From 69226f400666677e751c65a8c27a9e5b65ee3cd2 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 27 Feb 2018 10:27:31 +0100 Subject: [PATCH] Move Juniper ESP probe handling to oncp.c Let's not pollute the generic esp.c with this, given that GlobalProtect is going to want to do it differently. Signed-off-by: David Woodhouse --- esp.c | 46 ---------------------------------------- library.c | 4 ++-- oncp.c | 48 ++++++++++++++++++++++++++++++++++++++++++ openconnect-internal.h | 4 ++-- 4 files changed, 52 insertions(+), 50 deletions(-) diff --git a/esp.c b/esp.c index f487580e..5cea3fbd 100644 --- a/esp.c +++ b/esp.c @@ -71,52 +71,6 @@ int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct es return 0; } -int esp_send_probes(struct openconnect_info *vpninfo) -{ - struct pkt *pkt; - int pktlen; - - if (vpninfo->dtls_fd == -1) { - int fd = udp_connect(vpninfo); - if (fd < 0) - return fd; - - /* We are not connected until we get an ESP packet back */ - vpninfo->dtls_state = DTLS_SLEEPING; - vpninfo->dtls_fd = fd; - monitor_fd_new(vpninfo, dtls); - monitor_read_fd(vpninfo, dtls); - monitor_except_fd(vpninfo, dtls); - } - - pkt = malloc(sizeof(*pkt) + 1 + vpninfo->pkt_trailer); - if (!pkt) - return -ENOMEM; - - pkt->len = 1; - pkt->data[0] = 0; - pktlen = encrypt_esp_packet(vpninfo, pkt); - if (pktlen >= 0) - send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0); - - pkt->len = 1; - pkt->data[0] = 0; - pktlen = encrypt_esp_packet(vpninfo, pkt); - if (pktlen >= 0) - send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0); - - free(pkt); - - vpninfo->dtls_times.last_tx = time(&vpninfo->new_dtls_started); - - return 0; -}; - -int esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt) -{ - return (pkt->len == 1 && pkt->data[0] == 0); -} - int esp_setup(struct openconnect_info *vpninfo, int dtls_attempt_period) { if (vpninfo->dtls_state == DTLS_DISABLED || diff --git a/library.c b/library.c index daa1f01d..b0d635b3 100644 --- a/library.c +++ b/library.c @@ -138,8 +138,8 @@ const struct vpn_proto openconnect_protos[] = { .udp_mainloop = esp_mainloop, .udp_close = esp_close, .udp_shutdown = esp_shutdown, - .udp_send_probes = esp_send_probes, - .udp_catch_probe = esp_catch_probe, + .udp_send_probes = oncp_esp_send_probes, + .udp_catch_probe = oncp_esp_catch_probe, #endif }, { /* NULL */ } diff --git a/oncp.c b/oncp.c index 17853af9..bc01a3f8 100644 --- a/oncp.c +++ b/oncp.c @@ -1301,3 +1301,51 @@ int oncp_bye(struct openconnect_info *vpninfo, const char *reason) free(res_buf); return ret; } + +#ifdef HAVE_ESP +int oncp_esp_send_probes(struct openconnect_info *vpninfo) +{ + struct pkt *pkt; + int pktlen; + + if (vpninfo->dtls_fd == -1) { + int fd = udp_connect(vpninfo); + if (fd < 0) + return fd; + + /* We are not connected until we get an ESP packet back */ + vpninfo->dtls_state = DTLS_SLEEPING; + vpninfo->dtls_fd = fd; + monitor_fd_new(vpninfo, dtls); + monitor_read_fd(vpninfo, dtls); + monitor_except_fd(vpninfo, dtls); + } + + pkt = malloc(sizeof(*pkt) + 1 + vpninfo->pkt_trailer); + if (!pkt) + return -ENOMEM; + + pkt->len = 1; + pkt->data[0] = 0; + pktlen = encrypt_esp_packet(vpninfo, pkt); + if (pktlen >= 0) + send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0); + + pkt->len = 1; + pkt->data[0] = 0; + pktlen = encrypt_esp_packet(vpninfo, pkt); + if (pktlen >= 0) + send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0); + + free(pkt); + + vpninfo->dtls_times.last_tx = time(&vpninfo->new_dtls_started); + + return 0; +}; + +int oncp_esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt) +{ + return (pkt->len == 1 && pkt->data[0] == 0); +} +#endif /* HAVE_ESP */ diff --git a/openconnect-internal.h b/openconnect-internal.h index 5b9a8d6c..e96610b8 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -857,6 +857,8 @@ int queue_esp_control(struct openconnect_info *vpninfo, int enable); int oncp_connect(struct openconnect_info *vpninfo); int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout); int oncp_bye(struct openconnect_info *vpninfo, const char *reason); +int oncp_esp_send_probes(struct openconnect_info *vpninfo); +int oncp_esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt); /* lzs.c */ int lzs_decompress(unsigned char *dst, int dstlen, const unsigned char *src, int srclen); @@ -904,8 +906,6 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout); void esp_close(struct openconnect_info *vpninfo); void esp_shutdown(struct openconnect_info *vpninfo); int print_esp_keys(struct openconnect_info *vpninfo, const char *name, struct esp *esp); -int esp_send_probes(struct openconnect_info *vpninfo); -int esp_catch_probe(struct openconnect_info *vpninfo, struct pkt *pkt); /* {gnutls,openssl}-esp.c */ int setup_esp_keys(struct openconnect_info *vpninfo, int new_keys); -- 2.49.0