The AnyConnect mobile clients send these headers, and as it so happens,
ocserv uses them to detect whether to apply "mobile-idle-timeout" or
"idle-timeout" to the connection. Currently ocserv applies "idle-timeout"
to all mobile and non-mobile openconnect clients because we aren't sending
the necessary headers. This commit fixes that.
This only has an effect when "--os android" or "--os apple-ios" is used,
or if openconnect_set_mobile_info() is called. The headers will not be
sent for traditional Linux/OSX/... clients.
Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
cstp.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/cstp.c b/cstp.c
index 9004370d813e..eed45f6fe4e6 100644
--- a/cstp.c
+++ b/cstp.c
@@ -157,6 +157,22 @@ static void append_compr_types(struct oc_text_buf *buf, const char *proto, int a
}
}
+static void append_mobile_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf)
+{
+ if (vpninfo->mobile_platform_version) {
+ buf_append(buf, "X-AnyConnect-Identifier-ClientVersion: %s\r\n",
+ openconnect_version_str);
+ buf_append(buf, "X-AnyConnect-Identifier-Platform: %s\r\n",
+ vpninfo->platname);
+ buf_append(buf, "X-AnyConnect-Identifier-PlatformVersion: %s\r\n",
+ vpninfo->mobile_platform_version);
+ buf_append(buf, "X-AnyConnect-Identifier-DeviceType: %s\r\n",
+ vpninfo->mobile_device_type);
+ buf_append(buf, "X-AnyConnect-Identifier-Device-UniqueID: %s\r\n",
+ vpninfo->mobile_device_uniqueid);
+ }
+}
+
static int start_cstp_connection(struct openconnect_info *vpninfo)
{
struct oc_text_buf *reqbuf;
@@ -196,6 +212,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
buf_append(reqbuf, "X-CSTP-Version: 1\r\n");
buf_append(reqbuf, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
+ append_mobile_headers(vpninfo, reqbuf);
append_compr_types(reqbuf, "CSTP", vpninfo->req_compr);
if (base_mtu)
@@ -1120,16 +1137,6 @@ void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *b
buf_append(buf, "X-AnyConnect-Platform: %s\r\n",
vpninfo->platname);
}
- if (vpninfo->mobile_platform_version) {
- buf_append(buf, "X-AnyConnect-Identifier-ClientVersion: %s\r\n",
- openconnect_version_str);
- buf_append(buf, "X-AnyConnect-Identifier-Platform: %s\r\n",
- vpninfo->platname);
- buf_append(buf, "X-AnyConnect-Identifier-PlatformVersion: %s\r\n",
- vpninfo->mobile_platform_version);
- buf_append(buf, "X-AnyConnect-Identifier-DeviceType: %s\r\n",
- vpninfo->mobile_device_type);
- buf_append(buf, "X-AnyConnect-Identifier-Device-UniqueID: %s\r\n",
- vpninfo->mobile_device_uniqueid);
- }
+
+ append_mobile_headers(vpninfo, buf);
}
--
2.2.2
