Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tweak the dtls_state handling in preparation for supporting GlobalPro…
…tect ESP If a protocol wishes to have dtls_state set to DTLS_SLEEPING after closing UDP, then it must now do so explicitly, because the mainloop will no longer set it. This patch make both existing protocols set dtls_state explicitly after closing the UDP connection. (The nc protocol already did so explicitly, but the anyconnect protocol didn't.) The previous behavior, wherein dtls_state was *always* set to DTLS_SLEEPING after closing UDP, was incompatible with the GlobalProtect VPN. Disconnecting and reconnecting GlobalProtect VPN doesn't just require require reconnecting the UDP socket and resending probes; it actually invalidates any previously-obtained ESP secret. Signed-off-by: Daniel Lenski <dlenski@gmail.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
- Loading branch information