use delay_tunnel_reason for OC DTLS MTU detection and GPST ESP connec…

…tion delays As suggested here: https://gitlab.com/openconnect/openconnect/-/commit/55ffb457010974c05096a78ac917692b7fac664b#note_343873848 There's no clear rationale for using with Pulse/oNCP ESP setup (yet): - We don't do any MTU detection - Unlike GPST, we can start sending and receiving packets via the TLS tunnel immediately, while attempting to connect ESP as well. Signed-off-by: Daniel Lenski <dlenski@gmail.com>
sailfishos-mirror · Nov 16, 2020 · e855842 · e855842
1 parent 4fb6ff7
commit e855842
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 12 deletions.
diff --git a/cstp.c b/cstp.c
@@ -351,6 +351,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 			buf_free(dtls12_cl);
 		}
 		append_compr_types(reqbuf, "DTLS", vpninfo->req_compr & ~COMPR_DEFLATE);
+
+		vpninfo->delay_tunnel_reason = "DTLS MTU detection";
 	}
 #endif
 	buf_append(reqbuf, "\r\n");

diff --git a/dtls.c b/dtls.c
@@ -287,6 +287,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
 
 	if (vpninfo->dtls_state == DTLS_CONNECTING) {
 		dtls_try_handshake(vpninfo);
+		vpninfo->delay_tunnel_reason = "DTLS MTU detection";
 		return 0;
 	}
 

diff --git a/gpst.c b/gpst.c
@@ -567,9 +567,11 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_
 				}
 				if (openconnect_setup_esp_keys(vpninfo, 0))
 					vpn_progress(vpninfo, PRG_ERR, "Failed to setup ESP keys.\n");
-				else
+				else {
 					/* prevent race condition between esp_mainloop() and gpst_mainloop() timers */
 					vpninfo->dtls_times.last_rekey = time(&vpninfo->new_dtls_started);
+					vpninfo->delay_tunnel_reason = "awaiting GPST ESP connection";
+				}
 			}
 #else
 			vpn_progress(vpninfo, PRG_DEBUG, _("Ignoring ESP keys since ESP support not available in this build\n"));
@@ -1075,8 +1077,10 @@ int gpst_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
 	case DTLS_SECRET:
 	case DTLS_SLEEPING:
 		/* Allow 5 seconds after configuration for ESP to start */
-		if (!ka_check_deadline(timeout, time(NULL), vpninfo->new_dtls_started + 5))
+		if (!ka_check_deadline(timeout, time(NULL), vpninfo->new_dtls_started + 5)) {
+			vpninfo->delay_tunnel_reason = "awaiting GPST ESP connection";
 			return 0;
+		}
 
 		/* ... before we switch to HTTPS instead */
 		vpn_progress(vpninfo, PRG_ERR,

diff --git a/mainloop.c b/mainloop.c
@@ -205,16 +205,7 @@ int openconnect_mainloop(struct openconnect_info *vpninfo,
 			timeout = 1000;
 
 		if (!tun_is_up(vpninfo)) {
-			/* Postpone tun device creation after DTLS is connected so
-			 * we have a better knowledge of the link MTU. We also
-			 * force the creation if DTLS enters sleeping mode - i.e.,
-			 * we failed to connect on time. */
-			if (!tun_is_up(vpninfo) && (vpninfo->dtls_state == DTLS_CONNECTED ||
-			    vpninfo->dtls_state == DTLS_SLEEPING)) {
-				ret = setup_tun_device(vpninfo);
-				if (ret)
-					break;
-			} else if (vpninfo->delay_tunnel_reason) {
+			if (vpninfo->delay_tunnel_reason) {
 				vpn_progress(vpninfo, PRG_INFO, _("Delaying tunnel for %d ms with reason: %s\n"),
 					     timeout, vpninfo->delay_tunnel_reason);
 				/* XX: don't let this spin forever */