Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

As suggested here: https://gitlab.com/openconnect/openconnect/-/commit/55ffb457010974c05096a78ac917692b7fac664b#note_343873848

There's no clear rationale for using with Pulse/oNCP ESP setup (yet):
- We don't do any MTU detection
- Unlike GPST, we can start sending and receiving packets via the TLS tunnel
  immediately, while attempting to connect ESP as well.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>

- As long as the protocol-specific mainloop sets delay_tunnel_reason to a non-NULL value, tunnel
  device creation will be delayed.

- If delay_close is set, mainloop will continue to iterate even if cancel_cmd or pause_cmd is set.

  A protocol should set DELAY_CLOSE_IMMEDIATE_CALLBACK for the case where its mainloop needs an
  immediate callback (e.g. to send some kind of termination request), and DELAY_CLOSE_WAIT for the
  case where its mainloop is waiting to receive something (e.g. a termination acknowledgement).

openconnect_mainloop() will unset both delay_tunnel_reason and delay_close on each iteration. A
protocol mainloop must thus affirmatively extend a delay in order for it to continue.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Tested with both AnyConnect (DTLS) and GlobalProtect (ESP).

Also, update the manual and `--help` to explain `--passtos` a little more.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Bring DTLS into line with everything else, as with commit 0281a8e1.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

By removing the unneeded reads from file descriptors that we know aren't
readable, ESP TX performance goes from 1700Mb/s to 1760Mb/s on my current
test setup.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

If the mainloop is paused and then resumed, DTLS will attempt to
reconnect at the same time as CSTP.  When DTLS-PSK is in use,
gnutls_prf() will be called on a NULL vpninfo->https_sess pointer.
Avoid this by deferring DTLS resumption until CSTP has reconnected, if
DTLS-PSK is in use.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

If a protocol wishes to have dtls_state set to DTLS_SLEEPING after closing
UDP, then it must now do so explicitly, because the mainloop will no longer
set it.  This patch make both existing protocols set dtls_state explicitly
after closing the UDP connection.  (The nc protocol already did so
explicitly, but the anyconnect protocol didn't.)

The previous behavior, wherein dtls_state was *always* set to DTLS_SLEEPING
after closing UDP, was incompatible with the GlobalProtect VPN.
Disconnecting and reconnecting GlobalProtect VPN doesn't just require
require reconnecting the UDP socket and resending probes; it actually
invalidates any previously-obtained ESP secret.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

That allows the hash provided to the client to be the RFC7469 key PIN.
That is, a base64 encoding of the public key sha256 hash instead of the hex
equivalent. That reduces the number of characters that need to be typed.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

This will allow switching to other representation formats for output
or input of public key PIN. For example to the RFC7469 key PIN.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Currently when TCP SSL fails reconnect attempt happens. This attempts tries to establish DTLS connection regadless if it existed before. Code ends up in infinite loop doing that.
This changes fixes this by disabling DTLS at startup if DTLS connection cannot be established.
Also change ESP handling code to not reenable DTLS on ESP close.
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

That is being used by openconnect_bin2hex() for hex-encoding.

[dwmw2: Clean up buf error handling in openconnect_bin2hex()]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

That is, generate and print a SHA256 hash by default, while also
accept the old 'sha1:' type of certificate hashes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Most importantly, in some circumstances it was setting the "detected"
MTU to the value of the first *failing* packet size, not the last
working one. But also fix up various other issues too, and optimise it
for the common case where the negotiated MTU *is* actually working.

There are still issues with the way we choose the next candidate address,
and it might never reach the actual best MTU. But it's better than it was.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

This can move to the library-specific *-dtls.c files too.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

There are still some #ifdefs but it's a lot nicer now.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

These can look like ESP now too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: Piotr Kubaj <pkubaj@anongoth.pl>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

I think i fix some gnutls connection errors which can be handled but are
terminating the whole session.
For some gnutls methods it is valid to retry last operation if
GNUTLS_E_INTERRUPTED is set.
So i moved or add GNUTLS_E_INTERRUPTED to the non-fatal retry scenarios.
Maybe i do not find all possible cases to add GNUTLS_E_INTERRUPTED.
Please have a look to all cases of GNUTLS_E_AGAIN usages. It might be
possible to add more GNUTLS_E_INTERRUPTED.

For me this works fine with a cisco asa.
Signed-off-by: Thorsten Bonhagen <Thorsten.Bonhagen@tbon.de>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Not sure if the --passtos is actually going to *work* on Windows, but it
shouldn't do any harm if it isn't used. Shut it up.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

This allows prioritised queuing of outbound packets. It is only of local
significance (and importance) as it will influence queueing on the CPE
which is typically the only place where this will be in effect. And the
most effective place as the CPE is usually the bottleneck where all
applications compete for limited upstream bandwidth.

SPs do set the DSCP to 0 anyway at the trust boundary (which is the next
hop from the CPE). Same goes for large corporations which also either
reset the DSCP or have it set according to their policy, not the user's.

It is implemented as an 'opt-in' using the --passtos command line switch
in accordance with the OpenVPN implementation
Signed-off-by: Ralph Schmieder <ralph.schmieder@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

This patch fixes issues in base_mtu value calcuation (previously it was
never calculated), and ensures that this value is always present. This
value provides the server of an estimation of the link (or path) MTU between
the server and the client, is much simpler to calculate than the tunnel MTU
(does not rely on an estimation of the negotiated DTLS ciphers). As such
it can provide the server with more reliable information than the X-CSTP-MTU
value.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

mingw32 does not have <netinet/in.h> or <sys/socket.h> headers.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Unfortunately this feature is not yet supported under NaCl, and it
results in a compile error.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix the length argument and return value checks.  Caught by clang
warnings.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

[dwmw2: Hide uid_csd and uid_csd_given too]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

That's because there is no RSA variant in draft-ietf-tls-chacha20-poly1305-03
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

This uses binary search for IPv4 MTU detection and the usage of
the MTU field in the ICMP6 packet too big message.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

The SSLeay() function was renamed. If we're building against 1.1.0 then
there's no point anyway, as we were only checking for a fairly unlikely
failure mode (built against 1.0.0e+ but running against something older).
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Commit 287f535a ("Print the compression algorithm name after DTLS is
connected") broke the OpenSSL build. Reported by Kamil Skowron.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>