Commit f739310d authored by David Woodhouse's avatar David Woodhouse

Add --dump-http-traffic option

I'm tired of manually doing this and asking people to apply a patch before
re-testing.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 1b7537d7
......@@ -816,6 +816,32 @@ static int handle_redirect(struct openconnect_info *vpninfo)
}
}
static void dump_buf(struct openconnect_info *vpninfo, char prefix, char *buf)
{
while (*buf) {
char *eol = buf;
char eol_char = 0;
while (*eol) {
if (*eol == '\r' || *eol == '\n') {
eol_char = *eol;
*eol = 0;
break;
}
eol++;
}
vpn_progress(vpninfo, PRG_TRACE, "%c %s\n", prefix, buf);
if (!eol_char)
break;
*eol = eol_char;
buf = eol + 1;
if (eol_char == '\r' && *buf == '\n')
buf++;
}
}
/* Inputs:
* method: GET or POST
* vpninfo->hostname: Host DNS name
......@@ -895,6 +921,9 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
}
}
if (vpninfo->dump_http_traffic)
dump_buf(vpninfo, '>', buf->data);
result = openconnect_SSL_write(vpninfo, buf->data, buf->pos);
if (rq_retry && result < 0) {
openconnect_close_https(vpninfo, 0);
......@@ -909,6 +938,8 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
/* We'll already have complained about whatever offended us */
return buflen;
}
if (vpninfo->dump_http_traffic && *form_buf)
dump_buf(vpninfo, '<', *form_buf);
if (result != 200 && vpninfo->redirect_url) {
result = handle_redirect(vpninfo);
......
......@@ -95,6 +95,7 @@ enum {
OPT_CSD_WRAPPER,
OPT_DISABLE_IPV6,
OPT_DTLS_CIPHERS,
OPT_DUMP_HTTP,
OPT_FORCE_DPD,
OPT_KEY_PASSWORD_FROM_FSID,
OPT_LIBPROXY,
......@@ -182,6 +183,7 @@ static struct option long_options[] = {
OPTION("token-secret", 1, OPT_TOKEN_SECRET),
OPTION("os", 1, OPT_OS),
OPTION("no-xmlpost", 0, OPT_NO_XMLPOST),
OPTION("dump-http-traffic", 0, OPT_DUMP_HTTP),
OPTION(NULL, 0, 0)
};
......@@ -276,6 +278,7 @@ static void usage(void)
printf(" -u, --user=NAME %s\n", _("Set login username"));
printf(" -V, --version %s\n", _("Report version number"));
printf(" -v, --verbose %s\n", _("More output"));
printf(" --dump-http-traffic %s\n", _("Dump HTTP authentication traffic (implies --verbose"));
printf(" -x, --xmlconfig=CONFIG %s\n", _("XML config file"));
printf(" --authgroup=GROUP %s\n", _("Choose authentication login selection"));
printf(" --authenticate %s\n", _("Authenticate only and print login info"));
......@@ -704,6 +707,8 @@ int main(int argc, char **argv)
case 'q':
verbose = PRG_ERR;
break;
case OPT_DUMP_HTTP:
vpninfo->dump_http_traffic = 1;
case 'v':
verbose = PRG_TRACE;
break;
......
......@@ -181,6 +181,7 @@ struct openconnect_info {
char *csd_wrapper;
int uid_csd_given;
int no_http_keepalive;
int dump_http_traffic;
int token_mode;
int token_bypassed;
......
......@@ -43,6 +43,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
.OP \-\-disable\-ipv6
.OP \-\-dtls\-ciphers list
.OP \-\-dtls\-local\-port port
.OP \-\-dump\-http\-traffic
.OP \-\-no\-cert\-check
.OP \-\-no\-dtls
.OP \-\-no\-http\-keepalive
......@@ -285,6 +286,15 @@ Do not advertise IPv6 capability to server
.B \-\-dtls\-ciphers=LIST
Set OpenSSL ciphers to support for DTLS
.TP
.B \-\-dtls\-local\-port=PORT
Use
.I PORT
as the local port for DTLS datagrams
.TP
.B \-\-dump\-http\-traffic
Enable verbose output of all HTTP requests and the bodies of all responses
received from the server.
.TP
.B \-\-no\-cert\-check
Do not require server SSL certificate to be valid. Checks will still happen
and failures will cause a warning message, but the connection will continue
......@@ -375,12 +385,6 @@ as 'User\-Agent:' field value in HTTP header.
OS type to report to gateway. Recognized values are: linux, linux-64, mac,
win. Reporting a different OS type may affect the security policy applied
to the VPN session.
.TP
.B \-\-dtls\-local\-port=PORT
Use
.I PORT
as the local port for DTLS datagrams
.SH LIMITATIONS
Note that although IPv6 has been tested on all platforms on which
.B openconnect
......
......@@ -17,6 +17,7 @@
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
<li>Add <tt>--dump-http-traffic</tt> option for debugging.</li>
<li>Be more permissive in parsing XML forms.</li>
<li>Use original URL when falling back to non-XML POST mode.</li>
<li>Add <tt>--no-xmlpost</tt> option to revert to older, compatible behaviour.</li>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment