Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Handle CSTP rekey when stalled
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Aug 3, 2012
1 parent fddb099 commit 96cffd9
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 10 deletions.
14 changes: 11 additions & 3 deletions cstp.c
Expand Up @@ -810,10 +810,17 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
->select_wfds if appropriate, so we can just return
and wait. Unless it's been stalled for so long that
DPD kicks in and we kill the connection. */
if (ka_stalled_dpd_time(&vpninfo->ssl_times, timeout))
switch (ka_stalled_action(&vpninfo->ssl_times, timeout)) {
case KA_DPD_DEAD:
goto peer_dead;

return work_done;
case KA_REKEY:
goto do_rekey;
case KA_NONE:
return work_done;
default:
/* This should never happen */
;
}
}

if (ret != vpninfo->current_ssl_pkt->len + 8) {
Expand Down Expand Up @@ -842,6 +849,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)

switch (keepalive_action(&vpninfo->ssl_times, timeout)) {
case KA_REKEY:
do_rekey:
/* Not that this will ever happen; we don't even process
the setting when we're asked for it. */
vpn_progress(vpninfo, PRG_INFO, _("CSTP rekey due\n"));
Expand Down
21 changes: 15 additions & 6 deletions mainloop.c
Expand Up @@ -136,23 +136,32 @@ int vpn_mainloop(struct openconnect_info *vpninfo)

/* Called when the socket is unwritable, to get the deadline for DPD.
Returns 1 if DPD deadline has already arrived. */
int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout)
int ka_stalled_action(struct keepalive_info *ka, int *timeout)
{
time_t now, due;
time_t due, now = time(NULL);

if (ka->rekey) {
due = ka->last_rekey + ka->rekey;

if (now >= due)
return KA_REKEY;

if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;
}

if (!ka->dpd)
return 0;
return KA_NONE;

time(&now);
due = ka->last_rx + (2 * ka->dpd);

if (now > due)
return 1;
return KA_DPD_DEAD;

if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;

return 0;
return KA_NONE;
}


Expand Down
2 changes: 1 addition & 1 deletion openconnect-internal.h
Expand Up @@ -377,7 +377,7 @@ int vpn_mainloop(struct openconnect_info *vpninfo);
int queue_new_packet(struct pkt **q, void *buf, int len);
void queue_packet(struct pkt **q, struct pkt *new);
int keepalive_action(struct keepalive_info *ka, int *timeout);
int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
int ka_stalled_action(struct keepalive_info *ka, int *timeout);

extern int killed;

Expand Down

0 comments on commit 96cffd9

Please sign in to comment.