add delay_tunnel flag to delay tunnel creation

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/mainloop.c b/mainloop.c
index ca5f9f60b206209dd295dd89cb8bdb014c1af928..7986474339cad5d8250badcbd5778f7588386b35 100644 (file)
--- a/mainloop.c
+++ b/mainloop.c
@@ -204,29 +204,28 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
                else
                        timeout = 1000;
 
-               if (vpninfo->dtls_state > DTLS_DISABLED) {
-                       /* Postpone tun device creation after DTLS is connected so
-                        * we have a better knowledge of the link MTU. We also
-                        * force the creation if DTLS enters sleeping mode - i.e.,
-                        * we failed to connect on time. */
-                       if (!tun_is_up(vpninfo) && (vpninfo->dtls_state == DTLS_CONNECTED ||
-                           vpninfo->dtls_state == DTLS_SLEEPING)) {
+               if (!tun_is_up(vpninfo)) {
+                       if (vpninfo->delay_tunnel)
+                               vpn_progress(vpninfo, PRG_DEBUG, _("Delaying tunnel by protocol request.\n"));
+                       else if (vpninfo->dtls_state == DTLS_CONNECTING) {
+                               /* Postpone tun device creation after DTLS is connected so
+                                * we have a better knowledge of the link MTU. We also
+                                * force the creation if DTLS enters sleeping mode - i.e.,
+                                * we failed to connect on time. */
+                               vpn_progress(vpninfo, PRG_DEBUG, _("Delaying tunnel until link MTU determined.\n"));
+                       } else {
+                               /* No DTLS, or DTLS failed; setup TUN device unconditionally */
                                ret = setup_tun_device(vpninfo);
-                               if (ret) {
+                               if (ret)
                                        break;
-                               }
                        }
+               }
 
+               if (vpninfo->dtls_state > DTLS_DISABLED) {
                        ret = vpninfo->proto->udp_mainloop(vpninfo, &timeout, udp_r);
                        if (vpninfo->quit_reason)
                                break;
                        did_work += ret;
-
-               } else if (!tun_is_up(vpninfo)) {
-                       /* No DTLS - setup TUN device unconditionally */
-                       ret = setup_tun_device(vpninfo);
-                       if (ret)
-                               break;
                }
 
                ret = vpninfo->proto->tcp_mainloop(vpninfo, &timeout, tcp_r);

diff --git a/openconnect-internal.h b/openconnect-internal.h
index e028d8d5e1168856b273914d8a4120f84ee24c87..18de249bcefea0184546f94981543370c3ec5356 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -648,6 +648,7 @@ struct openconnect_info {
 #endif
        int ssl_fd;
        int dtls_fd;
+       int delay_tunnel;                       /* Delay tunnel setup */
 
        int dtls_tos_current;
        int dtls_pass_tos;

diff --git a/ppp.c b/ppp.c
index 5751f178b963cf97ff7c3ae18f26751f8d998710..e09f6d8d3f0a651107f67c3714cd446d61e34460 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -212,6 +212,9 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo,
        if (!ppp)
                return -ENOMEM;
 
+       /* Delay tunnel setup during PPP negotiation */
+       vpninfo->delay_tunnel = 1;
+
        /* Nameservers to request from peer
         * (see https://tools.ietf.org/html/rfc1877#section-1) */
        ppp->solicit_peerns = 0;
@@ -761,8 +764,10 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
                        }
                }
 
-               if (network)
+               if (network) {
                        ppp->ppp_state = PPPS_NETWORK;
+                       vpninfo->delay_tunnel = 0;
+               }
                break;
        case PPPS_NETWORK:
                break;