• David Woodhouse's avatar
    Add F5 DTLS support · 0066def4
    David Woodhouse authored
    Add a new f5_udp_mainloop() which handles the DTLS handshakes and then
    sends the GET request to start the tunnel, and handles the HTTP response
    with the IP addresses (using some more crappy HTTP parsing of its own).
    Instead of storing all the parameters required to create that request,
    it's created in advance and stored in a new vpninfo->ppp_tls_connect_req
    field by the f5_configure() function which has been split out from
    f5_connect(). (Originally intended not to be called a second time, but
    actually the server doesn't send packets down a newly-established
    tunnel to us unless we refetch the profile etc.)
    There's also a new vpninfo->ppp_dtls_connect_req field which is unused
    for now but Fortinet will want it since its request format differs for
    TLS vs. DTLS.
    What's left of the f5_connect() function now only actually establishes
    the PPP connection over TLS if DTLS is disabled, as expected by the
    recent changes to ppp_tcp_mainloop().
    NB: If there is packet loss and we drop the *response* to the GET
    request, the server won't resend it; it just goes on to PPP negotiation.
    We might actually be able to cope with that at least for Legacy IP,
    since it'll give us our address that way. Not for IPv6 though, as the LL
    address it gives us in PPP isn't useful.
    Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>