no need to send multiple probe packets as an ESP keepalive

Both Juniper and GlobalProtect ESP send special probe packets to initiate the ESP connection, and as keepalives.
Multiple packets are sent to initiate the connection, because a lack of response will cause a total fallback to TLS.

However, one probe packet (per keepalive interval) is enough for the keepalive packets. GlobalProtect ESP already
did this, but Juniper did not.

This patch is motivated by me having access to the highest-latency Juniper VPN server in the known universe.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

oncp.c

@@ -1282,7 +1282,7 @@ void oncp_esp_close(struct openconnect_info *vpninfo)
 int oncp_esp_send_probes(struct openconnect_info *vpninfo)
 {
 	struct pkt *pkt;
-	int pktlen;
+	int pktlen, seq;
 
 	if (vpninfo->dtls_fd == -1) {
 		int fd = udp_connect(vpninfo);
@@ -1301,18 +1301,13 @@ int oncp_esp_send_probes(struct openconnect_info *vpninfo)
 	if (!pkt)
 		return -ENOMEM;
 
-	pkt->len = 1;
-	pkt->data[0] = 0;
-	pktlen = encrypt_esp_packet(vpninfo, pkt);
-	if (pktlen >= 0)
-		send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
-
-	pkt->len = 1;
-	pkt->data[0] = 0;
-	pktlen = encrypt_esp_packet(vpninfo, pkt);
-	if (pktlen >= 0)
-		send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
-
+	for (seq=1; seq <= (vpninfo->dtls_state==DTLS_CONNECTED ? 1 : 2); seq++) {
+		pkt->len = 1;
+		pkt->data[0] = 0;
+		pktlen = encrypt_esp_packet(vpninfo, pkt);
+		if (pktlen >= 0)
+			send(vpninfo->dtls_fd, (void *)&pkt->esp, pktlen, 0);
+	}
 	free(pkt);
 
 	vpninfo->dtls_times.last_tx = time(&vpninfo->new_dtls_started);