Skip to content

Commit

Permalink
add openconnect_disable_dtls() API function
Browse files Browse the repository at this point in the history 
This also adds the API function to the Java bindings.

The immediate motivation is that there are a lot of Android users with
MTU-related issues (https://github.com/cernekee/ics-openconnect), and
disabling UDP/DTLS/ESP is a good temporary band-aid.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
@dlenski
dlenski committed Feb 20, 2021
1 parent 4138108 commit 1315194
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 0 deletions.
2 changes: 2 additions & 0 deletions java/src/org/infradead/libopenconnect/LibOpenConnect.java
View file
Expand Up @@ -151,6 +151,8 @@ public synchronized native void setMobileInfo(String mobilePlatformVersion,
public synchronized native int setAllowInsecureCrypto(boolean isEnabled);
public synchronized native void setSystemTrust(boolean isEnabled);
public synchronized native int setProtocol(String protocol);
public synchronized native void disableDTLS();
public synchronized native void disableIPv6();

/* connection info */

Expand Down
10 changes: 10 additions & 0 deletions jni.c
View file
Expand Up @@ -1011,6 +1011,16 @@ JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_disableI
openconnect_disable_ipv6(ctx->vpninfo);
}

JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_disableDTLS(
JNIEnv *jenv, jobject jobj)
{
struct libctx *ctx = getctx(jenv, jobj);

if (!ctx)
return;
openconnect_disable_dtls(ctx->vpninfo);
}

JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setCertExpiryWarning(
JNIEnv *jenv, jobject jobj, jint arg)
{
Expand Down
1 change: 1 addition & 0 deletions libopenconnect.map.in
View file
Expand Up @@ -113,6 +113,7 @@ OPENCONNECT_5_7 {
openconnect_set_cookie;
openconnect_set_allow_insecure_crypto;
openconnect_get_auth_expiration;
openconnect_disable_dtls;
} OPENCONNECT_5_6;

OPENCONNECT_PRIVATE {
Expand Down
5 changes: 5 additions & 0 deletions library.c
View file
Expand Up @@ -557,6 +557,11 @@ void openconnect_disable_ipv6(struct openconnect_info *vpninfo)
vpninfo->disable_ipv6 = 1;
}

void openconnect_disable_dtls(struct openconnect_info *vpninfo)
{
vpninfo->dtls_state = DTLS_DISABLED;
}

int openconnect_set_cafile(struct openconnect_info *vpninfo, const char *cafile)
{
UTF8CHECK(cafile);
Expand Down
2 changes: 2 additions & 0 deletions openconnect.h
View file
Expand Up @@ -40,6 +40,7 @@ extern "C" {
* - Add openconnect_set_cookie()
* - Add openconnect_set_allow_insecure_crypto()
* - Add openconnect_get_auth_expiration()
* - Add openconnect_disable_dtls()
*
* API version 5.6 (v8.06; 2020-03-31):
* - Add openconnect_set_trojan_interval()
Expand Down Expand Up @@ -550,6 +551,7 @@ int openconnect_set_cookie(struct openconnect_info *, const char *);
void openconnect_clear_cookie(struct openconnect_info *);

void openconnect_disable_ipv6(struct openconnect_info *vpninfo);
void openconnect_disable_dtls(struct openconnect_info *vpninfo);
void openconnect_reset_ssl(struct openconnect_info *vpninfo);
int openconnect_parse_url(struct openconnect_info *vpninfo, const char *url);
void openconnect_set_cert_expiry_warning(struct openconnect_info *vpninfo,
Expand Down

0 comments on commit 1315194

Please sign in to comment.