From 131519468de50315ff02c41c02c7dce96e004145 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Tue, 4 Jun 2019 20:30:30 -0700 Subject: [PATCH] add openconnect_disable_dtls() API function This also adds the API function to the Java bindings. The immediate motivation is that there are a lot of Android users with MTU-related issues (https://github.com/cernekee/ics-openconnect), and disabling UDP/DTLS/ESP is a good temporary band-aid. Signed-off-by: Daniel Lenski --- .../org/infradead/libopenconnect/LibOpenConnect.java | 2 ++ jni.c | 10 ++++++++++ libopenconnect.map.in | 1 + library.c | 5 +++++ openconnect.h | 2 ++ 5 files changed, 20 insertions(+) diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java index e9606ba0..bdf3d107 100644 --- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java +++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java @@ -151,6 +151,8 @@ public abstract class LibOpenConnect { public synchronized native int setAllowInsecureCrypto(boolean isEnabled); public synchronized native void setSystemTrust(boolean isEnabled); public synchronized native int setProtocol(String protocol); + public synchronized native void disableDTLS(); + public synchronized native void disableIPv6(); /* connection info */ diff --git a/jni.c b/jni.c index 9ef7959e..6df1b6bb 100644 --- a/jni.c +++ b/jni.c @@ -1011,6 +1011,16 @@ JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_disableI openconnect_disable_ipv6(ctx->vpninfo); } +JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_disableDTLS( + JNIEnv *jenv, jobject jobj) +{ + struct libctx *ctx = getctx(jenv, jobj); + + if (!ctx) + return; + openconnect_disable_dtls(ctx->vpninfo); +} + JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setCertExpiryWarning( JNIEnv *jenv, jobject jobj, jint arg) { diff --git a/libopenconnect.map.in b/libopenconnect.map.in index 9c5171fb..55aec62e 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -113,6 +113,7 @@ OPENCONNECT_5_7 { openconnect_set_cookie; openconnect_set_allow_insecure_crypto; openconnect_get_auth_expiration; + openconnect_disable_dtls; } OPENCONNECT_5_6; OPENCONNECT_PRIVATE { diff --git a/library.c b/library.c index 9ab19817..77dc8deb 100644 --- a/library.c +++ b/library.c @@ -557,6 +557,11 @@ void openconnect_disable_ipv6(struct openconnect_info *vpninfo) vpninfo->disable_ipv6 = 1; } +void openconnect_disable_dtls(struct openconnect_info *vpninfo) +{ + vpninfo->dtls_state = DTLS_DISABLED; +} + int openconnect_set_cafile(struct openconnect_info *vpninfo, const char *cafile) { UTF8CHECK(cafile); diff --git a/openconnect.h b/openconnect.h index 8fba0ddf..6921c39a 100644 --- a/openconnect.h +++ b/openconnect.h @@ -40,6 +40,7 @@ extern "C" { * - Add openconnect_set_cookie() * - Add openconnect_set_allow_insecure_crypto() * - Add openconnect_get_auth_expiration() + * - Add openconnect_disable_dtls() * * API version 5.6 (v8.06; 2020-03-31): * - Add openconnect_set_trojan_interval() @@ -550,6 +551,7 @@ int openconnect_set_cookie(struct openconnect_info *, const char *); void openconnect_clear_cookie(struct openconnect_info *); void openconnect_disable_ipv6(struct openconnect_info *vpninfo); +void openconnect_disable_dtls(struct openconnect_info *vpninfo); void openconnect_reset_ssl(struct openconnect_info *vpninfo); int openconnect_parse_url(struct openconnect_info *vpninfo, const char *url); void openconnect_set_cert_expiry_warning(struct openconnect_info *vpninfo, -- 2.50.1