add openconnect_disable_dtls() API function

This also adds the API function to the Java bindings.

The immediate motivation is that there are a lot of Android users with
MTU-related issues (https://github.com/cernekee/ics-openconnect), and
disabling UDP/DTLS/ESP is a good temporary band-aid.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
index e9606ba0054270bc7b24d739a7222b28fd52f4aa..bdf3d10725ffd93a01d46e0aa6024082d1f45d3a 100644 (file)
--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -151,6 +151,8 @@ public abstract class LibOpenConnect {
        public synchronized native int setAllowInsecureCrypto(boolean isEnabled);
        public synchronized native void setSystemTrust(boolean isEnabled);
        public synchronized native int setProtocol(String protocol);
+       public synchronized native void disableDTLS();
+       public synchronized native void disableIPv6();
 
        /* connection info */
 

diff --git a/jni.c b/jni.c
index 9ef7959ec80945736f8305e32993d4d98c183f8f..6df1b6bbff8739608c89a53b71196464420e848c 100644 (file)
--- a/jni.c
+++ b/jni.c
@@ -1011,6 +1011,16 @@ JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_disableI
        openconnect_disable_ipv6(ctx->vpninfo);
 }
 
+JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_disableDTLS(
+       JNIEnv *jenv, jobject jobj)
+{
+       struct libctx *ctx = getctx(jenv, jobj);
+
+       if (!ctx)
+               return;
+       openconnect_disable_dtls(ctx->vpninfo);
+}
+
 JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setCertExpiryWarning(
        JNIEnv *jenv, jobject jobj, jint arg)
 {

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 9c5171fb667347879c7727da66aa816137af93b2..55aec62e161576650b594cdab94a650df5fb82f3 100644 (file)
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -113,6 +113,7 @@ OPENCONNECT_5_7 {
        openconnect_set_cookie;
        openconnect_set_allow_insecure_crypto;
        openconnect_get_auth_expiration;
+       openconnect_disable_dtls;
 } OPENCONNECT_5_6;
 
 OPENCONNECT_PRIVATE {

diff --git a/library.c b/library.c
index 9ab19817ba75cd27aab3ec478ba8fca58c14f6aa..77dc8deb39b360305e0081b3ae96cd853cabe66f 100644 (file)
--- a/library.c
+++ b/library.c
@@ -557,6 +557,11 @@ void openconnect_disable_ipv6(struct openconnect_info *vpninfo)
        vpninfo->disable_ipv6 = 1;
 }
 
+void openconnect_disable_dtls(struct openconnect_info *vpninfo)
+{
+       vpninfo->dtls_state = DTLS_DISABLED;
+}
+
 int openconnect_set_cafile(struct openconnect_info *vpninfo, const char *cafile)
 {
        UTF8CHECK(cafile);

diff --git a/openconnect.h b/openconnect.h
index 8fba0ddfd00c7c5ac06b3b3ab48e34972bca9809..6921c39a530358474cc97ae61a23747e4729005c 100644 (file)
--- a/openconnect.h
+++ b/openconnect.h
@@ -40,6 +40,7 @@ extern "C" {
  *  - Add openconnect_set_cookie()
  *  - Add openconnect_set_allow_insecure_crypto()
  *  - Add openconnect_get_auth_expiration()
+ *  - Add openconnect_disable_dtls()
  *
  * API version 5.6 (v8.06; 2020-03-31):
  *  - Add openconnect_set_trojan_interval()
@@ -550,6 +551,7 @@ int openconnect_set_cookie(struct openconnect_info *, const char *);
 void openconnect_clear_cookie(struct openconnect_info *);
 
 void openconnect_disable_ipv6(struct openconnect_info *vpninfo);
+void openconnect_disable_dtls(struct openconnect_info *vpninfo);
 void openconnect_reset_ssl(struct openconnect_info *vpninfo);
 int openconnect_parse_url(struct openconnect_info *vpninfo, const char *url);
 void openconnect_set_cert_expiry_warning(struct openconnect_info *vpninfo,