On Sun, May 14, 2017 at 12:12 AM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Sat, 2017-05-13 at 18:56 -0400, Nikolay Martynov wrote: > Thanks for the patches. This whole thing has made me a bit sad about > the packet handling; I think I want to put an explicit 'allocated size' > field into struct pkt so we don't ever have to make assumptions. This > has caused problems for CSTP before. > > Long plane ride ahead of me today; I'll make sure I'm set up to do > this, and also finally merge Daniel's GP support, while I'm locked in a > tin can... Great! Just be aware that my "globalprotect" branch (https://github.com/dlenski/openconnect/tree/globalprotect) now includes more than JUST GlobalProtect changes: - A couple small modifications to the dtls_state handling (see e5a0e4d4417062bb88e590660c67946e5c295c38 and a93bbd76ea32ac81b6c2d6fb405f9b815b37eaf5) to accommodate the fact that GlobalProtect has to do an awkward tap-dance between the SSL and ESP tunnel setup to prevent them from stepping on each others' toes. - I merged my patch to securely log off a Juniper VPN connection with oncp_bye (5a5b224f2839056ac87bfa3dd621c35b7073f856). openconnect v7.08 leaves the Juniper authcookie "alive" even with SIGINT, which is an unexpected security hazard. - A patch to add OC_FORM_OPT_FILL_{USERNAME,PASSWORD} flags to hint at the purpose of a form field, without requiring that field to have an AnyConnect-specific name (85c1e35dc276c158710cc32c9d9c5c2108a3a09d) - The support for enumeration of supported protocols which we've been discussing (merged in 005bca167453a9a6545cb7a85781fae36f86c4a4) - A few patches to make utility functions global rather than static (e.g. free_optlist, dump_buf_hex) so that they can be reused among multiple protocols. I've been using this build of openconnect with *multiple* AnyConnect and *multiple* Juniper VPNs for months, and they're all now working fine. But if you want me to try to rearrange these to separate them more cleanly, I can take a crack at it. -Dan
