Commit a8ab34e1 authored by Daniel Lenski's avatar Daniel Lenski

Clarify protocol description in connection message

- Include both the TCP- and UDP-based protocols' compression details
- The UDP-based protocol really can't be connected by the time this
  prints, since the mainloop hasn't had enough time to receive the
  connection confirmation packets; show it as "in progress"

Before (with default verbosity):

    Connected as 10.0.0.3 + dead::be:ef, using SSL + deflate
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).

After:

    Connected as 10.0.0.3 + dead::be:ef, using SSL + Deflate, with DTLS + LZS in progress
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).
Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
parent a4b9d85d
......@@ -630,7 +630,7 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
vpninfo->ip_info.mtu = calculate_mtu(vpninfo, !no_esp_reason);
vpn_progress(vpninfo, PRG_ERR,
_("No MTU received. Calculated %d for %s%s\n"), vpninfo->ip_info.mtu,
no_esp_reason ? "TLS tunnel. " : "ESP tunnel", no_esp_reason ? : "");
no_esp_reason ? "SSL tunnel. " : "ESP tunnel", no_esp_reason ? : "");
/* return -EINVAL; */
}
if (!vpninfo->ip_info.addr) {
......
......@@ -117,6 +117,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = cstp_mainloop,
.add_http_headers = cstp_common_headers,
.obtain_cookie = cstp_obtain_cookie,
.udp_protocol = "DTLS",
#ifdef HAVE_DTLS
.udp_setup = dtls_setup,
.udp_mainloop = dtls_mainloop,
......@@ -133,6 +134,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = oncp_mainloop,
.add_http_headers = oncp_common_headers,
.obtain_cookie = oncp_obtain_cookie,
.udp_protocol = "ESP",
#ifdef HAVE_ESP
.udp_setup = esp_setup,
.udp_mainloop = esp_mainloop,
......@@ -151,6 +153,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = gpst_mainloop,
.add_http_headers = gpst_common_headers,
.obtain_cookie = gpst_obtain_cookie,
.udp_protocol = "ESP",
#ifdef HAVE_ESP
.udp_setup = esp_setup,
.udp_mainloop = esp_mainloop,
......
......@@ -1083,7 +1083,7 @@ int main(int argc, char **argv)
char *urlpath = NULL;
struct oc_vpn_option *gai;
char *ip;
const char *compr = "";
const char *ssl_compr, *udp_compr;
char *proxy = getenv("https_proxy");
char *vpnc_script = NULL;
const struct oc_ip_info *ip_info;
......@@ -1596,33 +1596,21 @@ int main(int argc, char **argv)
* reconnects end up in infinite loop trying to connect
* to non existing DTLS */
vpninfo->dtls_state = DTLS_DISABLED;
fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
fprintf(stderr, _("Set up UDP failed; using SSL instead\n"));
}
openconnect_get_ip_info(vpninfo, &ip_info, NULL, NULL);
if (vpninfo->dtls_state != DTLS_CONNECTED) {
if (vpninfo->cstp_compr == COMPR_DEFLATE)
compr = " + deflate";
else if (vpninfo->cstp_compr == COMPR_LZS)
compr = " + lzs";
else if (vpninfo->cstp_compr == COMPR_LZ4)
compr = " + lz4";
} else {
if (vpninfo->dtls_compr == COMPR_DEFLATE)
compr = " + deflate";
else if (vpninfo->dtls_compr == COMPR_LZS)
compr = " + lzs";
else if (vpninfo->dtls_compr == COMPR_LZ4)
compr = " + lz4";
}
ssl_compr = openconnect_get_cstp_compression(vpninfo);
udp_compr = openconnect_get_dtls_compression(vpninfo);
vpn_progress(vpninfo, PRG_INFO,
_("Connected as %s%s%s, using %s%s\n"),
_("Connected as %s%s%s, using SSL%s%s, with %s%s%s %s\n"),
ip_info->addr?:"",
(ip_info->netmask6 && ip_info->addr) ? " + " : "",
ip_info->netmask6 ? : "",
(vpninfo->dtls_state != DTLS_CONNECTED) ? "SSL"
: "DTLS", compr);
ssl_compr ? " + " : "", ssl_compr ? : "",
vpninfo->proto->udp_protocol ? : "UDP", udp_compr ? " + " : "", udp_compr ? : "",
(vpninfo->dtls_state == DTLS_DISABLED || vpninfo->dtls_state == DTLS_NOSECRET ? _("disabled") : _("in progress")));
if (!vpninfo->vpnc_script) {
vpn_progress(vpninfo, PRG_INFO,
......
......@@ -264,6 +264,7 @@ struct vpn_proto {
const char *name;
const char *pretty_name;
const char *description;
const char *udp_protocol;
unsigned int flags;
int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment