Remove Cisco-specific option handling from dtls_setup()

As we start to use DTLS for protocols other than Cisco AnyConnect, we
need to start disentangling the underlying DTLS support from the Cisco
protocol. Start by moving the X-DTLS-Foo: header processing into cstp.c
where half of it was anyway.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/cstp.c b/cstp.c
index c2c6c83b8c9f30182addcb6acf9b4de4323c82ce..59841be657304dff2207037fe07fd9c7086ffd39 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -519,7 +519,27 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
                                /* Remember if it came from a 'X-DTLS12-CipherSuite:' header */
                                vpninfo->cisco_dtls12 = (i == 9);
                                vpninfo->dtls_cipher = strdup(colon);
+                       } else if (!strcmp(buf + i, "Port")) {
+                               int dtls_port = atol(colon);
+                               if (dtls_port)
+                                       udp_sockaddr(vpninfo, dtls_port);
+                       } else if (!strcmp(buf + i, "Keepalive")) {
+                               vpninfo->dtls_times.keepalive = atol(colon);
+                       } else if (!strcmp(buf + i, "DPD")) {
+                               int j = atol(colon);
+                               if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd))
+                                       vpninfo->dtls_times.dpd = j;
+                       } else if (!strcmp(buf + i, "Rekey-Method")) {
+                               if (!strcmp(colon, "new-tunnel"))
+                                       vpninfo->dtls_times.rekey_method = REKEY_TUNNEL;
+                               else if (!strcmp(colon, "ssl"))
+                                       vpninfo->dtls_times.rekey_method = REKEY_SSL;
+                               else
+                                       vpninfo->dtls_times.rekey_method = REKEY_NONE;
+                       } else if (!strcmp(buf + i, "Rekey-Time")) {
+                               vpninfo->dtls_times.rekey = atol(colon);
                        }
+
                        continue;
                }
                /* CSTP options... */

diff --git a/dtls.c b/dtls.c
index 3381de54300ce1b496c3e97c68b4cf1a10293931..670e558b3014fd61f83bc0fe6f78f54de374c0b4 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -185,52 +185,19 @@ static int dtls_reconnect(struct openconnect_info *vpninfo)
 
 int dtls_setup(struct openconnect_info *vpninfo)
 {
-       struct oc_vpn_option *dtls_opt = vpninfo->dtls_options;
-       int dtls_port = 0;
-
        if (vpninfo->dtls_state == DTLS_DISABLED)
                return -EINVAL;
 
        if (!vpninfo->dtls_attempt_period)
                return 0;
 
-       while (dtls_opt) {
-               vpn_progress(vpninfo, PRG_DEBUG,
-                            _("DTLS option %s : %s\n"),
-                            dtls_opt->option, dtls_opt->value);
-
-               if (!strcmp(dtls_opt->option, "X-DTLS-Port")) {
-                       dtls_port = atol(dtls_opt->value);
-               } else if (!strcmp(dtls_opt->option, "X-DTLS-Keepalive")) {
-                       vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
-               } else if (!strcmp(dtls_opt->option, "X-DTLS-DPD")) {
-                       int j = atol(dtls_opt->value);
-                       if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd))
-                               vpninfo->dtls_times.dpd = j;
-               } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Method")) {
-                       if (!strcmp(dtls_opt->value, "new-tunnel"))
-                               vpninfo->dtls_times.rekey_method = REKEY_TUNNEL;
-                       else if (!strcmp(dtls_opt->value, "ssl"))
-                               vpninfo->dtls_times.rekey_method = REKEY_SSL;
-                       else
-                               vpninfo->dtls_times.rekey_method = REKEY_NONE;
-               } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Time")) {
-                       vpninfo->dtls_times.rekey = atol(dtls_opt->value);
-               }
-
-               dtls_opt = dtls_opt->next;
-       }
-       if (!dtls_port) {
+       if (!vpninfo->dtls_addr) {
                vpninfo->dtls_attempt_period = 0;
                return -EINVAL;
        }
        if (vpninfo->dtls_times.rekey <= 0)
                vpninfo->dtls_times.rekey_method = REKEY_NONE;
 
-       if (udp_sockaddr(vpninfo, dtls_port)) {
-               vpninfo->dtls_attempt_period = 0;
-               return -EINVAL;
-       }
        if (connect_dtls_socket(vpninfo))
                return -EINVAL;