Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add source port option for DTLS
Signed-off-by: Steven Ihde <sihde@hamachi.us>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
Steven Ihde authored and David Woodhouse committed Jun 25, 2012
1 parent 6c00a17 commit a750105
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 0 deletions.
31 changes: 31 additions & 0 deletions dtls.c
Expand Up @@ -492,6 +492,37 @@ int connect_dtls_socket(struct openconnect_info *vpninfo)
return -EINVAL;
}

if (vpninfo->dtls_local_port) {
struct sockaddr_storage dtls_bind_addr;
int dtls_bind_addrlen;
memset(&dtls_bind_addr, 0, sizeof(dtls_bind_addr));

if (vpninfo->peer_addr->sa_family == AF_INET) {
struct sockaddr_in *addr = (struct sockaddr_in *)&dtls_bind_addr;
dtls_bind_addrlen = sizeof(*addr);
addr->sin_family = AF_INET;
addr->sin_addr.s_addr = INADDR_ANY;
addr->sin_port = htons(vpninfo->dtls_local_port);
} else if (vpninfo->peer_addr->sa_family == AF_INET6) {
struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&dtls_bind_addr;
dtls_bind_addrlen = sizeof(*addr);
addr->sin6_family = AF_INET6;
addr->sin6_addr = in6addr_any;
addr->sin6_port = htons(vpninfo->dtls_local_port);
} else {
vpn_progress(vpninfo, PRG_ERR,
_("Unknown protocol family %d. Cannot do DTLS\n"),
vpninfo->peer_addr->sa_family);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}

if (bind(dtls_fd, (struct sockaddr *)&dtls_bind_addr, dtls_bind_addrlen)) {
perror(_("Bind UDP socket for DTLS"));
return -EINVAL;
}
}

if (connect(dtls_fd, vpninfo->dtls_addr, vpninfo->peer_addrlen)) {
perror(_("UDP (DTLS) connect:\n"));
close(dtls_fd);
Expand Down
6 changes: 6 additions & 0 deletions main.c
Expand Up @@ -107,6 +107,7 @@ enum {
OPT_SERVERCERT,
OPT_USERAGENT,
OPT_NON_INTER,
OPT_DTLS_LOCAL_PORT,
};

#ifdef __sun__
Expand Down Expand Up @@ -169,6 +170,7 @@ static struct option long_options[] = {
OPTION("no-cert-check", 0, OPT_NO_CERT_CHECK),
OPTION("force-dpd", 1, OPT_FORCE_DPD),
OPTION("non-inter", 0, OPT_NON_INTER),
OPTION("dtls-local-port", 1, OPT_DTLS_LOCAL_PORT),
OPTION(NULL, 0, 0)
};

Expand Down Expand Up @@ -273,6 +275,7 @@ static void usage(void)
printf(" --reconnect-timeout %s\n", _("Connection retry timeout in seconds"));
printf(" --servercert=FINGERPRINT %s\n", _("Server's certificate SHA1 fingerprint"));
printf(" --useragent=STRING %s\n", _("HTTP header User-Agent: field"));
printf(" --dtls-local-port=PORT %s\n", _("Set local port for DTLS datagrams"));
printf("\n");

helpmessage();
Expand Down Expand Up @@ -684,6 +687,9 @@ int main(int argc, char **argv)
case OPT_FORCE_DPD:
vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = atoi(config_arg);
break;
case OPT_DTLS_LOCAL_PORT:
vpninfo->dtls_local_port = atoi(config_arg);
break;
default:
usage();
}
Expand Down
2 changes: 2 additions & 0 deletions openconnect-internal.h
Expand Up @@ -273,6 +273,8 @@ struct openconnect_info {
struct sockaddr *peer_addr;
struct sockaddr *dtls_addr;

int dtls_local_port;

int deflate;
char *useragent;

Expand Down
6 changes: 6 additions & 0 deletions openconnect.8.in
Expand Up @@ -42,6 +42,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
.OP \-\-cafile file
.OP \-\-disable\-ipv6
.OP \-\-dtls\-ciphers list
.OP \-\-dtls\-local\-port port
.OP \-\-no\-cert\-check
.OP \-\-no\-dtls
.OP \-\-no\-http\-keepalive
Expand Down Expand Up @@ -335,6 +336,11 @@ Use
.I STRING
as 'User\-Agent:' field value in HTTP header.
(e.g. \-\-useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133')
.TP
.B \-\-dtls\-local\-port=PORT
Use
.I PORT
as the local port for DTLS datagrams

.SH LIMITATIONS
Note that although IPv6 has been tested on all platforms on which
Expand Down
1 change: 1 addition & 0 deletions www/changelog.xml
Expand Up @@ -17,6 +17,7 @@
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
<li>Add <tt>--dtls-local-port</tt> option.</li>
<li>Print correct error when <tt>/dev/net/tun</tt> cannot be opened.</li>
<li>Fix <tt>openconnect.pc</tt> pkg-config file not to require <tt>zlib.pc</tt> on systems which lack it (like RHEL5).</li>
</ul><br/>
Expand Down

0 comments on commit a750105

Please sign in to comment.