From cf3b1484f045eb42fa65a1731762ac646e5b7f07 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Sun, 25 Jan 2015 16:46:12 +0000
Subject: [PATCH] Add --compression argument and
 openconnect_set_compression_mode()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 libopenconnect.map.in  |  1 +
 library.c              | 17 +++++++++++++++++
 main.c                 | 16 ++++++++++++++++
 openconnect-internal.h |  5 +++--
 openconnect.8.in       | 28 ++++++++++++++++++++++++----
 openconnect.h          | 14 +++++++++++++-
 www/changelog.xml      |  1 +
 7 files changed, 75 insertions(+), 7 deletions(-)

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 4d0d0050..6d474576 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -32,6 +32,7 @@ OPENCONNECT_5.0 {
 	openconnect_set_cancel_fd;
 	openconnect_set_cert_expiry_warning;
 	openconnect_set_client_cert;
+	openconnect_set_compression_mode;
 	openconnect_set_csd_environ;
 	openconnect_set_dpd;
 	openconnect_set_hostname;
diff --git a/library.c b/library.c
index f9f66e49..74e90879 100644
--- a/library.c
+++ b/library.c
@@ -824,3 +824,20 @@ const char *openconnect_get_peer_cert_hash(struct openconnect_info *vpninfo)
 {
 	return vpninfo->peer_cert_hash;
 }
+int openconnect_set_compression_mode(struct openconnect_info *vpninfo,
+				     oc_compression_mode_t mode)
+{
+	switch(mode) {
+	case OC_COMPRESSION_MODE_NONE:
+		vpninfo->req_compr = 0;
+		return 0;
+	case OC_COMPRESSION_MODE_STATELESS:
+		vpninfo->req_compr = COMPR_STATELESS;
+		return 0;
+	case OC_COMPRESSION_MODE_ALL:
+		vpninfo->req_compr = COMPR_ALL;
+		return 0;
+	default:
+		return -EINVAL;
+	}
+}
diff --git a/main.c b/main.c
index f05a228d..dd494006 100644
--- a/main.c
+++ b/main.c
@@ -148,6 +148,7 @@ enum {
 	OPT_AUTHGROUP,
 	OPT_BASEMTU,
 	OPT_CAFILE,
+	OPT_COMPRESSION,
 	OPT_CONFIGFILE,
 	OPT_COOKIEONLY,
 	OPT_COOKIE_ON_STDIN,
@@ -207,6 +208,7 @@ static const struct option long_options[] = {
 	OPTION("certificate", 1, 'c'),
 	OPTION("sslkey", 1, 'k'),
 	OPTION("cookie", 1, 'C'),
+	OPTION("compression", 1, OPT_COMPRESSION),
 	OPTION("deflate", 0, 'd'),
 	OPTION("no-deflate", 0, 'D'),
 	OPTION("cert-expire-warning", 1, 'e'),
@@ -1068,6 +1070,20 @@ int main(int argc, char **argv)
 			config_line_num = 1;
 			/* The next option will come from the file... */
 			break;
+		case OPT_COMPRESSION:
+			if (!strcmp(config_arg, "none") ||
+			    !strcmp(config_arg, "off"))
+				openconnect_set_compression_mode(vpninfo, OC_COMPRESSION_MODE_NONE);
+			else if (!strcmp(config_arg, "all"))
+				openconnect_set_compression_mode(vpninfo, OC_COMPRESSION_MODE_ALL);
+			else if (!strcmp(config_arg, "stateless"))
+				openconnect_set_compression_mode(vpninfo, OC_COMPRESSION_MODE_STATELESS);
+			else {
+				fprintf(stderr, _("Invalid compression mode '%s'\n"),
+					config_arg);
+				exit(1);
+			}
+			break;
 		case OPT_CAFILE:
 			openconnect_set_cafile(vpninfo, dup_config_arg());
 			break;
diff --git a/openconnect-internal.h b/openconnect-internal.h
index fbbce8af..ccc55f0f 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -145,10 +145,11 @@ struct pkt {
 #define COMPR_LZ4	(1<<2)
 
