Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
library: Move IP information into a public struct
Library users will want to know IPs, DNS servers, etc. so rename the
relevant structs and move them into openconnect.h.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
  • Loading branch information
cernekee committed Jan 15, 2014
1 parent 95b7af1 commit a492af0
Show file tree
Hide file tree
Showing 6 changed files with 114 additions and 107 deletions.
95 changes: 48 additions & 47 deletions cstp.c
Expand Up @@ -151,24 +151,25 @@ static void calculate_mtu(struct openconnect_info *vpninfo, int *base_mtu, int *

void cstp_free_splits(struct openconnect_info *vpninfo)
{
struct split_include *inc;
struct oc_split_include *inc;

for (inc = vpninfo->split_includes; inc; ) {
struct split_include *next = inc->next;
for (inc = vpninfo->ip_info.split_includes; inc; ) {
struct oc_split_include *next = inc->next;
free(inc);
inc = next;
}
for (inc = vpninfo->split_excludes; inc; ) {
struct split_include *next = inc->next;
for (inc = vpninfo->ip_info.split_excludes; inc; ) {
struct oc_split_include *next = inc->next;
free(inc);
inc = next;
}
for (inc = vpninfo->split_dns; inc; ) {
struct split_include *next = inc->next;
for (inc = vpninfo->ip_info.split_dns; inc; ) {
struct oc_split_include *next = inc->next;
free(inc);
inc = next;
}
vpninfo->split_dns = vpninfo->split_includes = vpninfo->split_excludes = NULL;
vpninfo->ip_info.split_dns = vpninfo->ip_info.split_includes =
vpninfo->ip_info.split_excludes = NULL;
}

static int start_cstp_connection(struct openconnect_info *vpninfo)
Expand All @@ -180,21 +181,21 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
struct vpn_option **next_cstp_option = &vpninfo->cstp_options;
struct vpn_option *old_cstp_opts = vpninfo->cstp_options;
struct vpn_option *old_dtls_opts = vpninfo->dtls_options;
const char *old_addr = vpninfo->vpn_addr;
const char *old_netmask = vpninfo->vpn_netmask;
const char *old_addr6 = vpninfo->vpn_addr6;
const char *old_netmask6 = vpninfo->vpn_netmask6;
const char *old_addr = vpninfo->ip_info.addr;
const char *old_netmask = vpninfo->ip_info.netmask;
const char *old_addr6 = vpninfo->ip_info.addr6;
const char *old_netmask6 = vpninfo->ip_info.netmask6;
int base_mtu, mtu;

/* Clear old options which will be overwritten */
vpninfo->vpn_addr = vpninfo->vpn_netmask = NULL;
vpninfo->vpn_addr6 = vpninfo->vpn_netmask6 = NULL;
vpninfo->ip_info.addr = vpninfo->ip_info.netmask = NULL;
vpninfo->ip_info.addr6 = vpninfo->ip_info.netmask6 = NULL;
vpninfo->cstp_options = vpninfo->dtls_options = NULL;
vpninfo->vpn_domain = vpninfo->vpn_proxy_pac = NULL;
vpninfo->ip_info.domain = vpninfo->ip_info.proxy_pac = NULL;
vpninfo->banner = NULL;

for (i = 0; i < 3; i++)
vpninfo->vpn_dns[i] = vpninfo->vpn_nbns[i] = NULL;
vpninfo->ip_info.dns[i] = vpninfo->ip_info.nbns[i] = NULL;
cstp_free_splits(vpninfo);

