cstp: Propagate error status up to the mainloop

Mainloop callers may want to know whether the loop terminated due to
socket errors, cookie auth problems, or explicit server disconnects.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

cstp.c

@@ -771,7 +771,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 				     _("Received server disconnect: %02x '%s'\n"),
 				     buf[8], buf + 9);
 			vpninfo->quit_reason = "Server request";
-			return 1;
+			return -EPIPE;
 		}
 		case AC_PKT_COMPRESSED:
 			if (!vpninfo->deflate) {
@@ -786,7 +786,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		case AC_PKT_TERM_SERVER:
 			vpn_progress(vpninfo, PRG_ERR, _("received server terminate packet\n"));
 			vpninfo->quit_reason = "Server request";
-			return 1;
+			return -EPIPE;
 		}
 
 	unknown_pkt:
@@ -870,10 +870,11 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("CSTP Dead Peer Detection detected dead peer!\n"));
 	do_reconnect:
-		if (cstp_reconnect(vpninfo)) {
+		ret = cstp_reconnect(vpninfo);
+		if (ret) {
 			vpn_progress(vpninfo, PRG_ERR, _("Reconnect failed\n"));
 			vpninfo->quit_reason = "CSTP reconnect failed";
-			return 1;
+			return ret;
 		}
 		/* I think we can leave DTLS to its own devices; when we reconnect
 		   with the same master secret, we do seem to get the same sessid */

dtls.c

@@ -767,20 +767,24 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 	}
 
 	switch (keepalive_action(&vpninfo->dtls_times, timeout)) {
-	case KA_REKEY:
+	case KA_REKEY: {
+		int ret;
+
 		vpn_progress(vpninfo, PRG_INFO, _("DTLS rekey due\n"));
 
 		/* There ought to be a method of rekeying DTLS without tearing down
 		   the CSTP session and restarting, but we don't (yet) know it */
-		if (cstp_reconnect(vpninfo)) {
+		ret = cstp_reconnect(vpninfo);
+		if (ret) {
 			vpn_progress(vpninfo, PRG_ERR, _("Reconnect failed\n"));
 			vpninfo->quit_reason = "CSTP reconnect failed";
-			return 1;
+			return ret;
 		}
 
 		if (dtls_restart(vpninfo))
 			vpn_progress(vpninfo, PRG_ERR, _("DTLS rekey failed\n"));
 		return 1;
+	}
 
 	case KA_DPD_DEAD:
 		vpn_progress(vpninfo, PRG_ERR, _("DTLS Dead Peer Detection detected dead peer!\n"));

mainloop.c

@@ -54,8 +54,16 @@ int queue_new_packet(struct pkt **q, void *buf, int len)
 	return 0;
 }
 
+/* Return value:
+ *  = -EINTR, if aborted locally via cmd_fd
+ *  = -EPIPE, if the remote end explicitly terminated the session
+ *  = -EPERM, if the gateway sent 401 Unauthorized (cookie expired)
+ *  < 0, for any other error
+ */
 int vpn_mainloop(struct openconnect_info *vpninfo)
 {
+	int ret = 0;
+
 	if (vpninfo->cmd_fd != -1) {
 		FD_SET(vpninfo->cmd_fd, &vpninfo->select_rfds);
 		if (vpninfo->cmd_fd >= vpninfo->select_nfds)
@@ -77,15 +85,18 @@ int vpn_mainloop(struct openconnect_info *vpninfo)
 			vpn_progress(vpninfo, PRG_TRACE, _("Attempt new DTLS connection\n"));
 			connect_dtls_socket(vpninfo);
 		}
-		if (vpninfo->dtls_ssl)
-			did_work += dtls_mainloop(vpninfo, &timeout);
+		if (vpninfo->dtls_ssl) {
+			ret = dtls_mainloop(vpninfo, &timeout);
+			did_work += ret;
+		}
 #endif
 		if (vpninfo->quit_reason)
 			break;
 
-		did_work += cstp_mainloop(vpninfo, &timeout);
+		ret = cstp_mainloop(vpninfo, &timeout);
 		if (vpninfo->quit_reason)
 			break;
+		did_work += ret;
 
 		/* Tun must be last because it will set/clear its bit
 		   in the select_rfds according to the queue length */
@@ -96,6 +107,7 @@ int vpn_mainloop(struct openconnect_info *vpninfo)
 		poll_cmd_fd(vpninfo, 0);
 		if (vpninfo->got_cancel_cmd) {
 			vpninfo->quit_reason = "Aborted by caller";
+			ret = -EINTR;
 			break;
 		}
 
@@ -117,7 +129,7 @@ int vpn_mainloop(struct openconnect_info *vpninfo)
 	cstp_bye(vpninfo, vpninfo->quit_reason);
 
 	shutdown_tun(vpninfo);
-	return 0;
+	return ret < 0 ? ret : -EIO;
 }
 
 /* Called when the socket is unwritable, to get the deadline for DPD.