 #ifdef HAVE_LZ4
-#define COMPR_ALL	(COMPR_DEFLATE | COMPR_LZS | COMPR_LZ4)
+#define COMPR_STATELESS	(COMPR_LZS | COMPR_LZ4)
 #else
-#define COMPR_ALL	(COMPR_DEFLATE | COMPR_LZS)
+#define COMPR_STATELESS	(COMPR_LZS)
 #endif
+#define COMPR_ALL	(COMPR_STATELESS | COMPR_DEFLATE)
 
 struct keepalive_info {
 	int dpd;
diff --git a/openconnect.8.in b/openconnect.8.in
index 4b9cbb44..cea5a8f7 100644
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -11,6 +11,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .OP \-k,\-\-sslkey key
 .OP \-C,\-\-cookie cookie
 .OP \-\-cookie\-on\-stdin
+.OP \-\-compression MODE
 .OP \-d,\-\-deflate
 .OP \-D,\-\-no\-deflate
 .OP \-\-force\-dpd interval
@@ -125,18 +126,37 @@ which may be either a file name or, if OpenConnect has been built with an approp
 version of GnuTLS, a PKCS#11 URL.
 .TP
 .B \-C,\-\-cookie=COOKIE
-Use WebVPN cookie
+Use WebVPN cookie.
 .I COOKIE
 .TP
 .B \-\-cookie\-on\-stdin
-Read cookie from standard input
+Read cookie from standard input.
 .TP
 .B \-d,\-\-deflate
-Enable compression (default)
+Enable all compression, including stateful modes. By default, only stateless
+compression algorithms are enabled.
 .TP
 .B \-D,\-\-no\-deflate
-Disable compression
+Disable all compression.
 .TP
+.B \-\-compression=MODE
+Set compression mode, where
+.I MODE
+is one of
+.I "stateless"
+,
+.I "none"
+, or
+.I "all".
+
+By default, only stateless compression algorithms which do not maintain state
+from one packet to the next (and which can be used on UDP transports) are
+enabled. By setting the mode to
+.I "all"
+stateful algorithms (currently only zlib deflate) can be enabled. Or all
+compression can be disabled by setting the mode to
+.I "none".
+
 .B \-\-force\-dpd=INTERVAL
 Use
 .I INTERVAL
diff --git a/openconnect.h b/openconnect.h
index a7800d93..03ba4373 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -29,9 +29,12 @@
 #endif
 
 #define OPENCONNECT_API_VERSION_MAJOR 5
-#define OPENCONNECT_API_VERSION_MINOR 0
+#define OPENCONNECT_API_VERSION_MINOR 1
 
 /*
+ * API version 5.1:
+ *  - Add openconnect_set_compression_mode().
+ *
  * API version 5.0:
  *  - Remove OPENCONNECT_X509 and openconnect_get_peer_cert().
  *  - Change openconnect_get_cert_der() to openconnect_get_peer_cert_DER() etc.
@@ -279,6 +282,12 @@ typedef enum {
 	OC_TOKEN_MODE_YUBIOATH,
 } oc_token_mode_t;
 
+typedef enum {
+	OC_COMPRESSION_MODE_NONE,
+	OC_COMPRESSION_MODE_STATELESS,
+	OC_COMPRESSION_MODE_ALL,
+} oc_compression_mode_t;
+
 /* All strings are UTF-8. If operating in a legacy environment where
    nl_langinfo(CODESET) returns anything other than UTF-8, or on Windows,
    the library will take appropriate steps to convert back to the legacy
@@ -380,6 +389,9 @@ int openconnect_set_token_mode(struct openconnect_info *,
 /* Legacy stoken-only function; do not use */
 int openconnect_set_stoken_mode(struct openconnect_info *, int, const char *);
 
+int openconnect_set_compression_mode(struct openconnect_info *,
+				     oc_compression_mode_t);
+
 /* The size must be 41 bytes, since that's the size of a 20-byte SHA1
    represented as hex with a trailing NUL. */
 void openconnect_set_xmlsha1(struct openconnect_info *, const char *, int size);
diff --git a/www/changelog.xml b/www/changelog.xml
index dfd823bf..104ca525 100644
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -15,6 +15,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
+       <li>Add <tt>--compression</tt> argument and <tt>openconnect_set_compression_mode()</tt>.</li>
        <li>Add support for LZS compression <i>(compatible with latest Cisco ASA and ocserv)</i>.</li>
        <li>Add support for <a href="https://code.google.com/p/lz4/">LZ4</a> compression <i>(compatible with ocserv)</i>.</li>
      </ul><br/>