Commit 70238e30 authored by David Woodhouse's avatar David Woodhouse

Change vpninfo->deflate to three separate bitmasks for requested/CSTP/DTLS

As we support more compression methods, and also need to separately
keep track of what was negotiated for CSTP and DTLS, this will be needed.

We will also want to look a library API and command-line options for
enabling and disabling specific compression methods.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 503bd8cd
......@@ -188,8 +188,15 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
buf_append(reqbuf, "Cookie: webvpn=%s\r\n", vpninfo->cookie);
buf_append(reqbuf, "X-CSTP-Version: 1\r\n");
buf_append(reqbuf, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
if (vpninfo->deflate && i < sizeof(buf))
buf_append(reqbuf, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
if (vpninfo->req_compr) {
char sep = ' ';
buf_append(reqbuf, "X-CSTP-Accept-Encoding:");
if (vpninfo->req_compr & COMPR_DEFLATE) {
buf_append(reqbuf, "%cdeflate", sep);
sep = ',';
}
buf_append(reqbuf, "\r\n");
}
if (base_mtu)
buf_append(reqbuf, "X-CSTP-Base-MTU: %d\r\n", base_mtu);
buf_append(reqbuf, "X-CSTP-MTU: %d\r\n", mtu);
......@@ -267,7 +274,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_INFO, _("Got CONNECT response: %s\n"), buf);
/* We may have advertised it, but we only do it if the server agrees */
vpninfo->deflate = 0;
vpninfo->cstp_compr = vpninfo->dtls_compr = 0;
mtu = 0;
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
......@@ -367,7 +374,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
vpninfo->ssl_times.rekey_method = REKEY_NONE;
} else if (!strcmp(buf + 7, "Content-Encoding")) {
if (!strcmp(colon, "deflate"))
vpninfo->deflate = 1;
vpninfo->cstp_compr = COMPR_DEFLATE;
else {
vpn_progress(vpninfo, PRG_ERR,
_("Unknown CSTP-Content-Encoding %s\n"),
......@@ -546,7 +553,7 @@ int openconnect_make_cstp_connection(struct openconnect_info *vpninfo)
if (ret)
return ret;
if (vpninfo->deflate) {
if (vpninfo->req_compr & COMPR_DEFLATE) {
vpninfo->deflate_adler32 = 1;
vpninfo->inflate_adler32 = 1;
......@@ -554,7 +561,7 @@ int openconnect_make_cstp_connection(struct openconnect_info *vpninfo)
deflateInit2(&vpninfo->deflate_strm, Z_DEFAULT_COMPRESSION,
Z_DEFLATED, -12, 9, Z_DEFAULT_STRATEGY)) {
vpn_progress(vpninfo, PRG_ERR, _("Compression setup failed\n"));
vpninfo->deflate = 0;
vpninfo->req_compr &= ~COMPR_DEFLATE;
}
if (!vpninfo->deflate_pkt) {
......@@ -564,7 +571,7 @@ int openconnect_make_cstp_connection(struct openconnect_info *vpninfo)
_("Allocation of deflate buffer failed\n"));
inflateEnd(&vpninfo->inflate_strm);
deflateEnd(&vpninfo->deflate_strm);
vpninfo->deflate = 0;
vpninfo->req_compr &= ~COMPR_DEFLATE;
} else {
memset(vpninfo->deflate_pkt, 0, sizeof(struct pkt));
memcpy(vpninfo->deflate_pkt->hdr, data_hdr, 8);
......@@ -587,7 +594,7 @@ static int cstp_reconnect(struct openconnect_info *vpninfo)
openconnect_close_https(vpninfo, 0);
if (vpninfo->deflate) {
if (vpninfo->cstp_compr == COMPR_DEFLATE) {
/* Requeue the original packet that was deflated */
if (vpninfo->current_ssl_pkt == vpninfo->deflate_pkt) {
vpninfo->current_ssl_pkt = NULL;
......@@ -824,7 +831,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
return -EPIPE;
}
case AC_PKT_COMPRESSED:
if (!vpninfo->deflate) {
if (!vpninfo->cstp_compr) {
vpn_progress(vpninfo, PRG_ERR,
_("Compressed packet received in !deflate mode\n"));
goto unknown_pkt;
......@@ -975,7 +982,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
vpninfo->outgoing_queue = this->next;
vpninfo->outgoing_qlen--;
if (vpninfo->deflate) {
if (vpninfo->cstp_compr == COMPR_DEFLATE) {
unsigned char *adler;
int ret;
......
......@@ -72,7 +72,7 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
vpninfo->ssl_fd = vpninfo->dtls_fd = -1;
vpninfo->cmd_fd = vpninfo->cmd_fd_write = -1;
vpninfo->cert_expire_warning = 60 * 86400;
vpninfo->deflate = 1;
vpninfo->req_compr = COMPR_ALL;
vpninfo->max_qlen = 10;
vpninfo->localname = strdup("localhost");
vpninfo->useragent = openconnect_create_useragent(useragent);
......
......@@ -1132,10 +1132,10 @@ int main(int argc, char **argv)
vpninfo->sslkey = dup_config_arg();
break;
case 'd':
vpninfo->deflate = 1;
vpninfo->req_compr = COMPR_ALL;
break;
case 'D':
vpninfo->deflate = 0;
vpninfo->req_compr = 0;
break;
case 'g':
free(urlpath);
......@@ -1429,7 +1429,7 @@ int main(int argc, char **argv)
(ip_info->netmask6 && ip_info->addr) ? " + " : "",
ip_info->netmask6 ? : "",
(vpninfo->dtls_state != DTLS_CONNECTED) ?
(vpninfo->deflate ? "SSL + deflate" : "SSL")
(vpninfo->cstp_compr == COMPR_DEFLATE) ? "SSL + deflate" : "SSL"
: "DTLS");
if (!vpninfo->vpnc_script) {
......
......@@ -140,6 +140,9 @@ struct pkt {
#define DTLS_CONNECTING 3
#define DTLS_CONNECTED 4
#define COMPR_DEFLATE (1<<0)
#define COMPR_ALL (COMPR_DEFLATE)
struct keepalive_info {
int dpd;
int keepalive;
......@@ -438,7 +441,10 @@ struct openconnect_info {
int dtls_local_port;
int deflate;
int req_compr; /* What we requested */
int cstp_compr; /* Accepted for CSTP */
int dtls_compr; /* Accepted for DTLS */
int is_dyndns; /* Attempt to redo DNS lookup on each CSTP reconnect */
char *useragent;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment