} else if (!strcmp(dtls_opt->option + 7, "Port")) {
dtls_port = atol(dtls_opt->value);
} else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
- vpninfo->dtls_keepalive = atol(dtls_opt->value);
+ vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
} else if (!strcmp(dtls_opt->option + 7, "DPD")) {
- vpninfo->dtls_dpd = atol(dtls_opt->value);
+ vpninfo->dtls_times.dpd = atol(dtls_opt->value);
} else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
- vpninfo->dtls_rekey = atol(dtls_opt->value);
+ vpninfo->dtls_times.rekey = atol(dtls_opt->value);
}
dtls_opt = dtls_opt->next;
if (verbose)
printf("DTLS connected. DPD %d, Keepalive %d\n",
- vpninfo->dtls_dpd, vpninfo->dtls_keepalive);
+ vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive);
return 0;
}
}
/* DPD is bidirectional -- PKT 3 out, PKT 4 back */
- if (vpninfo->dtls_dpd) {
+ if (vpninfo->dtls_times.dpd) {
time_t now = time(NULL);
- time_t due = vpninfo->dtls_times.last_rx + vpninfo->dtls_dpd;
- time_t overdue = vpninfo->dtls_times.last_rx + (2 * vpninfo->dtls_dpd);
+ time_t due = vpninfo->dtls_times.last_rx + vpninfo->dtls_times.dpd;
+ time_t overdue = vpninfo->dtls_times.last_rx + (2 * vpninfo->dtls_times.dpd);
/* If we already have DPD outstanding, don't flood */
if (vpninfo->dtls_times.last_dpd > vpninfo->dtls_times.last_rx) {
printf("DTLS DPD outstanding. Will kill in %ld seconds\n",
overdue - now);
}
- due = vpninfo->dtls_times.last_dpd + vpninfo->dtls_dpd;
+ due = vpninfo->dtls_times.last_dpd + vpninfo->dtls_times.dpd;
}
if (now > overdue) {
fprintf(stderr, "DTLS Dead Peer Detection detected dead peer!\n");
SSL_write(vpninfo->dtls_ssl, dtls_dpd_pkt, 1);
vpninfo->dtls_times.last_dpd = vpninfo->dtls_times.last_tx = now;
- due = now + vpninfo->dtls_dpd;
+ due = now + vpninfo->dtls_times.dpd;
if (verbose)
printf("Sent DTLS DPD\n");
}
}
/* Keepalive is just client -> server */
- if (vpninfo->dtls_keepalive) {
+ if (vpninfo->dtls_times.keepalive) {
time_t now = time(NULL);
- time_t due = vpninfo->dtls_times.last_tx + vpninfo->dtls_keepalive;
+ time_t due = vpninfo->dtls_times.last_tx + vpninfo->dtls_times.keepalive;
if (now >= due) {
static unsigned char dtls_keepalive_pkt[1] = { 7 };
SSL_write(vpninfo->dtls_ssl, dtls_keepalive_pkt, 1);
vpninfo->dtls_times.last_tx = now;
- due = now + vpninfo->dtls_keepalive;
+ due = now + vpninfo->dtls_times.keepalive;
if (verbose)
printf("Sent DTLS Keepalive\n");
}
*timeout = (due - now) * 1000;
}
- if (vpninfo->dtls_rekey) {
+ if (vpninfo->dtls_times.rekey) {
time_t now = time(NULL);
- time_t due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_rekey;
+ time_t due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_times.rekey;
if (now >= due) {
if (verbose)
return 1;
}
vpninfo->dtls_times.last_rekey = time(NULL);
- due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_rekey;
+ due = vpninfo->dtls_times.last_rekey + vpninfo->dtls_times.rekey;
}
if (verbose)
printf("Next DTLS rekey due in %ld seconds\n", (due - now));
printf("DTLS option %s : %s\n", buf, colon);
if (!strcmp(buf + 7, "Keepalive")) {
- vpninfo->ssl_keepalive = atol(colon);
+ vpninfo->ssl_times.keepalive = atol(colon);
} else if (!strcmp(buf + 7, "DPD")) {
- vpninfo->ssl_dpd = atol(colon);
+ vpninfo->ssl_times.dpd = atol(colon);
} else if (!strcmp(buf + 7, "Content-Encoding")) {
if (!strcmp(colon, "deflate"))
vpninfo->deflate = 1;
vpninfo->vpn_netmask = "255.255.255.255";
if (verbose)
printf("SSL connected. DPD %d, Keepalive %d\n",
- vpninfo->ssl_dpd, vpninfo->ssl_keepalive);
+ vpninfo->ssl_times.dpd, vpninfo->ssl_times.keepalive);
BIO_set_nbio(SSL_get_rbio(vpninfo->https_ssl),1);
BIO_set_nbio(SSL_get_wbio(vpninfo->https_ssl),1);
}
/* DPD is bidirectional -- PKT 3 out, PKT 4 back */
- if (vpninfo->ssl_dpd) {
+ if (vpninfo->ssl_times.dpd) {
time_t now = time(NULL);
- time_t due = vpninfo->ssl_times.last_rx + vpninfo->ssl_dpd;
- time_t overdue = vpninfo->ssl_times.last_rx + (2 * vpninfo->ssl_dpd);
+ time_t due = vpninfo->ssl_times.last_rx + vpninfo->ssl_times.dpd;
+ time_t overdue = vpninfo->ssl_times.last_rx + (2 * vpninfo->ssl_times.dpd);
/* If we already have DPD outstanding, don't flood */
if (vpninfo->ssl_times.last_dpd > vpninfo->ssl_times.last_rx) {
printf("DTLS DPD outstanding. Will kill in %ld seconds\n",
overdue - now);
}
- due = vpninfo->ssl_times.last_dpd + vpninfo->ssl_dpd;
+ due = vpninfo->ssl_times.last_dpd + vpninfo->ssl_times.dpd;
}
if (now > overdue) {
fprintf(stderr, "SSL Dead Peer Detection detected dead peer!\n");
SSL_write(vpninfo->https_ssl, cstp_dpd, 8);
vpninfo->ssl_times.last_dpd = vpninfo->ssl_times.last_tx = now;
- due = now + vpninfo->ssl_dpd;
+ due = now + vpninfo->ssl_times.dpd;
if (verbose)
printf("Sent SSL DPD\n");
}
}
/* Keepalive is just client -> server */
- if (vpninfo->ssl_keepalive) {
+ if (vpninfo->ssl_times.keepalive) {
time_t now = time(NULL);
- time_t due = vpninfo->ssl_times.last_tx + vpninfo->ssl_keepalive;
+ time_t due = vpninfo->ssl_times.last_tx + vpninfo->ssl_times.keepalive;
if (now >= due) {
static unsigned char cstp_keepalive[8] =
SSL_write(vpninfo->https_ssl, cstp_keepalive, 8);
vpninfo->ssl_times.last_tx = now;
- due = now + vpninfo->ssl_keepalive;
+ due = now + vpninfo->ssl_times.keepalive;
if (verbose)
printf("Sent SSL Keepalive\n");
}