Skip to content

Commit

Permalink
more info in times struct
Browse files Browse the repository at this point in the history
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Oct 2, 2008
1 parent 6a10862 commit 40ff5db
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 31 deletions.
8 changes: 3 additions & 5 deletions anyconnect.h
View file
Expand Up @@ -39,6 +39,9 @@ struct vpn_option {
};

struct keepalive_info {
int dpd;
int keepalive;
int rekey;
time_t last_rekey;
time_t last_tx;
time_t last_rx;
Expand Down Expand Up @@ -67,8 +70,6 @@ struct anyconnect_info {

SSL_CTX *https_ctx;
SSL *https_ssl;
int ssl_keepalive;
int ssl_dpd;
struct keepalive_info ssl_times;
struct pkt *deflate_pkt;
struct pkt *current_ssl_pkt;
Expand All @@ -81,9 +82,6 @@ struct anyconnect_info {
int trydtls;
SSL_CTX *dtls_ctx;
SSL *dtls_ssl;
int dtls_keepalive;
int dtls_dpd;
int dtls_rekey;
struct keepalive_info dtls_times;
unsigned char dtls_session_id[32];
unsigned char dtls_secret[48];
Expand Down
30 changes: 15 additions & 15 deletions dtls.c
View file
Expand Up @@ -209,11 +209,11 @@ int setup_dtls(struct anyconnect_info *vpninfo)
} else if (!strcmp(dtls_opt->option + 7, "Port")) {
dtls_port = atol(dtls_opt->value);
} else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
vpninfo->dtls_keepalive = atol(dtls_opt->value);
vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
} else if (!strcmp(dtls_opt->option + 7, "DPD")) {
vpninfo->dtls_dpd = atol(dtls_opt->value);
vpninfo->dtls_times.dpd = atol(dtls_opt->value);
} else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
vpninfo->dtls_rekey = atol(dtls_opt->value);
vpninfo->dtls_times.rekey = atol(dtls_opt->value);
}

dtls_opt = dtls_opt->next;
Expand Down Expand Up @@ -243,7 +243,7 @@ int setup_dtls(struct anyconnect_info *vpninfo)

if (verbose)
printf("DTLS connected. DPD %d, Keepalive %d\n",
vpninfo->dtls_dpd, vpninfo->dtls_keepalive);
vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive);

return 0;
}
Expand Down Expand Up @@ -299,18 +299,18 @@ int dtls_mainloop(struct anyconnect_info *vpninfo, int *timeout)
}

/* DPD is bidirectional -- PKT 3 out, PKT 4 back */
if (vpninfo->dtls_dpd) {
if (vpninfo->dtls_times.dpd) {
time_t now = time(NULL);
time_t due = vpninfo->dtls_times.last_rx + vpninfo->dtls_dpd;
time_t overdue = vpninfo->dtls_times.last_rx + (2 * vpninfo->dtls_dpd);
time_t due = vpninfo->dtls_times.last_rx + vpninfo->dtls_times.dpd;
time_t overdue = vpninfo->dtls_times.last_rx + (2 * vpninfo->dtls_times.dpd);

/* If we already have DPD outstanding, don't flood */
if (vpninfo->dtls_times.last_dpd > vpninfo->dtls_times.last_rx) {
if (verbose) {
printf("DTLS DPD outstanding. Will kill in %ld seconds\n",
overdue - now);
}
due = vpninfo->dtls_times.last_dpd + vpninfo->dtls_dpd;
due = vpninfo->dtls_times.last_dpd + vpninfo->dtls_times.dpd;
}
if (now > overdue) {
fprintf(stderr, "DTLS Dead Peer Detection detected dead peer!\n");
Expand All @@ -330,7 +330,7 @@ int dtls_mainloop(struct anyconnect_info *vpninfo, int *timeout)
SSL_write(vpninfo->dtls_ssl, dtls_dpd_pkt, 1);
vpninfo->dtls_times.last_dpd = vpninfo->dtls_times.last_tx = now;

due = now + vpninfo->dtls_dpd;
due = now + vpninfo->dtls_times.dpd;
if (verbose)
printf("Sent DTLS DPD\n");
}
Expand All @@ -342,9 +342,9 @@ int dtls_mainloop(struct anyconnect_info *vpninfo, int *timeout)
}

/* Keepalive is just client -> server */
if (vpninfo->dtls_keepalive) {
if (vpninfo->dtls_times.keepalive) {
time_t now = time(NULL);
time_t due = vpninfo->dtls_times.last_tx + vpninfo->dtls_keepalive;
time_t due = vpninfo->dtls_times.last_tx + vpninfo->dtls_times.keepalive;

if (now >= due) {
static unsigned char dtls_keepalive_pkt[1] = { 7 };
Expand All @@ -354,7 +354,7 @@ int dtls_mainloop(struct anyconnect_info *vpninfo, int *timeout)
SSL_write(vpninfo->dtls_ssl, dtls_keepalive_pkt, 1);
vpninfo->dtls_times.last_tx = now;