/* Create (new) random master key for DTLS connection, if needed */
Expand Down Expand Up @@ -375,58 +376,58 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
} else if (!strcmp(buf + 7, "Address")) {
if (strchr(new_option->value, ':')) {
if (!vpninfo->disable_ipv6)
vpninfo->vpn_addr6 = new_option->value;
vpninfo->ip_info.addr6 = new_option->value;
} else
vpninfo->vpn_addr = new_option->value;
vpninfo->ip_info.addr = new_option->value;
} else if (!strcmp(buf + 7, "Netmask")) {
if (strchr(new_option->value, ':')) {
if (!vpninfo->disable_ipv6)
vpninfo->vpn_netmask6 = new_option->value;
vpninfo->ip_info.netmask6 = new_option->value;
} else
vpninfo->vpn_netmask = new_option->value;
vpninfo->ip_info.netmask = new_option->value;
} else if (!strcmp(buf + 7, "DNS")) {
int j;
for (j = 0; j < 3; j++) {
if (!vpninfo->vpn_dns[j]) {
vpninfo->vpn_dns[j] = new_option->value;
if (!vpninfo->ip_info.dns[j]) {
vpninfo->ip_info.dns[j] = new_option->value;
break;
}
}
} else if (!strcmp(buf + 7, "NBNS")) {
int j;
for (j = 0; j < 3; j++) {
if (!vpninfo->vpn_nbns[j]) {
vpninfo->vpn_nbns[j] = new_option->value;
if (!vpninfo->ip_info.nbns[j]) {
vpninfo->ip_info.nbns[j] = new_option->value;
break;
}
}
} else if (!strcmp(buf + 7, "Default-Domain")) {
vpninfo->vpn_domain = new_option->value;
vpninfo->ip_info.domain = new_option->value;
} else if (!strcmp(buf + 7, "MSIE-Proxy-PAC-URL")) {
vpninfo->vpn_proxy_pac = new_option->value;
vpninfo->ip_info.proxy_pac = new_option->value;
} else if (!strcmp(buf + 7, "Banner")) {
vpninfo->banner = new_option->value;
} else if (!strcmp(buf + 7, "Split-DNS")) {
struct split_include *dns = malloc(sizeof(*dns));
struct oc_split_include *dns = malloc(sizeof(*dns));
if (!dns)
continue;
dns->route = new_option->value;
dns->next = vpninfo->split_dns;
vpninfo->split_dns = dns;
dns->next = vpninfo->ip_info.split_dns;
vpninfo->ip_info.split_dns = dns;
} else if (!strcmp(buf + 7, "Split-Include")) {
struct split_include *inc = malloc(sizeof(*inc));
struct oc_split_include *inc = malloc(sizeof(*inc));
if (!inc)
continue;
inc->route = new_option->value;
inc->next = vpninfo->split_includes;
vpninfo->split_includes = inc;
inc->next = vpninfo->ip_info.split_includes;
vpninfo->ip_info.split_includes = inc;
} else if (!strcmp(buf + 7, "Split-Exclude")) {
struct split_include *exc = malloc(sizeof(*exc));
struct oc_split_include *exc = malloc(sizeof(*exc));
if (!exc)
continue;
exc->route = new_option->value;
exc->next = vpninfo->split_excludes;
vpninfo->split_excludes = exc;
exc->next = vpninfo->ip_info.split_excludes;
vpninfo->ip_info.split_excludes = exc;
}
}

Expand All @@ -435,42 +436,42 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
_("No MTU received. Aborting\n"));
return -EINVAL;
}
vpninfo->actual_mtu = mtu;
vpninfo->ip_info.mtu = mtu;

if (!vpninfo->vpn_addr && !vpninfo->vpn_addr6) {
if (!vpninfo->ip_info.addr && !vpninfo->ip_info.addr6) {
vpn_progress(vpninfo, PRG_ERR,
_("No IP address received. Aborting\n"));
return -EINVAL;
}
if (old_addr) {
if (strcmp(old_addr, vpninfo->vpn_addr)) {
if (strcmp(old_addr, vpninfo->ip_info.addr)) {
vpn_progress(vpninfo, PRG_ERR,
_("Reconnect gave different Legacy IP address (%s != %s)\n"),
vpninfo->vpn_addr, old_addr);
vpninfo->ip_info.addr, old_addr);
return -EINVAL;
}
}
if (old_netmask) {
if (strcmp(old_netmask, vpninfo->vpn_netmask)) {
if (strcmp(old_netmask, vpninfo->ip_info.netmask)) {
vpn_progress(vpninfo, PRG_ERR,
_("Reconnect gave different Legacy IP netmask (%s != %s)\n"),
vpninfo->vpn_netmask, old_netmask);
vpninfo->ip_info.netmask, old_netmask);
return -EINVAL;
}
}
if (old_addr6) {
if (strcmp(old_addr6, vpninfo->vpn_addr6)) {
if (strcmp(old_addr6, vpninfo->ip_info.addr6)) {
vpn_progress(vpninfo, PRG_ERR,
_("Reconnect gave different IPv6 address (%s != %s)\n"),
vpninfo->vpn_addr6, old_addr6);
vpninfo->ip_info.addr6, old_addr6);
return -EINVAL;
}
}
if (old_netmask6) {
if (strcmp(old_netmask6, vpninfo->vpn_netmask6)) {
if (strcmp(old_netmask6, vpninfo->ip_info.netmask6)) {
vpn_progress(vpninfo, PRG_ERR,
_("Reconnect gave different IPv6 netmask (%s != %s)\n"),
vpninfo->vpn_netmask6, old_netmask6);
vpninfo->ip_info.netmask6, old_netmask6);
return -EINVAL;
}
}
Expand Down Expand Up @@ -597,7 +598,7 @@ int cstp_reconnect(struct openconnect_info *vpninfo)
static int inflate_and_queue_packet(struct openconnect_info *vpninfo,
unsigned char *buf, int len)
{
struct pkt *new = malloc(sizeof(struct pkt) + vpninfo->actual_mtu);
struct pkt *new = malloc(sizeof(struct pkt) + vpninfo->ip_info.mtu);
uint32_t pkt_sum;

