Move Juniper ESP probe handling to oncp.c

Let's not pollute the generic esp.c with this, given that GlobalProtect is
going to want to do it differently.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/esp.c b/esp.c
index f487580ea3cecf2f0b3cc8b43d772d1e0650d5c7..5cea3fbd2c438dba7ed40d1a721f62b679b4a84b 100644 (file)
--- a/esp.c
+++ b/esp.c
@@ -71,52 +71,6 @@ int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct es
        return 0;
 }
 
-int esp_send_probes(struct openconnect_info *vpninfo)
-{
-       struct pkt *pkt;
-       int pktlen;
-
-       if (vpninfo->dtls_fd == -1) {
-               int fd = udp_connect(vpninfo);
-               if (fd < 0)
-                       return fd;
-
-               /* We are not connected until we get an ESP packet back */
-               vpninfo->dtls_state = DTLS_SLEEPING;
-               vpninfo->dtls_fd = fd;
-               monitor_fd_new(vpninfo, dtls);
-               monitor_read_fd(vpninfo, dtls);
-               monitor_except_fd(vpninfo, dtls);
-       }
-
-       pkt = malloc(sizeof(*pkt) + 1 + vpninfo->pkt_trailer);
-       if (!pkt)
-               return -ENOMEM;
-
-       pkt->len = 1;
-       pkt->data[0] = 0;
-       pktlen = encrypt_esp_packet(vpninfo, pkt);
-       if (pktlen >= 0)
-               send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
-
-       pkt->len = 1;
-       pkt->data[0] = 0;
-       pktlen = encrypt_esp_packet(vpninfo, pkt);
-       if (pktlen >= 0)
-               send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
-
-       free(pkt);
-
-       vpninfo->dtls_times.last_tx = time(&vpninfo->new_dtls_started);
-
-       return 0;
-};
-
-int esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt)
-{
-       return (pkt->len == 1 && pkt->data[0] == 0);
-}
-
 int esp_setup(struct openconnect_info *vpninfo, int dtls_attempt_period)
 {
        if (vpninfo->dtls_state == DTLS_DISABLED ||

diff --git a/library.c b/library.c
index daa1f01d7caf21ae8ad1b8b7f0027bf7e2843c31..b0d635b308725fc36b26b8eebf7a036f6bb7ea2e 100644 (file)
--- a/library.c
+++ b/library.c
@@ -138,8 +138,8 @@ const struct vpn_proto openconnect_protos[] = {
                .udp_mainloop = esp_mainloop,
                .udp_close = esp_close,
                .udp_shutdown = esp_shutdown,
-               .udp_send_probes = esp_send_probes,
-               .udp_catch_probe = esp_catch_probe,
+               .udp_send_probes = oncp_esp_send_probes,
+               .udp_catch_probe = oncp_esp_catch_probe,
 #endif
        },
        { /* NULL */ }

diff --git a/oncp.c b/oncp.c
index 17853af923677497888c129ec078202b58ceb2ef..bc01a3f8fe925fbba3956f9c68cd94fc5d499d5c 100644 (file)
--- a/oncp.c
+++ b/oncp.c
@@ -1301,3 +1301,51 @@ int oncp_bye(struct openconnect_info *vpninfo, const char *reason)
        free(res_buf);
        return ret;
 }
+
+#ifdef HAVE_ESP
+int oncp_esp_send_probes(struct openconnect_info *vpninfo)
+{
+       struct pkt *pkt;
+       int pktlen;
+
+       if (vpninfo->dtls_fd == -1) {
+               int fd = udp_connect(vpninfo);
+               if (fd < 0)
+                       return fd;
+
+               /* We are not connected until we get an ESP packet back */
+               vpninfo->dtls_state = DTLS_SLEEPING;
+               vpninfo->dtls_fd = fd;
+               monitor_fd_new(vpninfo, dtls);
+               monitor_read_fd(vpninfo, dtls);
+               monitor_except_fd(vpninfo, dtls);
+       }
+
+       pkt = malloc(sizeof(*pkt) + 1 + vpninfo->pkt_trailer);
+       if (!pkt)
+               return -ENOMEM;
+
+       pkt->len = 1;
+       pkt->data[0] = 0;
+       pktlen = encrypt_esp_packet(vpninfo, pkt);
+       if (pktlen >= 0)
+               send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
+
+       pkt->len = 1;
+       pkt->data[0] = 0;
+       pktlen = encrypt_esp_packet(vpninfo, pkt);
+       if (pktlen >= 0)
+               send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
+
+       free(pkt);
+
+       vpninfo->dtls_times.last_tx = time(&vpninfo->new_dtls_started);
+
+       return 0;
+};
+
+int oncp_esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt)
+{
+       return (pkt->len == 1 && pkt->data[0] == 0);
+}
+#endif /* HAVE_ESP */

diff --git a/openconnect-internal.h b/openconnect-internal.h
index 5b9a8d6c555a71cedd45423e9e904dc243d1f6b4..e96610b81e0d31b4a7cb56959ec8bee4b8bf301d 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -857,6 +857,8 @@ int queue_esp_control(struct openconnect_info *vpninfo, int enable);
 int oncp_connect(struct openconnect_info *vpninfo);
 int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout);
 int oncp_bye(struct openconnect_info *vpninfo, const char *reason);
+int oncp_esp_send_probes(struct openconnect_info *vpninfo);
+int oncp_esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt);
 
 /* lzs.c */
 int lzs_decompress(unsigned char *dst, int dstlen, const unsigned char *src, int srclen);
@@ -904,8 +906,6 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout);
 void esp_close(struct openconnect_info *vpninfo);
 void esp_shutdown(struct openconnect_info *vpninfo);
 int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct esp *esp);
-int esp_send_probes(struct openconnect_info *vpninfo);
-int esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt);
 
 /* {gnutls,openssl}-esp.c */
 int setup_esp_keys(struct openconnect_info *vpninfo, int new_keys);