From 7c47b98f9ff0b40c75cf369105d4468d30fb3e85 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 13 Apr 2021 09:49:44 -0700
Subject: [PATCH] Don't call connection script in ssl_reconnect if tunnel is
 not up

This refines the DTLS-to-TLS fallback in ppp_tcp_mainloop.

Calling the connection script (with the attempt-reconnect and reconnect
reasons) is confusing if this is actually the *initial* connection, and
the tunnel isn't up yet.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 ssl.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ssl.c b/ssl.c
index dc81887f..97f20630 100644
--- a/ssl.c
+++ b/ssl.c
@@ -1110,6 +1110,7 @@ int ssl_reconnect(struct openconnect_info *vpninfo)
 	int ret;
 	int timeout;
 	int interval;
+	int tun_up = tun_is_up(vpninfo);
 
 	openconnect_close_https(vpninfo, 0);
 
@@ -1123,7 +1124,8 @@ int ssl_reconnect(struct openconnect_info *vpninfo)
 	vpninfo->tun_pkt = NULL;
 
 	while (1) {
-		script_config_tun(vpninfo, "attempt-reconnect");
+		if (tun_up)
+			script_config_tun(vpninfo, "attempt-reconnect");
 		ret = vpninfo->proto->tcp_connect(vpninfo);
 		if (!ret)
 			break;
@@ -1149,9 +1151,11 @@ int ssl_reconnect(struct openconnect_info *vpninfo)
 			interval = RECONNECT_INTERVAL_MAX;
 	}
 
-	script_config_tun(vpninfo, "reconnect");
-	if (vpninfo->reconnected)
-		vpninfo->reconnected(vpninfo->cbdata);
+	if (tun_up) {
+		script_config_tun(vpninfo, "reconnect");
+		if (vpninfo->reconnected)
+			vpninfo->reconnected(vpninfo->cbdata);
+	}
 
 	return 0;
 }
-- 
2.50.1