if (!new)
Expand All @@ -609,7 +610,7 @@ static int inflate_and_queue_packet(struct openconnect_info *vpninfo,
vpninfo->inflate_strm.avail_in = len - 4;

vpninfo->inflate_strm.next_out = new->data;
vpninfo->inflate_strm.avail_out = vpninfo->actual_mtu;
vpninfo->inflate_strm.avail_out = vpninfo->ip_info.mtu;
vpninfo->inflate_strm.total_out = 0;

if (inflate(&vpninfo->inflate_strm, Z_SYNC_FLUSH)) {
Expand Down
8 changes: 4 additions & 4 deletions dtls.c
Expand Up @@ -402,7 +402,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
#ifdef HAVE_GNUTLS_DTLS_SET_DATA_MTU
/* Make sure GnuTLS's idea of the MTU is sufficient to take
a full VPN MTU (with 1-byte header) in a data record. */
err = gnutls_dtls_set_data_mtu(vpninfo->new_dtls_ssl, vpninfo->actual_mtu + 1);
err = gnutls_dtls_set_data_mtu(vpninfo->new_dtls_ssl, vpninfo->ip_info.mtu + 1);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set DTLS MTU: %s\n"),
Expand All @@ -415,7 +415,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
We only support AES128-CBC and DES-CBC3-SHA anyway, so
working out the worst case isn't hard. */
gnutls_dtls_set_mtu(vpninfo->new_dtls_ssl,
vpninfo->actual_mtu + 1 /* packet + header */
vpninfo->ip_info.mtu + 1 /* packet + header */
+ 13 /* DTLS header */
+ 20 /* biggest supported MAC (SHA1) */
+ 16 /* biggest supported IV (AES-128) */
Expand Down Expand Up @@ -487,7 +487,7 @@ int connect_dtls_socket(struct openconnect_info *vpninfo)
return -EINVAL;
}

sndbuf = vpninfo->actual_mtu * 2;
sndbuf = vpninfo->ip_info.mtu * 2;
setsockopt(dtls_fd, SOL_SOCKET, SO_SNDBUF, &sndbuf, sizeof(sndbuf));

if (vpninfo->dtls_local_port) {
Expand Down Expand Up @@ -665,7 +665,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
char magic_pkt;

while (1) {
int len = vpninfo->actual_mtu;
int len = vpninfo->ip_info.mtu;
unsigned char *buf;

if (!dtls_pkt || len > dtls_pkt_max) {
Expand Down
6 changes: 3 additions & 3 deletions main.c
Expand Up @@ -934,9 +934,9 @@ int main(int argc, char **argv)

vpn_progress(vpninfo, PRG_INFO,
_("Connected %s as %s%s%s, using %s\n"), openconnect_get_ifname(vpninfo),
vpninfo->vpn_addr?:"",
(vpninfo->vpn_addr6 && vpninfo->vpn_addr) ? " + " : "",
vpninfo->vpn_addr6 ? : "",
vpninfo->ip_info.addr?:"",
(vpninfo->ip_info.addr6 && vpninfo->ip_info.addr) ? " + " : "",
vpninfo->ip_info.addr6 ? : "",
(vpninfo->dtls_fd == -1) ?
(vpninfo->deflate ? "SSL + deflate" : "SSL")
: "DTLS");
Expand Down
19 changes: 2 additions & 17 deletions openconnect-internal.h
Expand Up @@ -113,11 +113,6 @@ struct keepalive_info {
time_t last_dpd;
};

struct split_include {
char *route;
struct split_include *next;
};

struct pin_cache {
struct pin_cache *next;
char *token;
Expand Down Expand Up @@ -267,20 +262,10 @@ struct openconnect_info {
int script_tun;
char *ifname;

int actual_mtu;
int reqmtu, basemtu;
const char *banner;
const char *vpn_addr;
const char *vpn_netmask;
const char *vpn_addr6;
const char *vpn_netmask6;
const char *vpn_dns[3];
const char *vpn_nbns[3];
const char *vpn_domain;
const char *vpn_proxy_pac;
struct split_include *split_dns;
struct split_include *split_includes;
struct split_include *split_excludes;

struct oc_ip_info ip_info;

int select_nfds;
fd_set select_rfds;
Expand Down
21 changes: 21 additions & 0 deletions openconnect.h
Expand Up @@ -160,6 +160,27 @@ struct oc_auth_form {
int authgroup_selection;
};

struct oc_split_include {
char *route;
struct oc_split_include *next;
};

struct oc_ip_info {
const char *addr;
const char *netmask;
const char *addr6;
const char *netmask6;
const char *dns[3];
const char *nbns[3];
const char *domain;
const char *proxy_pac;
int mtu;

struct oc_split_include *split_dns;
struct oc_split_include *split_includes;
struct oc_split_include *split_excludes;
};

/****************************************************************************/

#define PRG_ERR 0
Expand Down

0 comments on commit a492af0

Please sign in to comment.