Improve Pulse ESP setup reliability.

Sometimes, the server is slow to process the ESP config so our first probes
don't elicit a response. Abuse the licensing information packet which comes
after the connection is set up, and send a second set of probes when it
arrives.

Perhaps we should actually send three probes, half a second apart.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/pulse.c b/pulse.c
index baf45b66b12af085b7b0c3d1f9a030b1c83b7e00..48925ebd754e9e5d072907a485faa65ae5fe17ea 100644 (file)
--- a/pulse.c
+++ b/pulse.c
@@ -2052,6 +2052,15 @@ int pulse_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
                        print_esp_keys(vpninfo, _("new outgoing"), &vpninfo->esp_out);
                        continue;
 
+               case 0x96:
+                       /* It sends the licence information once the connection is set up. For
+                        * now, abuse this to deal with the race condition in ESP setup — it looks
+                        * like the server doesn't process the ESP config until after we've sent
+                        * the probes, in some cases. */
+                       if (vpninfo->dtls_state == DTLS_SLEEPING)
+                               vpninfo->proto->udp_send_probes(vpninfo);
+                       break;
+
                default:
                unknown_pkt:
                        vpn_progress(vpninfo, PRG_ERR,