Commit cf3b1484 authored by David Woodhouse's avatar David Woodhouse

Add --compression argument and openconnect_set_compression_mode()

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 29009f05
......@@ -32,6 +32,7 @@ OPENCONNECT_5.0 {
openconnect_set_cancel_fd;
openconnect_set_cert_expiry_warning;
openconnect_set_client_cert;
openconnect_set_compression_mode;
openconnect_set_csd_environ;
openconnect_set_dpd;
openconnect_set_hostname;
......
......@@ -824,3 +824,20 @@ const char *openconnect_get_peer_cert_hash(struct openconnect_info *vpninfo)
{
return vpninfo->peer_cert_hash;
}
int openconnect_set_compression_mode(struct openconnect_info *vpninfo,
oc_compression_mode_t mode)
{
switch(mode) {
case OC_COMPRESSION_MODE_NONE:
vpninfo->req_compr = 0;
return 0;
case OC_COMPRESSION_MODE_STATELESS:
vpninfo->req_compr = COMPR_STATELESS;
return 0;
case OC_COMPRESSION_MODE_ALL:
vpninfo->req_compr = COMPR_ALL;
return 0;
default:
return -EINVAL;
}
}
......@@ -148,6 +148,7 @@ enum {
OPT_AUTHGROUP,
OPT_BASEMTU,
OPT_CAFILE,
OPT_COMPRESSION,
OPT_CONFIGFILE,
OPT_COOKIEONLY,
OPT_COOKIE_ON_STDIN,
......@@ -207,6 +208,7 @@ static const struct option long_options[] = {
OPTION("certificate", 1, 'c'),
OPTION("sslkey", 1, 'k'),
OPTION("cookie", 1, 'C'),
OPTION("compression", 1, OPT_COMPRESSION),
OPTION("deflate", 0, 'd'),
OPTION("no-deflate", 0, 'D'),
OPTION("cert-expire-warning", 1, 'e'),
......@@ -1068,6 +1070,20 @@ int main(int argc, char **argv)
config_line_num = 1;
/* The next option will come from the file... */
break;
case OPT_COMPRESSION:
if (!strcmp(config_arg, "none") ||
!strcmp(config_arg, "off"))
openconnect_set_compression_mode(vpninfo, OC_COMPRESSION_MODE_NONE);
else if (!strcmp(config_arg, "all"))
openconnect_set_compression_mode(vpninfo, OC_COMPRESSION_MODE_ALL);
else if (!strcmp(config_arg, "stateless"))
openconnect_set_compression_mode(vpninfo, OC_COMPRESSION_MODE_STATELESS);
else {
fprintf(stderr, _("Invalid compression mode '%s'\n"),
config_arg);
exit(1);
}
break;
case OPT_CAFILE:
openconnect_set_cafile(vpninfo, dup_config_arg());
break;
......
......@@ -145,10 +145,11 @@ struct pkt {
#define COMPR_LZ4 (1<<2)
#ifdef HAVE_LZ4
#define COMPR_ALL (COMPR_DEFLATE | COMPR_LZS | COMPR_LZ4)
#define COMPR_STATELESS (COMPR_LZS | COMPR_LZ4)
#else
#define COMPR_ALL (COMPR_DEFLATE | COMPR_LZS)
#define COMPR_STATELESS (COMPR_LZS)
#endif
#define COMPR_ALL (COMPR_STATELESS | COMPR_DEFLATE)
struct keepalive_info {
int dpd;
......
......@@ -11,6 +11,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
.OP \-k,\-\-sslkey key
.OP \-C,\-\-cookie cookie
.OP \-\-cookie\-on\-stdin
.OP \-\-compression MODE
.OP \-d,\-\-deflate
.OP \-D,\-\-no\-deflate
.OP \-\-force\-dpd interval
......@@ -125,18 +126,37 @@ which may be either a file name or, if OpenConnect has been built with an approp
version of GnuTLS, a PKCS#11 URL.
.TP
.B \-C,\-\-cookie=COOKIE
Use WebVPN cookie
Use WebVPN cookie.
.I COOKIE
.TP
.B \-\-cookie\-on\-stdin
Read cookie from standard input
Read cookie from standard input.
.TP
.B \-d,\-\-deflate
Enable compression (default)
Enable all compression, including stateful modes. By default, only stateless
compression algorithms are enabled.
.TP
.B \-D,\-\-no\-deflate
Disable compression
Disable all compression.
.TP
.B \-\-compression=MODE
Set compression mode, where
.I MODE
is one of
.I "stateless"
,
.I "none"
, or
.I "all".
By default, only stateless compression algorithms which do not maintain state
from one packet to the next (and which can be used on UDP transports) are
enabled. By setting the mode to
.I "all"
stateful algorithms (currently only zlib deflate) can be enabled. Or all
compression can be disabled by setting the mode to
.I "none".
.B \-\-force\-dpd=INTERVAL
Use
.I INTERVAL
......
......@@ -29,9 +29,12 @@
#endif
#define OPENCONNECT_API_VERSION_MAJOR 5
#define OPENCONNECT_API_VERSION_MINOR 0
#define OPENCONNECT_API_VERSION_MINOR 1
/*
* API version 5.1:
* - Add openconnect_set_compression_mode().
*
* API version 5.0:
* - Remove OPENCONNECT_X509 and openconnect_get_peer_cert().
* - Change openconnect_get_cert_der() to openconnect_get_peer_cert_DER() etc.
......@@ -279,6 +282,12 @@ typedef enum {
OC_TOKEN_MODE_YUBIOATH,
} oc_token_mode_t;
typedef enum {
OC_COMPRESSION_MODE_NONE,
OC_COMPRESSION_MODE_STATELESS,
OC_COMPRESSION_MODE_ALL,
} oc_compression_mode_t;
/* All strings are UTF-8. If operating in a legacy environment where
nl_langinfo(CODESET) returns anything other than UTF-8, or on Windows,
the library will take appropriate steps to convert back to the legacy
......@@ -380,6 +389,9 @@ int openconnect_set_token_mode(struct openconnect_info *,
/* Legacy stoken-only function; do not use */
int openconnect_set_stoken_mode(struct openconnect_info *, int, const char *);
int openconnect_set_compression_mode(struct openconnect_info *,
oc_compression_mode_t);
/* The size must be 41 bytes, since that's the size of a 20-byte SHA1
represented as hex with a trailing NUL. */
void openconnect_set_xmlsha1(struct openconnect_info *, const char *, int size);
......
......@@ -15,6 +15,7 @@
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
<li>Add <tt>--compression</tt> argument and <tt>openconnect_set_compression_mode()</tt>.</li>
<li>Add support for LZS compression <i>(compatible with latest Cisco ASA and ocserv)</i>.</li>
<li>Add support for <a href="https://code.google.com/p/lz4/">LZ4</a> compression <i>(compatible with ocserv)</i>.</li>
</ul><br/>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment