Enable IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Nov 2, 2009 · 153c0b4 · 153c0b4
1 parent 1eb9308
commit 153c0b4
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 8 deletions.
diff --git a/cstp.c b/cstp.c
@@ -109,9 +109,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 	if (vpninfo->deflate)
 		openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
 	openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
-	/* To enable IPv6, send 'IPv6,IPv4'.
-	   We don't know how most of that works yet though. */
-	openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: IPv4\r\n");
+	openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: %s\r\n",
+			       vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
 	openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
 	for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
 		openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);

diff --git a/main.c b/main.c
@@ -87,6 +87,7 @@ static struct option long_options[] = {
 	{"key-password-from-fsid", 0, 0, 0x02},
 	{"useragent", 1, 0, 0x03},
 	{"setuid-csd", 1, 0, 0x04},
+	{"disable-ipv6", 0, 0, 0x05},
 	{NULL, 0, 0, 0},
 };
 
@@ -123,6 +124,7 @@ void usage(void)
 	printf("      --cookieonly                Fetch webvpn cookie only; don't connect\n");
 	printf("      --printcookie               Print webvpn cookie before connecting\n");
 	printf("      --cafile=FILE               Cert file for server verification\n");
+	printf("      --disable-ipv6              Do not ask for IPv6 connectivity\n");
 	printf("      --dtls-ciphers=LIST         OpenSSL ciphers to support for DTLS\n");
 	printf("      --no-dtls                   Disable DTLS\n");
 	printf("      --no-passwd                 Disable password/SecurID authentication\n");
@@ -333,6 +335,9 @@ int main(int argc, char **argv)
 			vpninfo->uid_csd_given = 1;
 			break;
 		}
+		case 0x05:
+			vpninfo->disable_ipv6 = 1;
+			break;
 		case 'Q':
 			vpninfo->max_qlen = atol(optarg);
 			if (!vpninfo->max_qlen) {

diff --git a/openconnect.8 b/openconnect.8
@@ -114,6 +114,9 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .I FILE
 ]
 [
+.B --disable-ipv6
+]
+[
 .B --dtls-ciphers
 .I LIST
 ]
@@ -267,6 +270,9 @@ Print webvpn cookie before connecting
 .B --cafile=FILE
 Cert file for server verification
 .TP
+.B --disable-ipv6
+Do not advertise IPv6 capability to server
+.TP
 .B --dtls-ciphers=LIST
 Set OpenSSL ciphers to support for DTLS
 .TP
@@ -294,11 +300,9 @@ Use STRING as 'User-Agent:' field value in HTTP header.
 .SH LIMITATIONS
 The
 .B openconnect
-client does not yet support IPv6 connectivity, although it is known
-that Cisco's servers do. We have not yet found a suitably configured
-server against which we can test IPv6 functionality. Please contact
-the author if you are able to configure such a server so that we can
-test IPv6 support against it.
+client is not thoroughly tested with IPv6 connectivity. Please contact
+the author if you are able to access a server with IPv6 enabled, so
+that we can test IPv6 support against it.
 
 .SH AUTHORS
 David Woodhouse <dwmw2@infradead.org>
diff --git a/openconnect.h b/openconnect.h
@@ -180,6 +180,7 @@ struct openconnect_info {
 	z_stream deflate_strm;
 	uint32_t deflate_adler32;
 
+	int disable_ipv6;
 	int reconnect_timeout;
 	int reconnect_interval;
 	int dtls_attempt_period;