In preparation for adding re-key support, stop misusing ssl_times.last_rekey.
(This seems to fix a weird frantic mainloop-invoking bug I was running into as well.)
Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
gpst.c | 19 +++----------------
mainloop.c | 2 +-
openconnect-internal.h | 1 +
3 files changed, 5 insertions(+), 17 deletions(-)
diff --git a/gpst.c b/gpst.c
index 87cfbc9..0544edb 100644
--- a/gpst.c
+++ b/gpst.c
@@ -615,7 +615,7 @@ static int gpst_connect(struct openconnect_info *vpninfo)
monitor_fd_new(vpninfo, ssl);
monitor_read_fd(vpninfo, ssl);
monitor_except_fd(vpninfo, ssl);
- vpninfo->ssl_times.last_rekey = vpninfo->ssl_times.last_rx = vpninfo->ssl_times.last_tx = time(NULL);
+ vpninfo->ssl_times.last_rx = vpninfo->ssl_times.last_tx = time(NULL);
if (vpninfo->dtls_state != DTLS_DISABLED)
vpninfo->dtls_state = DTLS_NOSECRET;
}
@@ -638,17 +638,6 @@ int gpst_setup(struct openconnect_info *vpninfo)
*/
if (vpninfo->dtls_state == DTLS_DISABLED || vpninfo->dtls_state == DTLS_NOSECRET)
ret = gpst_connect(vpninfo);
- else {
- /* We want to prevent the mainloop timers from frantically
- * calling the GPST mainloop.
- */
- vpninfo->ssl_times.last_rx = vpninfo->ssl_times.last_tx = time(NULL);
-
- /* Using (abusing?) last_rekey as the time when the SSL tunnel
- * was brought up.
- */
- vpninfo->ssl_times.last_rekey = 0;
- }
return ret;
}
@@ -673,12 +662,10 @@ int gpst_mainloop(struct openconnect_info *vpninfo, int *timeout)
return 0;
case DTLS_SECRET:
case DTLS_SLEEPING:
- if (time(NULL) < vpninfo->dtls_times.last_rekey + 5) {
+ if (!ka_check_deadline(timeout, time(NULL), vpninfo->dtls_times.last_rekey + 5)) {
/* Allow 5 seconds after configuration for ESP to start */
- if (*timeout > 5000)
- *timeout = 5000;
return 0;
- } else if (!vpninfo->ssl_times.last_rekey) {
+ } else {
/* ... before we switch to HTTPS instead */
vpn_progress(vpninfo, PRG_ERR,
_("Failed to connect ESP tunnel; using HTTPS instead.\n"));
diff --git a/mainloop.c b/mainloop.c
index 4124509..fe185fe 100644
--- a/mainloop.c
+++ b/mainloop.c
@@ -315,7 +315,7 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
return ret < 0 ? ret : -EIO;
}
-static int ka_check_deadline(int *timeout, time_t now, time_t due)
+int ka_check_deadline(int *timeout, time_t now, time_t due)
{
if (now >= due)
return 1;
diff --git a/openconnect-internal.h b/openconnect-internal.h
index e0a9218..3bb6a77 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -964,6 +964,7 @@ int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
int queue_new_packet(struct pkt_q *q, void *buf, int len);
int keepalive_action(struct keepalive_info *ka, int *timeout);
int ka_stalled_action(struct keepalive_info *ka, int *timeout);
+int ka_check_deadline(int *timeout, time_t now, time_t due);
/* xml.c */
ssize_t read_file_into_string(struct openconnect_info *vpninfo, const char *fname,
--
2.7.4