due = now + vpninfo->dtls_keepalive;
due = now + vpninfo->dtls_times.keepalive;
if (verbose)
printf("Sent DTLS Keepalive\n");
}
Expand All @@ -365,9 +365,9 @@ int dtls_mainloop(struct anyconnect_info *vpninfo, int *timeout)
*timeout = (due - now) * 1000;
}

if (vpninfo->dtls_rekey) {
if (vpninfo->dtls_times.rekey) {
time_t now = time(NULL);
time_t due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_rekey;
time_t due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_times.rekey;

if (now >= due) {
if (verbose)
Expand All @@ -383,7 +383,7 @@ int dtls_mainloop(struct anyconnect_info *vpninfo, int *timeout)
return 1;
}
vpninfo->dtls_times.last_rekey = time(NULL);
due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_rekey;
due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_times.rekey;
}
if (verbose)
printf("Next DTLS rekey due in %ld seconds\n", (due - now));
Expand Down
22 changes: 11 additions & 11 deletions ssl.c
View file
Expand Up @@ -398,9 +398,9 @@ static int start_ssl_connection(struct anyconnect_info *vpninfo)
printf("DTLS option %s : %s\n", buf, colon);

if (!strcmp(buf + 7, "Keepalive")) {
vpninfo->ssl_keepalive = atol(colon);
vpninfo->ssl_times.keepalive = atol(colon);
} else if (!strcmp(buf + 7, "DPD")) {
vpninfo->ssl_dpd = atol(colon);
vpninfo->ssl_times.dpd = atol(colon);
} else if (!strcmp(buf + 7, "Content-Encoding")) {
if (!strcmp(colon, "deflate"))
vpninfo->deflate = 1;
Expand Down Expand Up @@ -445,7 +445,7 @@ static int start_ssl_connection(struct anyconnect_info *vpninfo)
vpninfo->vpn_netmask = "255.255.255.255";
if (verbose)
printf("SSL connected. DPD %d, Keepalive %d\n",
vpninfo->ssl_dpd, vpninfo->ssl_keepalive);
vpninfo->ssl_times.dpd, vpninfo->ssl_times.keepalive);

BIO_set_nbio(SSL_get_rbio(vpninfo->https_ssl),1);
BIO_set_nbio(SSL_get_wbio(vpninfo->https_ssl),1);
Expand Down Expand Up @@ -689,18 +689,18 @@ int ssl_mainloop(struct anyconnect_info *vpninfo, int *timeout)
}

/* DPD is bidirectional -- PKT 3 out, PKT 4 back */
if (vpninfo->ssl_dpd) {
if (vpninfo->ssl_times.dpd) {
time_t now = time(NULL);
time_t due = vpninfo->ssl_times.last_rx + vpninfo->ssl_dpd;
time_t overdue = vpninfo->ssl_times.last_rx + (2 * vpninfo->ssl_dpd);
time_t due = vpninfo->ssl_times.last_rx + vpninfo->ssl_times.dpd;
time_t overdue = vpninfo->ssl_times.last_rx + (2 * vpninfo->ssl_times.dpd);

/* If we already have DPD outstanding, don't flood */
if (vpninfo->ssl_times.last_dpd > vpninfo->ssl_times.last_rx) {
if (verbose) {
printf("DTLS DPD outstanding. Will kill in %ld seconds\n",
overdue - now);
}
due = vpninfo->ssl_times.last_dpd + vpninfo->ssl_dpd;
due = vpninfo->ssl_times.last_dpd + vpninfo->ssl_times.dpd;
}
if (now > overdue) {
fprintf(stderr, "SSL Dead Peer Detection detected dead peer!\n");
Expand All @@ -718,7 +718,7 @@ int ssl_mainloop(struct anyconnect_info *vpninfo, int *timeout)
SSL_write(vpninfo->https_ssl, cstp_dpd, 8);
vpninfo->ssl_times.last_dpd = vpninfo->ssl_times.last_tx = now;

due = now + vpninfo->ssl_dpd;
due = now + vpninfo->ssl_times.dpd;
if (verbose)
printf("Sent SSL DPD\n");
}
Expand All @@ -730,9 +730,9 @@ int ssl_mainloop(struct anyconnect_info *vpninfo, int *timeout)
}

/* Keepalive is just client -> server */
if (vpninfo->ssl_keepalive) {
if (vpninfo->ssl_times.keepalive) {
time_t now = time(NULL);
time_t due = vpninfo->ssl_times.last_tx + vpninfo->ssl_keepalive;
time_t due = vpninfo->ssl_times.last_tx + vpninfo->ssl_times.keepalive;

if (now >= due) {
static unsigned char cstp_keepalive[8] =
Expand All @@ -743,7 +743,7 @@ int ssl_mainloop(struct anyconnect_info *vpninfo, int *timeout)
SSL_write(vpninfo->https_ssl, cstp_keepalive, 8);
vpninfo->ssl_times.last_tx = now;

due = now + vpninfo->ssl_keepalive;
due = now + vpninfo->ssl_times.keepalive;
if (verbose)
printf("Sent SSL Keepalive\n");
}
Expand Down

0 comments on commit 40ff5db

Please sign in to comment.