Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Clarify protocol description in connection message
- Include both the TCP- and UDP-based protocols' compression details
- The UDP-based protocol really can't be connected by the time this
  prints, since the mainloop hasn't had enough time to receive the
  connection confirmation packets; show it as "in progress"

Before (with default verbosity):

    Connected as 10.0.0.3 + dead::be:ef, using SSL + deflate
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).

After:

    Connected as 10.0.0.3 + dead::be:ef, using SSL + Deflate, with DTLS + LZS in progress
    Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-128-GCM).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
dlenski committed Aug 2, 2018
1 parent a4b9d85 commit a8ab34e
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 21 deletions.
2 changes: 1 addition & 1 deletion gpst.c
Expand Up @@ -630,7 +630,7 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
vpninfo->ip_info.mtu = calculate_mtu(vpninfo, !no_esp_reason);
vpn_progress(vpninfo, PRG_ERR,
_("No MTU received. Calculated %d for %s%s\n"), vpninfo->ip_info.mtu,
no_esp_reason ? "TLS tunnel. " : "ESP tunnel", no_esp_reason ? : "");
no_esp_reason ? "SSL tunnel. " : "ESP tunnel", no_esp_reason ? : "");
/* return -EINVAL; */
}
if (!vpninfo->ip_info.addr) {
Expand Down
3 changes: 3 additions & 0 deletions library.c
Expand Up @@ -117,6 +117,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = cstp_mainloop,
.add_http_headers = cstp_common_headers,
.obtain_cookie = cstp_obtain_cookie,
.udp_protocol = "DTLS",
#ifdef HAVE_DTLS
.udp_setup = dtls_setup,
.udp_mainloop = dtls_mainloop,
Expand All @@ -133,6 +134,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = oncp_mainloop,
.add_http_headers = oncp_common_headers,
.obtain_cookie = oncp_obtain_cookie,
.udp_protocol = "ESP",
#ifdef HAVE_ESP
.udp_setup = esp_setup,
.udp_mainloop = esp_mainloop,
Expand All @@ -151,6 +153,7 @@ const struct vpn_proto openconnect_protos[] = {
.tcp_mainloop = gpst_mainloop,
.add_http_headers = gpst_common_headers,
.obtain_cookie = gpst_obtain_cookie,
.udp_protocol = "ESP",
#ifdef HAVE_ESP
.udp_setup = esp_setup,
.udp_mainloop = esp_mainloop,
Expand Down
28 changes: 8 additions & 20 deletions main.c
Expand Up @@ -1083,7 +1083,7 @@ int main(int argc, char **argv)
char *urlpath = NULL;
struct oc_vpn_option *gai;
char *ip;
const char *compr = "";
const char *ssl_compr, *udp_compr;
char *proxy = getenv("https_proxy");
char *vpnc_script = NULL;
const struct oc_ip_info *ip_info;
Expand Down Expand Up @@ -1596,33 +1596,21 @@ int main(int argc, char **argv)
* reconnects end up in infinite loop trying to connect
* to non existing DTLS */
vpninfo->dtls_state = DTLS_DISABLED;
fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
fprintf(stderr, _("Set up UDP failed; using SSL instead\n"));
}

openconnect_get_ip_info(vpninfo, &ip_info, NULL, NULL);

if (vpninfo->dtls_state != DTLS_CONNECTED) {
if (vpninfo->cstp_compr == COMPR_DEFLATE)
compr = " + deflate";
else if (vpninfo->cstp_compr == COMPR_LZS)
compr = " + lzs";
else if (vpninfo->cstp_compr == COMPR_LZ4)
compr = " + lz4";
} else {
if (vpninfo->dtls_compr == COMPR_DEFLATE)
compr = " + deflate";
else if (vpninfo->dtls_compr == COMPR_LZS)
compr = " + lzs";
else if (vpninfo->dtls_compr == COMPR_LZ4)
compr = " + lz4";
}
ssl_compr = openconnect_get_cstp_compression(vpninfo);
udp_compr = openconnect_get_dtls_compression(vpninfo);
vpn_progress(vpninfo, PRG_INFO,
_("Connected as %s%s%s, using %s%s\n"),
_("Connected as %s%s%s, using SSL%s%s, with %s%s%s %s\n"),
ip_info->addr?:"",
(ip_info->netmask6 && ip_info->addr) ? " + " : "",
ip_info->netmask6 ? : "",
(vpninfo->dtls_state != DTLS_CONNECTED) ? "SSL"
: "DTLS", compr);
ssl_compr ? " + " : "", ssl_compr ? : "",
vpninfo->proto->udp_protocol ? : "UDP", udp_compr ? " + " : "", udp_compr ? : "",
(vpninfo->dtls_state == DTLS_DISABLED || vpninfo->dtls_state == DTLS_NOSECRET ? _("disabled") : _("in progress")));

if (!vpninfo->vpnc_script) {
vpn_progress(vpninfo, PRG_INFO,
Expand Down
1 change: 1 addition & 0 deletions openconnect-internal.h
Expand Up @@ -264,6 +264,7 @@ struct vpn_proto {
const char *name;
const char *pretty_name;
const char *description;
const char *udp_protocol;
unsigned int flags;
int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason);

Expand Down

0 comments on commit a8ab34e

Please sign in to comment.