Print Pulse server's IPv6 internal gateway address (in addition to Legacy IP)

The existence of this attribute was noted in
https://gitlab.com/openconnect/openconnect/-/issues/254#note_595455571.  As
with its Legacy IP equivalent, an IPv6 "gateway" address is superfluous and
unnecessary for a tunnel connection.

Known Pulse servers consistently send an IPv6 internal gateway address which
falls in the fc00::/7 range of "unique local addresses"
(https://en.wikipedia.org/wiki/Unique_local_address), as in this example:

    $ openconnect -vv pulse.vpn.com
    ...
    Received internal Legacy IP address 10.200.200.2
    Received netmask 255.255.255.255
    Received internal gateway address 10.200.200.200        (Legacy IP)
    Received internal IPv6 address 2001:abc:123:4::567/128
    Received internal gateway IPv6 address fd00::ac8:c8c8   (IPv6)
    Received IPv6 split include ::/0

This patch also *renames* the 'cstp_options' entry for the Legacy IP gateway
address (was 'ipaddr', changed to 'gateway') so that any front-end which
uses this list won't confuse it with the VPN interface's assigned Legacy IP
address (which is named 'ipaddr' for all currently-supported protocols).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/pulse.c b/pulse.c
index 8a03d8151b718f95a89e76bb9a15f0b0a7de646c..3ce765b486fdc0d48fd51acb653de2d69df339cb 100644 (file)
--- a/pulse.c
+++ b/pulse.c
@@ -395,7 +395,7 @@ static int process_attr(struct openconnect_info *vpninfo, struct oc_vpn_option *
                vpn_progress(vpninfo, PRG_DEBUG, _("Received internal gateway address %s\n"), buf);
                /* Hm, what are we supposed to do with this? It's a tunnel;
                   having a gateway is meaningless. */
-               add_option_dup(new_opts, "ipaddr", buf, -1);
+               add_option_dup(new_opts, "gateway", buf, -1);
                break;
 
        case 0x4010: {
@@ -491,6 +491,21 @@ static int process_attr(struct openconnect_info *vpninfo, struct oc_vpn_option *
                             data[0]);
                break;
 
+       case 0x401e:
+               if (attrlen != 16)
+                       goto badlen;
+               if (!inet_ntop(AF_INET6, data, buf, sizeof(buf))) {
+                       vpn_progress(vpninfo, PRG_ERR,
+                                    _("Failed to handle IPv6 address\n"));
+                       return -EINVAL;
+               }
+
+               vpn_progress(vpninfo, PRG_DEBUG, _("Received internal gateway IPv6 address %s\n"), buf);
+               /* Hm, what are we supposed to do with this? It's a tunnel;
+                  having a gateway is meaningless. */
+               add_option_dup(new_opts, "gateway6", buf, -1);
+               break;
+
        /* 0x4022: disable proxy
           0x400a: preserve proxy
           0x4008: proxy (string)
@@ -500,7 +515,6 @@ static int process_attr(struct openconnect_info *vpninfo, struct oc_vpn_option *
           0x401f:  tunnel routes with subnet access (also 4001 set)
           0x4020: Enforce IPv4
           0x4021: Enforce IPv6
-          0x401e: Server IPv6 address
        */
 
        default: