Bugfix GlobalProtect ESP magic pings over Legacy IP

GlobalProtect IPv6 support was added in
https://gitlab.com/openconnect/openconnect/-/merge_requests/188, and
specifically support for initiating an ESP connection via ICMPv6 "magic
pings" in specifically 5b98b62883216cf9306f06c6b3c9dde81bcfe789.

Getting the ICMPv6 packets to have correct checksums was quite tricky (see
commit notes) and the commit was revised several times.

Somehow we managed to remove the pre-existing code to compute the checksum
correctly in the case of ICMPv4 "magic pings", leaving behind an ICMPv4
checksum that's always zero (and thus rejected by the server, and never
correctly initiates a connection).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/gpst.c b/gpst.c
index c9cbc9bf1b55c3dd6021061809466b9fb9ec90ba..5fb1d41bb6b21a294945da91c58cbaeaad1a1038 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -1483,6 +1483,7 @@ int gpst_esp_send_probes(struct openconnect_info *vpninfo)
                        icmph->icmp_hun.ih_idseq.icd_id = htons(0x4747);
                        icmph->icmp_hun.ih_idseq.icd_seq = htons(seq);
                        memcpy(pmagic, magic_ping_payload, sizeof(magic_ping_payload)); /* required to get gateway to respond */
+                       icmph->icmp_cksum = csum((uint16_t *)icmph, (ICMP_MINLEN+sizeof(magic_ping_payload))/2);
                }
 
                if (vpninfo->dtls_state != DTLS_ESTABLISHED) {