make delay_tunnel consistent with delay_close

1. Decrement counter on each mainloop iteration. Protocol needs to keep setting it to get more mainloop iterations before tunnel setup / close.
2. Value ≥2 causes us to set did_work=1, resulting in no delay before we call mainloop again. Protocol should only set this if it needs to SEND something in order to move things along.
3. Value =1 causes us to set did_work=0, resulting in a delay before we call mainloop again. Protocol should only set this if it needs to RECEIVE something in order to move things along.

Also fix values of NCP_TERM_ACK_{SENT,RECEIVED}.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/mainloop.c b/mainloop.c
index b9c8ce2960de1d1aa357e180f5c13ed0e0e73d9a..13d4592526b8bc7ee1c7237106b1db2baa874e10 100644 (file)
--- a/mainloop.c
+++ b/mainloop.c
@@ -207,9 +207,12 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
                        timeout = 1000;
 
                if (!tun_is_up(vpninfo)) {
-                       if (vpninfo->delay_tunnel)
+                       if (vpninfo->delay_tunnel > 0) {
                                vpn_progress(vpninfo, PRG_DEBUG, _("Delaying tunnel by protocol request.\n"));
-                       else if (vpninfo->dtls_state == DTLS_CONNECTING) {
+                               /* XX: don't let this spin forever */
+                               if (--vpninfo->delay_tunnel > 0)
+                                       did_work++;
+                       } else if (vpninfo->dtls_state == DTLS_CONNECTING) {
                                /* Postpone tun device creation after DTLS is connected so
                                 * we have a better knowledge of the link MTU. We also
                                 * force the creation if DTLS enters sleeping mode - i.e.,

diff --git a/openconnect-internal.h b/openconnect-internal.h
index f36bd61fbf3ba0016c83ce3987d791b6b6963595..055ff6f15e2a1777c62ffb78a83ebbd8be61de79 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -649,8 +649,8 @@ struct openconnect_info {
 #endif
        int ssl_fd;
        int dtls_fd;
-       int delay_tunnel;                       /* Delay tunnel setup */
-       int delay_close;                        /* Delay close of mainloop */
+       int delay_tunnel;                       /* Delay tunnel setup (2 for immediate callback, 1 for wait) */
+       int delay_close;                        /* Delay close of mainloop (2 for immediate callback, 1 for wait) */
 
        int dtls_tos_current;
        int dtls_pass_tos;

diff --git a/ppp.c b/ppp.c
index 78de5890c394c1e335da14acda75c91fe719dcd5..5186b1c1de80a846d721dc12e93a0c3bccc78185 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -780,9 +780,6 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
 
        switch (ppp->ppp_state) {
        case PPPS_DEAD:
-               /* Delay tunnel setup until after PPP negotiation */
-               vpninfo->delay_tunnel = 1;
-
                /* Prevent race conditions after recovering dead peer connection */
                vpninfo->ssl_times.last_rx = vpninfo->ssl_times.last_tx = now;
 
@@ -831,8 +828,7 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
                        break;
 
                ppp->ppp_state = PPPS_NETWORK;
-               vpninfo->delay_tunnel = 0; /* tunnel can start now */
-               vpninfo->delay_close = 2;  /* need two mainloop iterations on close (send TERMREQ; receive TERMACK) */
+               vpninfo->delay_close = 2;  /* we will need immediate callback (to send TERMREQ) when local side wants to close */
                /* fall through */
 
        case PPPS_NETWORK:
@@ -854,9 +850,10 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
                                ppp->lcp.state |= NCP_TERM_REQ_SENT;
                                ppp->lcp.last_req = now;
                                (void) queue_config_packet(vpninfo, PPP_LCP, ++ppp->lcp.id, TERMREQ, 0, NULL);
+                               vpninfo->delay_close = 1; /* need to wait until we receive TERMACK */
                        }
                        if (!ka_check_deadline(timeout, now, ppp->lcp.last_req + 3))
-                               vpninfo->delay_close = 1;
+                               vpninfo->delay_close = 1; /* still waiting to receive TERMACK */
                        else
                                (void) queue_config_packet(vpninfo, PPP_LCP, ++ppp->lcp.id, TERMREQ, 0, NULL);
                }
@@ -867,6 +864,9 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
                return -EINVAL;
        }
 
+       /* Delay tunnel setup until after PPP negotiation */
+       vpninfo->delay_tunnel = (ppp->ppp_state == PPPS_NETWORK ? 0 : 1);
+
        if (last_state != ppp->ppp_state) {
                vpn_progress(vpninfo, PRG_DEBUG,
                             _("PPP state transition from %s to %s\n"),

diff --git a/ppp.h b/ppp.h
index 07f2a8f590f5a18692cbffcd5c26179c7353065e..2f3ac6f787b31c1f32f9bde80c94533fed554d44 100644 (file)
--- a/ppp.h
+++ b/ppp.h
@@ -58,8 +58,8 @@
 #define NCP_CONF_ACK_SENT      8
 #define NCP_TERM_REQ_SENT      16
 #define NCP_TERM_REQ_RECEIVED  32
-#define NCP_TERM_ACK_SENT      16
-#define NCP_TERM_ACK_RECEIVED  32
+#define NCP_TERM_ACK_SENT      64
+#define NCP_TERM_ACK_RECEIVED  128
 
 /* RFC1661 (or RFC1662 for ASYNCMAP) */
 #define LCP_MRU                        1