library: Add openconnect_set_dpd()

Some users on unstable connections have requested the ability to lower the local DPD timeout, so the VPN reconnects more quickly if the connection hangs. The new library call also implements sanity checks to prevent openconnect from going bananas when somebody passes in "--force-dpd 1" or "--force-dpd -1". Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
sailfishos-mirror · Jun 10, 2014 · 3e373ae · 3e373ae
1 parent 0236adc
commit 3e373ae
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 2 deletions.
diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -111,6 +111,7 @@ public boolean isCanceled() {
 
 	public synchronized native int passphraseFromFSID();
 	public synchronized native void setCertExpiryWarning(int seconds);
+	public synchronized native void setDPD(int minSeconds);
 	public synchronized native int setHTTPProxy(String proxy);
 	public synchronized native void setXMLSHA1(String hash);
 	public synchronized native void setHostname(String hostname);

diff --git a/jni.c b/jni.c
@@ -887,6 +887,16 @@ JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setReqMT
 	openconnect_set_reqmtu(ctx->vpninfo, arg);
 }
 
+JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setDPD(
+	JNIEnv *jenv, jobject jobj, jint arg)
+{
+	struct libctx *ctx = getctx(jenv, jobj);
+
+	if (!ctx)
+		return;
+	openconnect_set_dpd(ctx->vpninfo, arg);
+}
+
 JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setPFS(
 	JNIEnv *jenv, jobject jobj, jboolean arg)
 {

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
@@ -57,6 +57,7 @@ OPENCONNECT_3.1 {
 OPENCONNECT_3.3 {
  global:
 	openconnect_set_pfs;
+	openconnect_set_dpd;
 } OPENCONNECT_3.1;
 
 OPENCONNECT_PRIVATE {

diff --git a/library.c b/library.c
@@ -273,6 +273,15 @@ void openconnect_set_reqmtu(struct openconnect_info *vpninfo, int reqmtu)
 	vpninfo->reqmtu = reqmtu;
 }
 
+void openconnect_set_dpd(struct openconnect_info *vpninfo, int min_seconds)
+{
+	/* Make sure (ka->dpd / 2), our computed midway point, isn't 0 */
+	if (!min_seconds || min_seconds >= 2)
+		vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = min_seconds;
+	else if (min_seconds == 1)
+		vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = 2;
+}
+
 int openconnect_get_ip_info(struct openconnect_info *vpninfo,
 			    const struct oc_ip_info **info,
 			    const struct oc_vpn_option **cstp_options,

diff --git a/main.c b/main.c
@@ -876,7 +876,7 @@ int main(int argc, char **argv)
 			vpninfo->useragent = strdup(config_arg);
 			break;
 		case OPT_FORCE_DPD:
-			vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = atoi(config_arg);
+			openconnect_set_dpd(vpninfo, atoi(config_arg));
 			break;
 		case OPT_DTLS_LOCAL_PORT:
 			vpninfo->dtls_local_port = atoi(config_arg);

diff --git a/openconnect.h b/openconnect.h
@@ -33,7 +33,7 @@
 
 /*
  * API version 3.3:
- *  - Add openconnect_set_pfs()
+ *  - Add openconnect_set_pfs(), openconnect_set_dpd()
  *
  * API version 3.2:
  *  - Add OC_TOKEN_MODE_HOTP and allow openconnect_has_oath_support() to
@@ -299,6 +299,7 @@ void openconnect_set_client_cert(struct openconnect_info *, char *cert, char *ss
 void openconnect_set_server_cert_sha1(struct openconnect_info *, char *);
 const char *openconnect_get_ifname(struct openconnect_info *);
 void openconnect_set_reqmtu(struct openconnect_info *, int reqmtu);
+void openconnect_set_dpd(struct openconnect_info *, int min_seconds);
 
 /* The returned structures are owned by the library and may be freed/replaced
    due to rekey or reconnect. Assume that once the mainloop starts, the