From a4b9d85dcc0d1b84d42d7b8b1fa2c812b0dfeff2 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Wed, 1 Aug 2018 18:28:01 -0700
Subject: [PATCH] Clarify a few uncommented corners of the ESP support

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 esp.c                  | 6 ++++++
 library.c              | 3 ++-
 oncp.c                 | 1 +
 openconnect-internal.h | 5 +++--
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/esp.c b/esp.c
index e9760c43..dce7f90b 100644
--- a/esp.c
+++ b/esp.c
@@ -146,6 +146,7 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 			     len);
 		work_done = 1;
 
+		/* both supported algos (SHA1 and MD5) have 12-byte MAC lengths (RFC2403 and RFC2404) */
 		if (len <= sizeof(pkt->esp) + 12)
 			continue;
 
@@ -169,6 +170,11 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 			continue;
 		}
 
+		/* Possible values of the Next Header field are:
+		   0x04: IP[v4]-in-IP
+		   0x05: supposed to mean Internet Stream Protocol
+		         (XXX: but used for LZO compressed packets by Juniper)
+		   0x29: IPv6 encapsulation */
 		if (pkt->data[len - 1] != 0x04 && pkt->data[len - 1] != 0x29 &&
 		    pkt->data[len - 1] != 0x05) {
 			vpn_progress(vpninfo, PRG_ERR,
diff --git a/library.c b/library.c
index e5bbda48..e3d6c15a 100644
--- a/library.c
+++ b/library.c
@@ -904,7 +904,8 @@ int openconnect_setup_tun_device(struct openconnect_info *vpninfo,
 static const char *compr_name_map[] = {
 	[COMPR_DEFLATE] = "Deflate",
 	[COMPR_LZS] = "LZS",
-	[COMPR_LZ4] = "LZ4"
+	[COMPR_LZ4] = "LZ4",
+	[COMPR_LZO] = "LZO",
 };
 
 const char *openconnect_get_cstp_compression(struct openconnect_info * vpninfo)
diff --git a/oncp.c b/oncp.c
index 6fa33332..59d2fd98 100644
--- a/oncp.c
+++ b/oncp.c
@@ -323,6 +323,7 @@ static int process_attr(struct openconnect_info *vpninfo, int group, int attr,
 		if (attrlen != 1)
 			goto badlen;
 		vpninfo->esp_compr = data[0];
+		vpninfo->dtls_compr = data[0] ? COMPR_LZO : 0;
 		vpn_progress(vpninfo, PRG_DEBUG, _("ESP compression: %d\n"), data[0]);
 		break;
 
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 038cb35d..20e950d7 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -174,10 +174,11 @@ struct pkt {
 #define COMPR_DEFLATE	(1<<0)
 #define COMPR_LZS	(1<<1)
 #define COMPR_LZ4	(1<<2)
-#define COMPR_MAX	COMPR_LZ4
+#define COMPR_LZO	(1<<3)
+#define COMPR_MAX	COMPR_LZO
 
 #ifdef HAVE_LZ4
-#define COMPR_STATELESS	(COMPR_LZS | COMPR_LZ4)
+#define COMPR_STATELESS	(COMPR_LZS | COMPR_LZ4 | COMPR_LZO)
 #else
 #define COMPR_STATELESS	(COMPR_LZS)
 #endif