handle state transition after sending config packets as well, and prevent race condit...

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/f5.c b/f5.c
index a9a307e20feabd2bf7ceb8532c1e3a0a6514d866..44de5b3b1e19a299819f2e9dbf9197e2f69491d9 100644 (file)
--- a/f5.c
+++ b/f5.c
@@ -319,7 +319,8 @@ static int get_ip_address(struct openconnect_info *vpninfo, char *header, char *
                if (!s) return -ENOMEM;
        }
         /* XX: The server's IP address(es) X-VPN-server-{IP,IPv6} are also
-         * sent, but the utility of these is unclear. */
+         * sent, but the utility of these is unclear. As remarked in oncp.c,
+        * "this is a tunnel; having a gateway is meaningless." */
        return 0;
 }
 

diff --git a/ppp.c b/ppp.c
index c7b585035d2a3214703c44c4f78d98b2e051941d..6cba421b30dc9bf19748ca33a7bb61ccf3d3bbbe 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -740,6 +740,16 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou
 
        switch (ppp->ppp_state) {
        case PPPS_DEAD:
+               /* Delay tunnel setup until after PPP negotiation */
+               vpninfo->delay_tunnel = 1;
+
+               /* Prevent race conditions after recovering dead peer connection */
+               vpninfo->ssl_times.last_rx = vpninfo->ssl_times.last_tx = now;
+
+               /* Drop any failed outgoing packet from previous connection;
+                * we need to reconfigure before we can send data packets. */
+               free(vpninfo->current_ssl_pkt);
+               vpninfo->current_ssl_pkt = NULL;
                ppp->ppp_state = PPPS_ESTABLISH;
                /* fall through */
 
@@ -851,8 +861,7 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
        if (vpninfo->ssl_fd == -1)
                goto do_reconnect;
 
-       if ((ret = handle_state_transition(vpninfo, timeout) < 0))
-           return ret;
+       handle_state_transition(vpninfo, timeout);
 
        /* FIXME: The poll() handling here is fairly simplistic. Actually,
           if the SSL connection stalls it could return a WANT_WRITE error
@@ -1128,6 +1137,7 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
        if ((this = vpninfo->current_ssl_pkt = dequeue_packet(&vpninfo->tcp_control_queue))) {
                /* XX: We pre-stash the PPP protocol field in the header for control packets */
                proto = this->ppp.proto;
+               handle_state_transition(vpninfo, timeout);
        } else if (vpninfo->dtls_state != DTLS_CONNECTED &&
                   ppp->ppp_state == PPPS_NETWORK &&
                   (this = vpninfo->current_ssl_pkt = dequeue_packet(&vpninfo->outgoing_queue))) {