Clarify a few uncommented corners of the ESP support

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/esp.c b/esp.c
index e9760c43e51a488eb319b613611004281a6e4603..dce7f90bc80d2179701f7ea40d2525174a7b9026 100644 (file)
--- a/esp.c
+++ b/esp.c
@@ -146,6 +146,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout)
                             len);
                work_done = 1;
 
+               /* both supported algos (SHA1 and MD5) have 12-byte MAC lengths (RFC2403 and RFC2404) */
                if (len <= sizeof(pkt->esp) + 12)
                        continue;
 
@@ -169,6 +170,11 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout)
                        continue;
                }
 
+               /* Possible values of the Next Header field are:
+                  0x04: IP[v4]-in-IP
+                  0x05: supposed to mean Internet Stream Protocol
+                        (XXX: but used for LZO compressed packets by Juniper)
+                  0x29: IPv6 encapsulation */
                if (pkt->data[len - 1] != 0x04 && pkt->data[len - 1] != 0x29 &&
                    pkt->data[len - 1] != 0x05) {
                        vpn_progress(vpninfo, PRG_ERR,

diff --git a/library.c b/library.c
index e5bbda488c51fffc07393d8d71c6a20e882e5d89..e3d6c15a0494f9d22855214f72dccf0ea54a2bc6 100644 (file)
--- a/library.c
+++ b/library.c
@@ -904,7 +904,8 @@ int openconnect_setup_tun_device(struct openconnect_info *vpninfo,
 static const char *compr_name_map[] = {
        [COMPR_DEFLATE] = "Deflate",
        [COMPR_LZS] = "LZS",
-       [COMPR_LZ4] = "LZ4"
+       [COMPR_LZ4] = "LZ4",
+       [COMPR_LZO] = "LZO",
 };
 
 const char *openconnect_get_cstp_compression(struct openconnect_info * vpninfo)

diff --git a/oncp.c b/oncp.c
index 6fa333323e8dd8d31b49895db05dbedcbf905e21..59d2fd9819bce84b4b1d837f3b4d291f453d7acd 100644 (file)
--- a/oncp.c
+++ b/oncp.c
@@ -323,6 +323,7 @@ static int process_attr(struct openconnect_info *vpninfo, int group, int attr,
                if (attrlen != 1)
                        goto badlen;
                vpninfo->esp_compr = data[0];
+               vpninfo->dtls_compr = data[0] ? COMPR_LZO : 0;
                vpn_progress(vpninfo, PRG_DEBUG, _("ESP compression: %d\n"), data[0]);
                break;
 

diff --git a/openconnect-internal.h b/openconnect-internal.h
index 038cb35d4c22c86f130b274cdeb8c4eaebe51e50..20e950d7cbb6e755224ab938026ef1e411a8875a 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -174,10 +174,11 @@ struct pkt {
 #define COMPR_DEFLATE  (1<<0)
 #define COMPR_LZS      (1<<1)
 #define COMPR_LZ4      (1<<2)
-#define COMPR_MAX      COMPR_LZ4
+#define COMPR_LZO      (1<<3)
+#define COMPR_MAX      COMPR_LZO
 
 #ifdef HAVE_LZ4
-#define COMPR_STATELESS        (COMPR_LZS | COMPR_LZ4)
+#define COMPR_STATELESS        (COMPR_LZS | COMPR_LZ4 | COMPR_LZO)
 #else
 #define COMPR_STATELESS        (COMPR_LZS)
 #endif