]> www.infradead.org Git - users/dwmw2/openconnect.git/commitdiff
Add --dump-http-traffic option
authorDavid Woodhouse <David.Woodhouse@intel.com>
Thu, 30 May 2013 14:31:58 +0000 (15:31 +0100)
committerDavid Woodhouse <David.Woodhouse@intel.com>
Thu, 30 May 2013 14:39:04 +0000 (15:39 +0100)
I'm tired of manually doing this and asking people to apply a patch before
re-testing.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
http.c
main.c
openconnect-internal.h
openconnect.8.in
www/changelog.xml

diff --git a/http.c b/http.c
index 292970ac537a6d3996352f4440e447281ae77445..7921a02721ff38583f9ba38af715bb0946127496 100644 (file)
--- a/http.c
+++ b/http.c
@@ -816,6 +816,32 @@ static int handle_redirect(struct openconnect_info *vpninfo)
        }
 }
 
+static void dump_buf(struct openconnect_info *vpninfo, char prefix, char *buf)
+{
+       while (*buf) {
+               char *eol = buf;
+               char eol_char = 0;
+
+               while (*eol) {
+                       if (*eol == '\r' || *eol == '\n') {
+                               eol_char = *eol;
+                               *eol = 0;
+                               break;
+                       }
+                       eol++;
+               }
+
+               vpn_progress(vpninfo, PRG_TRACE, "%c %s\n", prefix, buf);
+               if (!eol_char)
+                       break;
+
+               *eol = eol_char;
+               buf = eol + 1;
+               if (eol_char == '\r' && *buf == '\n')
+                       buf++;
+       }
+}
+
 /* Inputs:
  *  method:             GET or POST
  *  vpninfo->hostname:  Host DNS name
@@ -895,6 +921,9 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
                }
        }
 
+       if (vpninfo->dump_http_traffic)
+               dump_buf(vpninfo, '>', buf->data);
+
        result = openconnect_SSL_write(vpninfo, buf->data, buf->pos);
        if (rq_retry && result < 0) {
                openconnect_close_https(vpninfo, 0);
@@ -909,6 +938,8 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
                /* We'll already have complained about whatever offended us */
                return buflen;
        }
+       if (vpninfo->dump_http_traffic && *form_buf)
+               dump_buf(vpninfo, '<', *form_buf);
 
        if (result != 200 && vpninfo->redirect_url) {
                result = handle_redirect(vpninfo);
diff --git a/main.c b/main.c
index ef173aaccb9517e61d2d0df93d58bcdf871641e8..73313665e813668bae446bf1ab17bbccd207dfc2 100644 (file)
--- a/main.c
+++ b/main.c
@@ -95,6 +95,7 @@ enum {
        OPT_CSD_WRAPPER,
        OPT_DISABLE_IPV6,
        OPT_DTLS_CIPHERS,
+       OPT_DUMP_HTTP,
        OPT_FORCE_DPD,
        OPT_KEY_PASSWORD_FROM_FSID,
        OPT_LIBPROXY,
@@ -182,6 +183,7 @@ static struct option long_options[] = {
        OPTION("token-secret", 1, OPT_TOKEN_SECRET),
        OPTION("os", 1, OPT_OS),
        OPTION("no-xmlpost", 0, OPT_NO_XMLPOST),
+       OPTION("dump-http-traffic", 0, OPT_DUMP_HTTP),
        OPTION(NULL, 0, 0)
 };
 
@@ -276,6 +278,7 @@ static void usage(void)
        printf("  -u, --user=NAME                 %s\n", _("Set login username"));
        printf("  -V, --version                   %s\n", _("Report version number"));
        printf("  -v, --verbose                   %s\n", _("More output"));
+       printf("      --dump-http-traffic         %s\n", _("Dump HTTP authentication traffic (implies --verbose"));
        printf("  -x, --xmlconfig=CONFIG          %s\n", _("XML config file"));
        printf("      --authgroup=GROUP           %s\n", _("Choose authentication login selection"));
        printf("      --authenticate              %s\n", _("Authenticate only and print login info"));
@@ -704,6 +707,8 @@ int main(int argc, char **argv)
                case 'q':
                        verbose = PRG_ERR;
                        break;
+               case OPT_DUMP_HTTP:
+                       vpninfo->dump_http_traffic = 1;
                case 'v':
                        verbose = PRG_TRACE;
                        break;
index d2c176edad1f16df35500e92b95eb45dfce66d63..138b8caaf8400c95edd1a83381b8e3e5c1354482 100644 (file)
@@ -181,6 +181,7 @@ struct openconnect_info {
        char *csd_wrapper;
        int uid_csd_given;
        int no_http_keepalive;
+       int dump_http_traffic;
 
        int token_mode;
        int token_bypassed;
index 3038c4f00924c8e5d9a781725499d3517c16813e..131b6deb785c4f41b335e712277a153368037ca5 100644 (file)
@@ -43,6 +43,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .OP \-\-disable\-ipv6
 .OP \-\-dtls\-ciphers list
 .OP \-\-dtls\-local\-port port
+.OP \-\-dump\-http\-traffic
 .OP \-\-no\-cert\-check
 .OP \-\-no\-dtls
 .OP \-\-no\-http\-keepalive
@@ -285,6 +286,15 @@ Do not advertise IPv6 capability to server
 .B \-\-dtls\-ciphers=LIST
 Set OpenSSL ciphers to support for DTLS
 .TP
+.B \-\-dtls\-local\-port=PORT
+Use
+.I PORT
+as the local port for DTLS datagrams
+.TP
+.B \-\-dump\-http\-traffic
+Enable verbose output of all HTTP requests and the bodies of all responses
+received from the server.
+.TP
 .B \-\-no\-cert\-check
 Do not require server SSL certificate to be valid. Checks will still happen
 and failures will cause a warning message, but the connection will continue
@@ -375,12 +385,6 @@ as 'User\-Agent:' field value in HTTP header.
 OS type to report to gateway.  Recognized values are: linux, linux-64, mac,
 win.  Reporting a different OS type may affect the security policy applied
 to the VPN session.
-.TP
-.B \-\-dtls\-local\-port=PORT
-Use
-.I PORT
-as the local port for DTLS datagrams
-
 .SH LIMITATIONS
 Note that although IPv6 has been tested on all platforms on which
 .B openconnect
index e4d2e55333612fe29913f25b2a2e0a81879c645b..5e101c68adf80d991e4c8b3d494a6d84eaa5255c 100644 (file)
@@ -17,6 +17,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
+       <li>Add <tt>--dump-http-traffic</tt> option for debugging.</li>
        <li>Be more permissive in parsing XML forms.</li>
        <li>Use original URL when falling back to non-XML POST mode.</li>
        <li>Add <tt>--no-xmlpost</tt> option to revert to older, compatible behaviour.</li>