2 * Open AnyConnect (SSL + DTLS) client
4 * © 2008 David Woodhouse <dwmw2@infradead.org>
6 * Permission to use, copy, modify, and/or distribute this software
7 * for any purpose with or without fee is hereby granted, provided
8 * that the above copyright notice and this permission notice appear
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
12 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
13 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
14 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
15 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
16 * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
17 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
18 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24 #include <sys/select.h>
26 #include <arpa/inet.h>
28 #include "anyconnect.h"
30 void queue_packet(struct pkt **q, struct pkt *new)
39 int queue_new_packet(struct pkt **q, int type, void *buf, int len)
41 struct pkt *new = malloc(sizeof(struct pkt) + len);
48 memcpy(new->data, buf, len);
53 int vpn_add_pollfd(struct anyconnect_info *vpninfo, int fd, short events)
56 vpninfo->pfds = realloc(vpninfo->pfds, sizeof(struct pollfd) * vpninfo->nfds);
58 fprintf(stderr, "Failed to reallocate pfds\n");
61 vpninfo->pfds[vpninfo->nfds - 1].fd = fd;
62 vpninfo->pfds[vpninfo->nfds - 1].events = events;
64 return vpninfo->nfds - 1;
69 static void handle_sigint(int sig)
74 int vpn_mainloop(struct anyconnect_info *vpninfo)
77 memset(&sa, 0, sizeof(sa));
78 sa.sa_handler = handle_sigint;
80 sigaction(SIGINT, &sa, NULL);
81 sigaction(SIGHUP, &sa, NULL);
83 while (!vpninfo->quit_reason) {
85 int timeout = INT_MAX;
87 if (vpninfo->dtls_fd != -1)
88 did_work += dtls_mainloop(vpninfo, &timeout);
90 if (vpninfo->quit_reason)
93 did_work += ssl_mainloop(vpninfo, &timeout);
94 if (vpninfo->quit_reason)
97 did_work += tun_mainloop(vpninfo, &timeout);
98 if (vpninfo->quit_reason)
102 if (killed == SIGHUP)
103 vpninfo->quit_reason = "Client received SIGHUP";
104 else if (killed == SIGINT)
105 vpninfo->quit_reason = "Client received SIGINT";
107 vpninfo->quit_reason = "Client killed";
115 printf("Did no work; sleeping for %d ms...\n", timeout);
117 poll(vpninfo->pfds, vpninfo->nfds, timeout);
118 if (vpninfo->pfds[vpninfo->ssl_pfd].revents & POLL_HUP) {
119 fprintf(stderr, "Server closed connection!\n");
120 /* OpenSSL doesn't seem to cope properly with this... */
125 ssl_bye(vpninfo, vpninfo->quit_reason);
126 printf("Sent quit message: %s\n", vpninfo->quit_reason);
128 if (vpninfo->vpnc_script) {
129 setenv("TUNDEV", vpninfo->ifname, 1);
130 setenv("reason", "disconnect", 1);
131 system(vpninfo->vpnc_script);
137 int keepalive_action(struct keepalive_info *ka, int *timeout)
139 time_t now = time(NULL);
142 time_t due = ka->last_rekey + ka->rekey;
148 printf("Rekey in %d seconds\n", (int)(due - now));
149 if (*timeout > (due - now) * 1000)
150 *timeout = (due - now) * 1000;
153 /* DPD is bidirectional -- PKT 3 out, PKT 4 back */
155 time_t due = ka->last_rx + ka->dpd;
156 time_t overdue = ka->last_rx + (2 * ka->dpd);
158 /* Peer didn't respond */
162 /* If we already have DPD outstanding, don't flood. Repeat by
163 all means, but only after half the DPD period. */
164 if (ka->last_dpd > ka->last_rx)
165 due = ka->last_dpd + ka->dpd / 2;
167 /* We haven't seen a packet from this host for $DPD seconds.
168 Prod it to see if it's still alive */
175 printf("DPD in %d seconds\n", (int)(due - now));
176 if (*timeout > (due - now) * 1000)
177 *timeout = (due - now) * 1000;
180 /* Keepalive is just client -> server */
182 time_t due = ka->last_tx + ka->keepalive;
184 /* If we haven't sent anything for $KEEPALIVE seconds, send a
185 dummy packet (which the server will discard) */
190 printf("KA in %d seconds\n", (int)(due - now));
191 if (*timeout > (due - now) * 1000)
192 *timeout = (due - now) * 1000;