On Mon, 2019-03-25 at 16:25 +0000, David Woodhouse wrote:
> On Mon, 2019-03-25 at 16:05 +0000, David Woodhouse wrote:
> > /* XXX: Keep the packet somewhere? */
>
>
> Try this.
Er, no, this.
> diff --git a/esp.c b/esp.c
> index 9b79c03a..e1a52112 100644
> --- a/esp.c
> +++ b/esp.c
> @@ -262,34 +262,53 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout)
> break;
> }
> unmonitor_write_fd(vpninfo, dtls);
> - while ((this = dequeue_packet(&vpninfo->outgoing_queue))) {
> + while (1) {
> int len;
>
> - len = encrypt_esp_packet(vpninfo, this);
> - if (len > 0) {
> - ret = send(vpninfo->dtls_fd, (void *)&this->esp, len, 0);
> - if (ret < 0) {
> - /* Not that this is likely to happen with UDP, but... */
> - if (errno == ENOBUFS || errno == EAGAIN || errno == EWOULDBLOCK) {
> - monitor_write_fd(vpninfo, dtls);
> - /* XXX: Keep the packet somewhere? */
> - free(this);
> - return work_done;
> - } else {
> - /* A real error in sending. Fall back to TCP? */
> - vpn_progress(vpninfo, PRG_ERR,
> - _("Failed to send ESP packet: %s\n"),
> - strerror(errno));
> - }
> - } else {
> - vpninfo->dtls_times.last_tx = time(NULL);
> + if (vpninfo->deflate_pkt) {
> + this = vpninfo->deflate_pkt;
> + vpninfo->deflate_pkt = NULL;
> + len = this->len;
> + } else {
> + this = dequeue_packet(&vpninfo->outgoing_queue);
> + if (!this)
> + break;
>
> - vpn_progress(vpninfo, PRG_TRACE, _("Sent ESP packet of %d bytes\n"),
> + len = encrypt_esp_packet(vpninfo, this);
> + if (len < 0) {
> + vpn_progress(vpninfo, PRG_ERR,
> + _("Failed to encrypt ESP packet: %d\n"),
> len);
> + free(this);
> + work_done = 1;
> + continue;
> + }
> + }
> +
> + ret = send(vpninfo->dtls_fd, (void *)&this->esp, len, 0);
> + if (ret < 0) {
> + /* Not that this is likely to happen with UDP, but... */
> + if (errno == ENOBUFS || errno == EAGAIN || errno == EWOULDBLOCK) {
> + int err = errno;
> + monitor_write_fd(vpninfo, dtls);
> + vpninfo->deflate_pkt = this;
this->len = len;
> + vpn_progress(vpninfo, PRG_ERR,
> + _("Requeueing failed ESP send: %s\n"),
> + strerror(err));
> + return work_done;
> + } else {
> + /* A real error in sending. Fall back to TCP? */
> + vpn_progress(vpninfo, PRG_ERR,
> + _("Failed to send ESP packet: %s\n"),
> + strerror(errno));
> }
> } else {
> - /* XXX: Fall back to TCP transport? */
> + vpninfo->dtls_times.last_tx = time(NULL);
> +
> + vpn_progress(vpninfo, PRG_TRACE, _("Sent ESP packet of %d bytes\n"),
> + len);
> }
> +
> free(this);
> work_done = 1;
> }
> @@ -310,6 +329,10 @@ void esp_close(struct openconnect_info *vpninfo)
> }
> if (vpninfo->dtls_state > DTLS_DISABLED)
> vpninfo->dtls_state = DTLS_SLEEPING;
> + if (vpninfo->deflate_pkt) {
> + free(vpninfo->deflate_pkt);
> + vpninfo->deflate_pkt = NULL;
> + }
> }
>
> void esp_shutdown(struct openconnect_info *vpninfo)
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
