NC/Pulse idle timeout

Per #234, it appears that:

- oNCP server termination reason 8 indicates idle timeout
- Pulse AVP 0x583/0xd75 indicates the idle timeout in seconds
- No sign of an idle timeout TLV for oNCP

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/oncp.c b/oncp.c
index 32798fa5aa5b4216459e3d58b370bdedf5e3e01f..4b3b7c09bf3afec373d67030910aeb393b0af5ed 100644 (file)
--- a/oncp.c
+++ b/oncp.c
@@ -820,18 +820,23 @@ static int oncp_record_read(struct openconnect_info *vpninfo, void *buf, int len
                                        vpn_progress(vpninfo, PRG_ERR,
                                                     _("Server terminated connection (session expired)\n"));
                                        vpninfo->quit_reason = "VPN session expired";
+                               } else if (lenbuf[0] == 8) {
+                                       vpn_progress(vpninfo, PRG_ERR,
+                                                    _("Server terminated connection (idle timeout)\n"));
+                                       vpninfo->quit_reason = "Idle timeout";
                                } else {
                                        vpn_progress(vpninfo, PRG_ERR,
                                                     _("Server terminated connection (reason: %d)\n"),
                                                     lenbuf[0]);
                                        vpninfo->quit_reason = "Server terminated connection";
                                }
+                               return -EPIPE;
                        } else {
                                vpn_progress(vpninfo, PRG_ERR,
                                             _("Server sent zero-length oNCP record\n"));
                                vpninfo->quit_reason = "Zero-length oNCP record";
+                               return -EIO;
                        }
-                       return -EIO;
                }
        }
        if (len > vpninfo->oncp_rec_size)

diff --git a/pulse.c b/pulse.c
index c07b21b5e7962fca6690e5e3a5fef16b598012a9..553f0c1c8e8a72b28aef506e4841345999db3155 100644 (file)
--- a/pulse.c
+++ b/pulse.c
@@ -1747,14 +1747,19 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
                } else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd4f) {
                        realm_entry++;
                } else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd5c) {
-                       uint32_t val;
-
                        if (avp_len != 4)
                                goto auth_unknown;
-                       val = load_be32(avp_p);
+                       uint32_t val = load_be32(avp_p);
 
                        if (val)
                                vpninfo->auth_expiration = time(NULL) + val;
+               } else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd75) {
+                       if (avp_len != 4)
+                               goto auth_unknown;
+                       uint32_t val = load_be32(avp_p);
+
+                       if (val)
+                               vpninfo->idle_timeout = val;
                } else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd53) {
                        free(vpninfo->cookie);
                        vpninfo->cookie = strndup(avp_p, avp_len);