Clarify protocol description in connection message

- Include both the TCP- and UDP-based protocols' compression details
- The UDP-based protocol really can't be connected by the time this
  prints, since the mainloop hasn't had enough time to receive the
  connection confirmation packets; show it as "in progress"

Before (with default verbosity):

    Connected as 10.0.0.3 + dead::be:ef, using SSL + deflate
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).

After:

    Connected as 10.0.0.3 + dead::be:ef, using SSL + Deflate, with DTLS + LZS in progress
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/gpst.c b/gpst.c
index 97207f9f6c20ccbad13f3ae8829f314a9c70a818..bccfc6d9f0b5419486ad6379fce7576bfef1c92e 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -630,7 +630,7 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
                vpninfo->ip_info.mtu = calculate_mtu(vpninfo, !no_esp_reason);
                vpn_progress(vpninfo, PRG_ERR,
                             _("No MTU received. Calculated %d for %s%s\n"), vpninfo->ip_info.mtu,
-                            no_esp_reason ? "TLS tunnel. " : "ESP tunnel", no_esp_reason ? : "");
+                            no_esp_reason ? "SSL tunnel. " : "ESP tunnel", no_esp_reason ? : "");
                /* return -EINVAL; */
        }
        if (!vpninfo->ip_info.addr) {

diff --git a/library.c b/library.c
index e3d6c15a0494f9d22855214f72dccf0ea54a2bc6..b8c316ab554cd6b280f887dcbb4b69179389c6a0 100644 (file)
--- a/library.c
+++ b/library.c
@@ -117,6 +117,7 @@ const struct vpn_proto openconnect_protos[] = {
                .tcp_mainloop = cstp_mainloop,
                .add_http_headers = cstp_common_headers,
                .obtain_cookie = cstp_obtain_cookie,
+               .udp_protocol = "DTLS",
 #ifdef HAVE_DTLS
                .udp_setup = dtls_setup,
                .udp_mainloop = dtls_mainloop,
@@ -133,6 +134,7 @@ const struct vpn_proto openconnect_protos[] = {
                .tcp_mainloop = oncp_mainloop,
                .add_http_headers = oncp_common_headers,
                .obtain_cookie = oncp_obtain_cookie,
+               .udp_protocol = "ESP",
 #ifdef HAVE_ESP
                .udp_setup = esp_setup,
                .udp_mainloop = esp_mainloop,
@@ -151,6 +153,7 @@ const struct vpn_proto openconnect_protos[] = {
                .tcp_mainloop = gpst_mainloop,
                .add_http_headers = gpst_common_headers,
                .obtain_cookie = gpst_obtain_cookie,
+               .udp_protocol = "ESP",
 #ifdef HAVE_ESP
                .udp_setup = esp_setup,
                .udp_mainloop = esp_mainloop,

diff --git a/main.c b/main.c
index 283db780209bf51c4fe363340c5452b597aed7b9..1ef5481335c9cee18750862a36f678fc3983d469 100644 (file)
--- a/main.c
+++ b/main.c
@@ -1083,7 +1083,7 @@ int main(int argc, char **argv)
        char *urlpath = NULL;
        struct oc_vpn_option *gai;
        char *ip;
-       const char *compr = "";
+       const char *ssl_compr, *udp_compr;
        char *proxy = getenv("https_proxy");
        char *vpnc_script = NULL;
        const struct oc_ip_info *ip_info;
@@ -1596,33 +1596,21 @@ int main(int argc, char **argv)
                 * reconnects end up in infinite loop trying to connect
                 * to non existing DTLS */
                vpninfo->dtls_state = DTLS_DISABLED;
-               fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
+               fprintf(stderr, _("Set up UDP failed; using SSL instead\n"));
        }
 
        openconnect_get_ip_info(vpninfo, &ip_info, NULL, NULL);
 
-       if (vpninfo->dtls_state != DTLS_CONNECTED) {
-               if (vpninfo->cstp_compr == COMPR_DEFLATE)
-                       compr = " + deflate";
-               else if (vpninfo->cstp_compr == COMPR_LZS)
-                       compr = " + lzs";
-               else if (vpninfo->cstp_compr == COMPR_LZ4)
-                       compr = " + lz4";
-       } else {
-               if (vpninfo->dtls_compr == COMPR_DEFLATE)
-                       compr = " + deflate";
-               else if (vpninfo->dtls_compr == COMPR_LZS)
-                       compr = " + lzs";
-               else if (vpninfo->dtls_compr == COMPR_LZ4)
-                       compr = " + lz4";
-       }
+       ssl_compr = openconnect_get_cstp_compression(vpninfo);
+       udp_compr = openconnect_get_dtls_compression(vpninfo);
        vpn_progress(vpninfo, PRG_INFO,
-                    _("Connected as %s%s%s, using %s%s\n"),
+                    _("Connected as %s%s%s, using SSL%s%s, with %s%s%s %s\n"),
                     ip_info->addr?:"",
                     (ip_info->netmask6 && ip_info->addr) ? " + " : "",
                     ip_info->netmask6 ? : "",
-                    (vpninfo->dtls_state != DTLS_CONNECTED) ? "SSL"
-                    : "DTLS", compr);
+                    ssl_compr ? " + " : "", ssl_compr ? : "",
+                    vpninfo->proto->udp_protocol ? : "UDP", udp_compr ? " + " : "", udp_compr ? : "",
+                    (vpninfo->dtls_state == DTLS_DISABLED || vpninfo->dtls_state == DTLS_NOSECRET ? _("disabled") : _("in progress")));
 
        if (!vpninfo->vpnc_script) {
                vpn_progress(vpninfo, PRG_INFO,

diff --git a/openconnect-internal.h b/openconnect-internal.h
index 20e950d7cbb6e755224ab938026ef1e411a8875a..2c35e0985b85d6366ec240613d27c6da3e65fb87 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -264,6 +264,7 @@ struct vpn_proto {
        const char *name;
        const char *pretty_name;
        const char *description;
+       const char *udp_protocol;
        unsigned int flags;
        int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason);