Add --force-dpd option

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

cstp.c

@@ -207,7 +207,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 		if (!strcmp(buf + 7, "Keepalive")) {
 			vpninfo->ssl_times.keepalive = atol(colon);
 		} else if (!strcmp(buf + 7, "DPD")) {
-			vpninfo->ssl_times.dpd = atol(colon);
+			int j = atol(colon);
+			if (j && (!vpninfo->ssl_times.dpd || j < vpninfo->ssl_times.dpd))
+				vpninfo->ssl_times.dpd = j;
 		} else if (!strcmp(buf + 7, "Content-Encoding")) {
 			if (!strcmp(colon, "deflate"))
 				vpninfo->deflate = 1;

dtls.c

@@ -353,7 +353,9 @@ int setup_dtls(struct openconnect_info *vpninfo)
 		} else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
 			vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
 		} else if (!strcmp(dtls_opt->option + 7, "DPD")) {
-			vpninfo->dtls_times.dpd = atol(dtls_opt->value);
+			int j = atol(dtls_opt->value);
+			if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd))
+				vpninfo->dtls_times.dpd = j;
 		} else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
 			vpninfo->dtls_times.rekey = atol(dtls_opt->value);
 		} else if (!strcmp(dtls_opt->option + 7, "CipherSuite")) {

main.c

@@ -100,6 +100,7 @@ static struct option long_options[] = {
 	{"libproxy", 0, 0, 0x07},
 	{"no-http-keepalive", 0, 0, 0x08},
 	{"no-cert-check", 0, 0, 0x09},
+	{"force-dpd", 1, 0, 0x10},
 	{NULL, 0, 0, 0},
 };
 
@@ -115,6 +116,7 @@ void usage(void)
 	printf("      --cookie-on-stdin           Read cookie from standard input\n");
 	printf("  -d, --deflate                   Enable compression (default)\n");
 	printf("  -D, --no-deflate                Disable compression\n");
+	printf("      --force-dpd=INTERVAL        Set minimum Dead Peer Detection interval\n");
 	printf("  -g, --usergroup=GROUP           Set login usergroup\n");
 	printf("  -h, --help                      Display help text\n");
 	printf("  -i, --interface=IFNAME          Use IFNAME for tunnel interface\n");
@@ -411,6 +413,9 @@ int main(int argc, char **argv)
 			free(vpninfo->useragent);
 			vpninfo->useragent = optarg;
 			break;
+		case 0x10:
+			vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = atoi(optarg);
+			break;
 		default:
 			usage();
 		}

openconnect.8

@@ -32,6 +32,10 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .B -D,--no-deflate
 ]
 [
+.B --force-dpd
+.I INTERVAL
+]
+[
 .B -g,--usergroup
 .I GROUP
 ]
@@ -205,6 +209,11 @@ Enable compression (default)
 .B -D,--no-deflate
 Disable compression
 .TP
+.B --force-dpd=INTERVAL
+Use
+.I INTERVAL
+as minimum Dead Peer Detection interval for CSTP and DTLS, forcing use of DPD even when the server doesn't request it.
+.TP
 .B -g,--usergroup=GROUP
 Use
 .I GROUP

openconnect.html

@@ -181,6 +181,7 @@ <H2>Release Notes / Changelog</H2>
 <UL>
   <LI><B>OpenConnect HEAD</B><BR>
      <UL>
+       <LI>Add <TT>--force-dpd</TT> option to set minimum DPD interval.</LI>
        <LI>Don't print <TT>webvpn</TT> cookie in debug output.</LI>
      </UL><BR>
   </LI>
@@ -435,6 +436,6 @@ <H3>FreeBSD</H3>
 <hr>
 <address>David Woodhouse &lt;<A HREF="mailto:dwmw2@infradead.org">dwmw2@infradead.org</A>&gt;</address>
 <!-- hhmts start -->
-Last modified: Sat Aug  7 10:19:33 BST 2010
+Last modified: Sat Aug  7 18:50:17 BST 2010
 <!-- hhmts end -->
 </body> </html>