	plog(LLV_DEBUG, LOCATION, iph1->remote,
 		 "DPD R-U-There sent (%d)\n", error);
 
-	/* will be decreased if ACK received... */
-	iph1->dpd_fails++;
-
-	/* XXX should be increased only when ACKed ? */
-	iph1->dpd_seq++;
-
 	/* Reschedule the r_u_there with a short delay,
 	 * will be deleted/rescheduled if ACK received before */
 	isakmp_sched_r_u(iph1, 1);
Index: src/racoon/handler.h
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
retrieving revision 1.22
diff -u -r1.22 handler.h
--- a/src/racoon/handler.h	3 Sep 2009 09:29:07 -0000	1.22
+++ b/src/racoon/handler.h	5 May 2010 15:56:39 -0000
@@ -202,7 +202,8 @@
 
 #ifdef ENABLE_DPD
 	int		dpd_support;	/* Does remote supports DPD ? */
-	u_int16_t	dpd_seq;		/* DPD seq number to receive */
+	u_int32_t	dpd_last_ack;
+	u_int32_t	dpd_seq;		/* DPD seq number to receive */
 	u_int8_t	dpd_fails;		/* number of failures */
 	struct sched	dpd_r_u;
 #endif