[PATCH 4/8] tweak the dtls_state handling in preparation for supporting GlobalProtect ESP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If a protocol wishes to have dtls_state set to DTLS_SLEEPING after closing
UDP, then it must now do so explicitly, because the mainloop will no longer
set it.  This patch make both existing protocols set dtls_state explicitly
after closing the UDP connection.  (The nc protocol already did so
explicitly, but the anyconnect protocol didn't.)

The previous behavior, wherein dtls_state was *always* set to DTLS_SLEEPING
after closing UDP, was incompatible with the GlobalProtect VPN.
Disconnecting and reconnecting GlobalProtect VPN doesn't just require
require reconnecting the UDP socket and resending probes; it actually
invalidates any previously-obtained ESP secret.

Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
 dtls.c     | 1 +
 mainloop.c | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/dtls.c b/dtls.c
index c97d14d..80d6c05 100644
--- a/dtls.c
+++ b/dtls.c
@@ -169,6 +169,7 @@ void dtls_close(struct openconnect_info *vpninfo)
 		vpninfo->dtls_ssl = NULL;
 		vpninfo->dtls_fd = -1;
 	}
+	vpninfo->dtls_state = DTLS_SLEEPING;
 }
 
 static int dtls_reconnect(struct openconnect_info *vpninfo)
diff --git a/mainloop.c b/mainloop.c
index cc80d0e..4124509 100644
--- a/mainloop.c
+++ b/mainloop.c
@@ -258,7 +258,6 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
 			openconnect_close_https(vpninfo, 0);
 			if (vpninfo->dtls_state > DTLS_DISABLED) {
 				vpninfo->proto->udp_close(vpninfo);
-				vpninfo->dtls_state = DTLS_SLEEPING;
 				vpninfo->new_dtls_started = 0;
 			}
 
-- 
2.7.4




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux