Distinguish between the different rekey methods.

AnyConnect allows for different rekey methods including new-tunnel
and ssl (rehandshake). Currently only the new-tunnel is implemented
in openconnect.
Signed-off-by: default avatarNikos Mavrogiannopoulos <nmav@redhat.com>
parent a12ac9e6
......@@ -356,6 +356,13 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
vpninfo->ssl_times.dpd = j;
} else if (!strcmp(buf + 7, "Rekey-Time")) {
vpninfo->ssl_times.rekey = atol(colon);
} else if (!strcmp(buf + 7, "Rekey-Method")) {
if (!strcmp(colon, "new-tunnel"))
vpninfo->ssl_times.rekey_method = REKEY_TUNNEL;
else if (!strcmp(colon, "ssl"))
vpninfo->ssl_times.rekey_method = REKEY_SSL;
else
vpninfo->ssl_times.rekey_method = REKEY_NONE;
} else if (!strcmp(buf + 7, "Content-Encoding")) {
if (!strcmp(colon, "deflate"))
vpninfo->deflate = 1;
......
......@@ -600,6 +600,13 @@ int openconnect_setup_dtls(struct openconnect_info *vpninfo, int dtls_attempt_pe
int j = atol(dtls_opt->value);
if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd))
vpninfo->dtls_times.dpd = j;
} else if (!strcmp(dtls_opt->option + 7, "Rekey-Method")) {
if (!strcmp(dtls_opt->value, "new-tunnel"))
vpninfo->dtls_times.rekey_method = REKEY_TUNNEL;
else if (!strcmp(dtls_opt->value, "ssl"))
vpninfo->dtls_times.rekey_method = REKEY_SSL;
else
vpninfo->dtls_times.rekey_method = REKEY_NONE;
} else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
vpninfo->dtls_times.rekey = atol(dtls_opt->value);
} else if (!strcmp(dtls_opt->option + 7, "CipherSuite")) {
......
......@@ -169,7 +169,9 @@ int ka_stalled_action(struct keepalive_info *ka, int *timeout)
{
time_t due, now = time(NULL);
if (ka->rekey) {
/* we only support the new-tunnel rekey method for
* now */
if (ka->rekey && ka->rekey_method == REKEY_TUNNEL) {
due = ka->last_rekey + ka->rekey;
if (now >= due)
......
......@@ -94,6 +94,10 @@ struct pkt {
unsigned char data[];
};
#define REKEY_NONE 0
#define REKEY_TUNNEL 1
#define REKEY_SSL 2
#define KA_NONE 0
#define KA_DPD 1
#define KA_DPD_DEAD 2
......@@ -109,6 +113,7 @@ struct keepalive_info {
int dpd;
int keepalive;
int rekey;
int rekey_method;
time_t last_rekey;
time_t last_tx;
time_t last_rx;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment