From 24df3311ab42f062dbf1aeb7f3432dd45426e9cf Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Fri, 10 May 2019 12:06:19 +0100
Subject: [PATCH] Return -EPERM when server changes IP address, not -EINVAL

This will be treated as an auth failure, and the ssl_reconnect() function
will give up instead of continuing to retry.

Fixes: #38

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 cstp.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/cstp.c b/cstp.c
index df64ae1a..f59facc6 100644
--- a/cstp.c
+++ b/cstp.c
@@ -604,7 +604,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Reconnect gave different Legacy IP address (%s != %s)\n"),
 				     vpninfo->ip_info.addr, old_addr);
-			return -EINVAL;
+			/* EPERM means that the retry loop will abort and won't keep trying. */
+			return -EPERM;
 		}
 	}
 	if (old_netmask) {
@@ -612,7 +613,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Reconnect gave different Legacy IP netmask (%s != %s)\n"),
 				     vpninfo->ip_info.netmask, old_netmask);
-			return -EINVAL;
+			return -EPERM;
 		}
 	}
 	if (old_addr6) {
@@ -620,7 +621,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Reconnect gave different IPv6 address (%s != %s)\n"),
 				     vpninfo->ip_info.addr6, old_addr6);
-			return -EINVAL;
+			return -EPERM;
 		}
 	}
 	if (old_netmask6) {
@@ -628,7 +629,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Reconnect gave different IPv6 netmask (%s != %s)\n"),
 				     vpninfo->ip_info.netmask6, old_netmask6);
-			return -EINVAL;
+			return -EPERM;
 		}
 	}
 
-- 
2.49.0