From: Daniel Lenski Date: Sun, 17 May 2020 19:46:43 +0000 (-0700) Subject: make delay_tunnel consistent with delay_close X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=6dc6c55b639d019ea1478f7563193a1861bdbbe5;p=users%2Fdwmw2%2Fopenconnect.git make delay_tunnel consistent with delay_close 1. Decrement counter on each mainloop iteration. Protocol needs to keep setting it to get more mainloop iterations before tunnel setup / close. 2. Value ≥2 causes us to set did_work=1, resulting in no delay before we call mainloop again. Protocol should only set this if it needs to SEND something in order to move things along. 3. Value =1 causes us to set did_work=0, resulting in a delay before we call mainloop again. Protocol should only set this if it needs to RECEIVE something in order to move things along. Also fix values of NCP_TERM_ACK_{SENT,RECEIVED}. Signed-off-by: Daniel Lenski --- diff --git a/mainloop.c b/mainloop.c index b9c8ce29..13d45925 100644 --- a/mainloop.c +++ b/mainloop.c @@ -207,9 +207,12 @@ int openconnect_mainloop(struct openconnect_info *vpninfo, timeout = 1000; if (!tun_is_up(vpninfo)) { - if (vpninfo->delay_tunnel) + if (vpninfo->delay_tunnel > 0) { vpn_progress(vpninfo, PRG_DEBUG, _("Delaying tunnel by protocol request.\n")); - else if (vpninfo->dtls_state == DTLS_CONNECTING) { + /* XX: don't let this spin forever */ + if (--vpninfo->delay_tunnel > 0) + did_work++; + } else if (vpninfo->dtls_state == DTLS_CONNECTING) { /* Postpone tun device creation after DTLS is connected so * we have a better knowledge of the link MTU. We also * force the creation if DTLS enters sleeping mode - i.e., diff --git a/openconnect-internal.h b/openconnect-internal.h index f36bd61f..055ff6f1 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -649,8 +649,8 @@ struct openconnect_info { #endif int ssl_fd; int dtls_fd; - int delay_tunnel; /* Delay tunnel setup */ - int delay_close; /* Delay close of mainloop */ + int delay_tunnel; /* Delay tunnel setup (2 for immediate callback, 1 for wait) */ + int delay_close; /* Delay close of mainloop (2 for immediate callback, 1 for wait) */ int dtls_tos_current; int dtls_pass_tos; diff --git a/ppp.c b/ppp.c index 78de5890..5186b1c1 100644 --- a/ppp.c +++ b/ppp.c @@ -780,9 +780,6 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou switch (ppp->ppp_state) { case PPPS_DEAD: - /* Delay tunnel setup until after PPP negotiation */ - vpninfo->delay_tunnel = 1; - /* Prevent race conditions after recovering dead peer connection */ vpninfo->ssl_times.last_rx = vpninfo->ssl_times.last_tx = now; @@ -831,8 +828,7 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou break; ppp->ppp_state = PPPS_NETWORK; - vpninfo->delay_tunnel = 0; /* tunnel can start now */ - vpninfo->delay_close = 2; /* need two mainloop iterations on close (send TERMREQ; receive TERMACK) */ + vpninfo->delay_close = 2; /* we will need immediate callback (to send TERMREQ) when local side wants to close */ /* fall through */ case PPPS_NETWORK: @@ -854,9 +850,10 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou ppp->lcp.state |= NCP_TERM_REQ_SENT; ppp->lcp.last_req = now; (void) queue_config_packet(vpninfo, PPP_LCP, ++ppp->lcp.id, TERMREQ, 0, NULL); + vpninfo->delay_close = 1; /* need to wait until we receive TERMACK */ } if (!ka_check_deadline(timeout, now, ppp->lcp.last_req + 3)) - vpninfo->delay_close = 1; + vpninfo->delay_close = 1; /* still waiting to receive TERMACK */ else (void) queue_config_packet(vpninfo, PPP_LCP, ++ppp->lcp.id, TERMREQ, 0, NULL); } @@ -867,6 +864,9 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int *timeou return -EINVAL; } + /* Delay tunnel setup until after PPP negotiation */ + vpninfo->delay_tunnel = (ppp->ppp_state == PPPS_NETWORK ? 0 : 1); + if (last_state != ppp->ppp_state) { vpn_progress(vpninfo, PRG_DEBUG, _("PPP state transition from %s to %s\n"), diff --git a/ppp.h b/ppp.h index 07f2a8f5..2f3ac6f7 100644 --- a/ppp.h +++ b/ppp.h @@ -58,8 +58,8 @@ #define NCP_CONF_ACK_SENT 8 #define NCP_TERM_REQ_SENT 16 #define NCP_TERM_REQ_RECEIVED 32 -#define NCP_TERM_ACK_SENT 16 -#define NCP_TERM_ACK_RECEIVED 32 +#define NCP_TERM_ACK_SENT 64 +#define NCP_TERM_ACK_RECEIVED 128 /* RFC1661 (or RFC1662 for ASYNCMAP) */ #define LCP_MRU 1