/*
- * Open AnyConnect (SSL + DTLS) client
+ * OpenConnect (SSL + DTLS) VPN client
*
- * © 2008 David Woodhouse <dwmw2@infradead.org>
+ * Copyright © 2008-2011 Intel Corporation.
*
- * This library is free software; you can redistribute it and/or
+ * Author: David Woodhouse <dwmw2@infradead.org>
+ *
+ * This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
+ * version 2.1, as published by the Free Software Foundation.
*
- * This library is distributed in the hope that it will be useful, but
+ * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
#include <poll.h>
#include <limits.h>
#include <sys/select.h>
+#include <stdlib.h>
#include <signal.h>
-#include <arpa/inet.h>
#include <unistd.h>
+#include <string.h>
-#include "openconnect.h"
+#include "openconnect-internal.h"
void queue_packet(struct pkt **q, struct pkt *new)
{
*q = new;
}
-int queue_new_packet(struct pkt **q, int type, void *buf, int len)
+int queue_new_packet(struct pkt **q, void *buf, int len)
{
struct pkt *new = malloc(sizeof(struct pkt) + len);
if (!new)
return -ENOMEM;
- new->type = type;
new->len = len;
new->next = NULL;
memcpy(new->data, buf, len);
return 0;
}
-static int killed;
+int killed;
static void handle_sigint(int sig)
{
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_handler = handle_sigint;
-
+
+ sigaction(SIGTERM, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGHUP, &sa, NULL);
struct timeval tv;
fd_set rfds, wfds, efds;
+#ifdef HAVE_DTLS
if (vpninfo->new_dtls_ssl)
dtls_try_handshake(vpninfo);
if (vpninfo->dtls_attempt_period && !vpninfo->dtls_ssl && !vpninfo->new_dtls_ssl &&
vpninfo->new_dtls_started + vpninfo->dtls_attempt_period < time(NULL)) {
- vpninfo->progress(vpninfo, PRG_TRACE, "Attempt new DTLS connection\n");
+ vpn_progress(vpninfo, PRG_TRACE, _("Attempt new DTLS connection\n"));
connect_dtls_socket(vpninfo);
}
if (vpninfo->dtls_ssl)
did_work += dtls_mainloop(vpninfo, &timeout);
-
+#endif
if (vpninfo->quit_reason)
break;
did_work += cstp_mainloop(vpninfo, &timeout);
if (vpninfo->quit_reason)
break;
-
+
+ /* Tun must be last because it will set/clear its bit
+ in the select_rfds according to the queue length */
did_work += tun_mainloop(vpninfo, &timeout);
if (vpninfo->quit_reason)
break;
if (did_work)
continue;
- vpninfo->progress(vpninfo, PRG_TRACE,
- "Did no work; sleeping for %d ms...\n", timeout);
+ vpn_progress(vpninfo, PRG_TRACE,
+ _("No work to do; sleeping for %d ms...\n"), timeout);
memcpy(&rfds, &vpninfo->select_rfds, sizeof(rfds));
memcpy(&wfds, &vpninfo->select_wfds, sizeof(wfds));
memcpy(&efds, &vpninfo->select_efds, sizeof(efds));
tv.tv_sec = timeout / 1000;
- tv.tv_usec = (timeout * 1000) % 1000000;
- if (select(vpninfo->select_nfds, &rfds, &wfds, &efds, &tv) >= 0
- && FD_ISSET(vpninfo->ssl_fd, &efds)) {
- /* OpenSSL doesn't seem to cope properly with this... */
- vpninfo->progress(vpninfo, PRG_ERR, "Server closed connection!\n");
- exit(1);
- }
+ tv.tv_usec = (timeout % 1000) * 1000;
+
+ select(vpninfo->select_nfds, &rfds, &wfds, &efds, &tv);
}
cstp_bye(vpninfo, vpninfo->quit_reason);
- vpninfo->progress(vpninfo, PRG_INFO, "Sent quit message: %s\n", vpninfo->quit_reason);
-
- if (vpninfo->vpnc_script) {
- if (vpninfo->script_tun) {
- kill(vpninfo->script_tun, SIGHUP);
- close(vpninfo->tun_fd);
- } else {
- setenv("TUNDEV", vpninfo->ifname, 1);
- setenv("reason", "disconnect", 1);
- system(vpninfo->vpnc_script);
- }
- }
+ shutdown_tun(vpninfo);
return 0;
}
/* Called when the socket is unwritable, to get the deadline for DPD.
Returns 1 if DPD deadline has already arrived. */
-int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout)
+int ka_stalled_action(struct keepalive_info *ka, int *timeout)
{
- time_t now, due;
+ time_t due, now = time(NULL);
+
+ if (ka->rekey) {
+ due = ka->last_rekey + ka->rekey;
+
+ if (now >= due)
+ return KA_REKEY;
+
+ if (*timeout > (due - now) * 1000)
+ *timeout = (due - now) * 1000;
+ }
if (!ka->dpd)
- return 0;
+ return KA_NONE;
- time(&now);
due = ka->last_rx + (2 * ka->dpd);
if (now > due)
- return 1;
+ return KA_DPD_DEAD;
if (*timeout > (due - now) * 1000)
*timeout = (due - now) * 1000;
- return 0;
+ return KA_NONE;
}