From: David Woodhouse Date: Mon, 12 Apr 2021 09:57:23 +0000 (+0100) Subject: Remove Cisco-specific option handling from dtls_setup() X-Git-Tag: v8.20~287 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=429827f3c3c60e3d7b6be23a7078df0437c4306f;p=users%2Fdwmw2%2Fopenconnect.git Remove Cisco-specific option handling from dtls_setup() As we start to use DTLS for protocols other than Cisco AnyConnect, we need to start disentangling the underlying DTLS support from the Cisco protocol. Start by moving the X-DTLS-Foo: header processing into cstp.c where half of it was anyway. Signed-off-by: David Woodhouse --- diff --git a/cstp.c b/cstp.c index c2c6c83b..59841be6 100644 --- a/cstp.c +++ b/cstp.c @@ -519,7 +519,27 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) /* Remember if it came from a 'X-DTLS12-CipherSuite:' header */ vpninfo->cisco_dtls12 = (i == 9); vpninfo->dtls_cipher = strdup(colon); + } else if (!strcmp(buf + i, "Port")) { + int dtls_port = atol(colon); + if (dtls_port) + udp_sockaddr(vpninfo, dtls_port); + } else if (!strcmp(buf + i, "Keepalive")) { + vpninfo->dtls_times.keepalive = atol(colon); + } else if (!strcmp(buf + i, "DPD")) { + int j = atol(colon); + if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd)) + vpninfo->dtls_times.dpd = j; + } else if (!strcmp(buf + i, "Rekey-Method")) { + if (!strcmp(colon, "new-tunnel")) + vpninfo->dtls_times.rekey_method = REKEY_TUNNEL; + else if (!strcmp(colon, "ssl")) + vpninfo->dtls_times.rekey_method = REKEY_SSL; + else + vpninfo->dtls_times.rekey_method = REKEY_NONE; + } else if (!strcmp(buf + i, "Rekey-Time")) { + vpninfo->dtls_times.rekey = atol(colon); } + continue; } /* CSTP options... */ diff --git a/dtls.c b/dtls.c index 3381de54..670e558b 100644 --- a/dtls.c +++ b/dtls.c @@ -185,52 +185,19 @@ static int dtls_reconnect(struct openconnect_info *vpninfo) int dtls_setup(struct openconnect_info *vpninfo) { - struct oc_vpn_option *dtls_opt = vpninfo->dtls_options; - int dtls_port = 0; - if (vpninfo->dtls_state == DTLS_DISABLED) return -EINVAL; if (!vpninfo->dtls_attempt_period) return 0; - while (dtls_opt) { - vpn_progress(vpninfo, PRG_DEBUG, - _("DTLS option %s : %s\n"), - dtls_opt->option, dtls_opt->value); - - if (!strcmp(dtls_opt->option, "X-DTLS-Port")) { - dtls_port = atol(dtls_opt->value); - } else if (!strcmp(dtls_opt->option, "X-DTLS-Keepalive")) { - vpninfo->dtls_times.keepalive = atol(dtls_opt->value); - } else if (!strcmp(dtls_opt->option, "X-DTLS-DPD")) { - int j = atol(dtls_opt->value); - if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd)) - vpninfo->dtls_times.dpd = j; - } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Method")) { - if (!strcmp(dtls_opt->value, "new-tunnel")) - vpninfo->dtls_times.rekey_method = REKEY_TUNNEL; - else if (!strcmp(dtls_opt->value, "ssl")) - vpninfo->dtls_times.rekey_method = REKEY_SSL; - else - vpninfo->dtls_times.rekey_method = REKEY_NONE; - } else if (!strcmp(dtls_opt->option, "X-DTLS-Rekey-Time")) { - vpninfo->dtls_times.rekey = atol(dtls_opt->value); - } - - dtls_opt = dtls_opt->next; - } - if (!dtls_port) { + if (!vpninfo->dtls_addr) { vpninfo->dtls_attempt_period = 0; return -EINVAL; } if (vpninfo->dtls_times.rekey <= 0) vpninfo->dtls_times.rekey_method = REKEY_NONE; - if (udp_sockaddr(vpninfo, dtls_port)) { - vpninfo->dtls_attempt_period = 0; - return -EINVAL; - } if (connect_dtls_socket(vpninfo)) return -EINVAL;