From a8ab34e1b5782844c356af3ce76159dd523b4406 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Wed, 1 Aug 2018 18:13:59 -0700
Subject: [PATCH] Clarify protocol description in connection message

- Include both the TCP- and UDP-based protocols' compression details
- The UDP-based protocol really can't be connected by the time this
  prints, since the mainloop hasn't had enough time to receive the
  connection confirmation packets; show it as "in progress"

Before (with default verbosity):

    Connected as 10.0.0.3 + dead::be:ef, using SSL + deflate
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).

After:

    Connected as 10.0.0.3 + dead::be:ef, using SSL + Deflate, with DTLS + LZS in progress
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 gpst.c                 |  2 +-
 library.c              |  3 +++
 main.c                 | 28 ++++++++--------------------
 openconnect-internal.h |  1 +
 4 files changed, 13 insertions(+), 21 deletions(-)

diff --git a/gpst.c b/gpst.c
index 97207f9f..bccfc6d9 100644
--- a/gpst.c
+++ b/gpst.c
@@ -630,7 +630,7 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
 		vpninfo->ip_info.mtu = calculate_mtu(vpninfo, !no_esp_reason);
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("No MTU received. Calculated %d for %s%s\n"), vpninfo->ip_info.mtu,
-			     no_esp_reason ? "TLS tunnel. " : "ESP tunnel", no_esp_reason ? : "");
+			     no_esp_reason ? "SSL tunnel. " : "ESP tunnel", no_esp_reason ? : "");
 		/* return -EINVAL; */
 	}
 	if (!vpninfo->ip_info.addr) {
diff --git a/library.c b/library.c
index e3d6c15a..b8c316ab 100644
--- a/library.c
+++ b/library.c
@@ -117,6 +117,7 @@ const struct vpn_proto openconnect_protos[] = {
 		.tcp_mainloop = cstp_mainloop,
 		.add_http_headers = cstp_common_headers,
 		.obtain_cookie = cstp_obtain_cookie,
+		.udp_protocol = "DTLS",
 #ifdef HAVE_DTLS
 		.udp_setup = dtls_setup,
 		.udp_mainloop = dtls_mainloop,
@@ -133,6 +134,7 @@ const struct vpn_proto openconnect_protos[] = {
 		.tcp_mainloop = oncp_mainloop,
 		.add_http_headers = oncp_common_headers,
 		.obtain_cookie = oncp_obtain_cookie,
+		.udp_protocol = "ESP",
 #ifdef HAVE_ESP
 		.udp_setup = esp_setup,
 		.udp_mainloop = esp_mainloop,
@@ -151,6 +153,7 @@ const struct vpn_proto openconnect_protos[] = {
 		.tcp_mainloop = gpst_mainloop,
 		.add_http_headers = gpst_common_headers,
 		.obtain_cookie = gpst_obtain_cookie,
+		.udp_protocol = "ESP",
 #ifdef HAVE_ESP
 		.udp_setup = esp_setup,
 		.udp_mainloop = esp_mainloop,
diff --git a/main.c b/main.c
index 283db780..1ef54813 100644
--- a/main.c
+++ b/main.c
@@ -1083,7 +1083,7 @@ int main(int argc, char **argv)
 	char *urlpath = NULL;
 	struct oc_vpn_option *gai;
 	char *ip;
-	const char *compr = "";
+	const char *ssl_compr, *udp_compr;
 	char *proxy = getenv("https_proxy");
 	char *vpnc_script = NULL;
 	const struct oc_ip_info *ip_info;
@@ -1596,33 +1596,21 @@ int main(int argc, char **argv)
 		 * reconnects end up in infinite loop trying to connect
 		 * to non existing DTLS */
 		vpninfo->dtls_state = DTLS_DISABLED;
-		fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
+		fprintf(stderr, _("Set up UDP failed; using SSL instead\n"));
 	}
 
 	openconnect_get_ip_info(vpninfo, &ip_info, NULL, NULL);
 
-	if (vpninfo->dtls_state != DTLS_CONNECTED) {
-		if (vpninfo->cstp_compr == COMPR_DEFLATE)
-			compr = " + deflate";
-		else if (vpninfo->cstp_compr == COMPR_LZS)
-			compr = " + lzs";
-		else if (vpninfo->cstp_compr == COMPR_LZ4)
-			compr = " + lz4";
-	} else {
-		if (vpninfo->dtls_compr == COMPR_DEFLATE)
-			compr = " + deflate";
-		else if (vpninfo->dtls_compr == COMPR_LZS)
-			compr = " + lzs";
-		else if (vpninfo->dtls_compr == COMPR_LZ4)
-			compr = " + lz4";
-	}
+	ssl_compr = openconnect_get_cstp_compression(vpninfo);
+	udp_compr = openconnect_get_dtls_compression(vpninfo);
 	vpn_progress(vpninfo, PRG_INFO,
-		     _("Connected as %s%s%s, using %s%s\n"),
+		     _("Connected as %s%s%s, using SSL%s%s, with %s%s%s %s\n"),
 		     ip_info->addr?:"",
 		     (ip_info->netmask6 && ip_info->addr) ? " + " : "",
 		     ip_info->netmask6 ? : "",
-		     (vpninfo->dtls_state != DTLS_CONNECTED) ? "SSL"
-		     : "DTLS", compr);
+		     ssl_compr ? " + " : "", ssl_compr ? : "",
+		     vpninfo->proto->udp_protocol ? : "UDP", udp_compr ? " + " : "", udp_compr ? : "",
+		     (vpninfo->dtls_state == DTLS_DISABLED || vpninfo->dtls_state == DTLS_NOSECRET ? _("disabled") : _("in progress")));
 
 	if (!vpninfo->vpnc_script) {
 		vpn_progress(vpninfo, PRG_INFO,
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 20e950d7..2c35e098 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -264,6 +264,7 @@ struct vpn_proto {
 	const char *name;
 	const char *pretty_name;
 	const char *description;
+	const char *udp_protocol;
 	unsigned int flags;
 	int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason);