Add --force-dpd option

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/cstp.c b/cstp.c
index bc83452..20009d2 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -207,7 +207,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
                if (!strcmp(buf + 7, "Keepalive")) {
                        vpninfo->ssl_times.keepalive = atol(colon);
                } else if (!strcmp(buf + 7, "DPD")) {
-                       vpninfo->ssl_times.dpd = atol(colon);
+                       int j = atol(colon);
+                       if (j && (!vpninfo->ssl_times.dpd || j < vpninfo->ssl_times.dpd))
+                               vpninfo->ssl_times.dpd = j;
                } else if (!strcmp(buf + 7, "Content-Encoding")) {
                        if (!strcmp(colon, "deflate"))
                                vpninfo->deflate = 1;

diff --git a/dtls.c b/dtls.c
index d8839ae..507949f 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -353,7 +353,9 @@ int setup_dtls(struct openconnect_info *vpninfo)
                } else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
                        vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
                } else if (!strcmp(dtls_opt->option + 7, "DPD")) {
-                       vpninfo->dtls_times.dpd = atol(dtls_opt->value);
+                       int j = atol(dtls_opt->value);
+                       if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd))
+                               vpninfo->dtls_times.dpd = j;
                } else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
                        vpninfo->dtls_times.rekey = atol(dtls_opt->value);
                } else if (!strcmp(dtls_opt->option + 7, "CipherSuite")) {

diff --git a/main.c b/main.c
index 33c7a54..4f8bec5 100644 (file)
--- a/main.c
+++ b/main.c
@@ -100,6 +100,7 @@ static struct option long_options[] = {
        {"libproxy", 0, 0, 0x07},
        {"no-http-keepalive", 0, 0, 0x08},
        {"no-cert-check", 0, 0, 0x09},
+       {"force-dpd", 1, 0, 0x10},
        {NULL, 0, 0, 0},
 };
 
@@ -115,6 +116,7 @@ void usage(void)
        printf("      --cookie-on-stdin           Read cookie from standard input\n");
        printf("  -d, --deflate                   Enable compression (default)\n");
        printf("  -D, --no-deflate                Disable compression\n");
+       printf("      --force-dpd=INTERVAL        Set minimum Dead Peer Detection interval\n");
        printf("  -g, --usergroup=GROUP           Set login usergroup\n");
        printf("  -h, --help                      Display help text\n");
        printf("  -i, --interface=IFNAME          Use IFNAME for tunnel interface\n");
@@ -411,6 +413,9 @@ int main(int argc, char **argv)
                        free(vpninfo->useragent);
                        vpninfo->useragent = optarg;
                        break;
+               case 0x10:
+                       vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = atoi(optarg);
+                       break;
                default:
                        usage();
                }

diff --git a/openconnect.8 b/openconnect.8
index 3ff9c7f..2521a26 100644 (file)
--- a/openconnect.8
+++ b/openconnect.8
@@ -32,6 +32,10 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .B -D,--no-deflate
 ]
 [
+.B --force-dpd
+.I INTERVAL
+]
+[
 .B -g,--usergroup
 .I GROUP
 ]
@@ -205,6 +209,11 @@ Enable compression (default)
 .B -D,--no-deflate
 Disable compression
 .TP
+.B --force-dpd=INTERVAL
+Use
+.I INTERVAL
+as minimum Dead Peer Detection interval for CSTP and DTLS, forcing use of DPD even when the server doesn't request it.
+.TP
 .B -g,--usergroup=GROUP
 Use
 .I GROUP

diff --git a/openconnect.html b/openconnect.html
index ae91adf..90e4435 100644 (file)
--- a/openconnect.html
+++ b/openconnect.html
@@ -181,6 +181,7 @@ For full changelog entries including the latest development, see
 <UL>
   <LI><B>OpenConnect HEAD</B><BR>
      <UL>
+       <LI>Add <TT>--force-dpd</TT> option to set minimum DPD interval.</LI>
        <LI>Don't print <TT>webvpn</TT> cookie in debug output.</LI>
      </UL><BR>
   </LI>
@@ -435,6 +436,6 @@ An <TT>openconnect</TT> <A HREF="http://www.freebsd.org/cgi/cvsweb.cgi/ports/sec
 <hr>
 <address>David Woodhouse &lt;<A HREF="mailto:dwmw2@infradead.org">dwmw2@infradead.org</A>&gt;</address>
 <!-- hhmts start -->
-Last modified: Sat Aug  7 10:19:33 BST 2010
+Last modified: Sat Aug  7 18:50:17 BST 2010
 <!-- hhmts end -->
 </body> </html>