LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1924 Commits
1 Branch
46 MiB
Tree: e40c1e3586
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e40c1e3586'
${ noResults }
openwrt-packages-dist/net/openconnect/patches/001-always-resolve-ips.patch

143 lines
4.9 KiB
Raw Normal View History

openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: updated to 7.00 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: updated to 7.00 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
openconnect: made server IP resolving on reconnection conditional Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: added upstream patch for dynamic IPs That requires an update to ocserv as well to advertise them.
10 years ago
 
  1. From 2f55fec323730a94ed49d401d93b913d85e43b65 Mon Sep 17 00:00:00 2001
  2. From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
  3. Date: Mon, 1 Dec 2014 20:10:06 +0100
  4. Subject: [PATCH 1/2] Re-resolve when reconnecting CSTP and the X-CSTP-DynDNS
  5.  is set by the server
  6. 

  7. That is, when reconnecting CSTP due to peer tearing the connection
  8. down attempt to re-resolve its IP. That handles the case where
  9. the server is using dynamic DNS and is advertising it.
  10. 

  11. [dwmw2: refactored to simplify it somewhat]
  12. 

  13. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
  14. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  15. ---

  16.  cstp.c                 |  3 +++
  17.  openconnect-internal.h |  1 +
  18.  ssl.c                  | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
  19.  4 files changed, 52 insertions(+), 2 deletions(-)
  20. 

  21. diff --git a/cstp.c b/cstp.c

  22. index 3b93538..55225f4 100644

  23. --- a/cstp.c

  24. +++ b/cstp.c

  25. @@ -378,6 +378,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)

  26.  			int cstpmtu = atol(colon);
  27.  			if (cstpmtu > mtu)
  28.  				mtu = cstpmtu;
  29. +		} else if (!strcmp(buf + 7, "DynDNS")) {

  30. +			if (!strcmp(colon, "true"))

  31. +				vpninfo->is_dyndns = 1;

  32.  		} else if (!strcmp(buf + 7, "Address-IP6")) {
  33.  			vpninfo->ip_info.netmask6 = new_option->value;
  34.  		} else if (!strcmp(buf + 7, "Address")) {
  35. diff --git a/openconnect-internal.h b/openconnect-internal.h

  36. index 1bc79e5..db6c2ba 100644

  37. --- a/openconnect-internal.h

  38. +++ b/openconnect-internal.h

  39. @@ -427,6 +427,7 @@ struct openconnect_info {

  40.  	int dtls_local_port;
  41.  
  42.  	int deflate;
  43. +	int is_dyndns; /* Attempt to redo DNS lookup on each CSTP reconnect */

  44.  	char *useragent;
  45.  
  46.  	const char *quit_reason;
  47. diff --git a/ssl.c b/ssl.c

  48. index b50652d..d47a819 100644

  49. --- a/ssl.c

  50. +++ b/ssl.c

  51. @@ -106,6 +106,23 @@ unsigned string_is_hostname(const char *str)

  52.  	return 1;
  53.  }
  54.  
  55. +static int match_sockaddr(struct sockaddr *a, struct sockaddr *b)

  56. +{

  57. +	if (a->sa_family == AF_INET) {

  58. +		struct sockaddr_in *a4 = (void *)a;

  59. +		struct sockaddr_in *b4 = (void *)b;

  60. +

  61. +		return (a4->sin_addr.s_addr == b4->sin_addr.s_addr) &&

  62. +			(a4->sin_port == b4->sin_port);

  63. +	} else if (a->sa_family == AF_INET6) {

  64. +		struct sockaddr_in6 *a6 = (void *)a;

  65. +		struct sockaddr_in6 *b6 = (void *)b;

  66. +		return !memcmp(&a6->sin6_addr, &b6->sin6_addr, sizeof(a6->sin6_addr) &&

  67. +			       a6->sin6_port == b6->sin6_port);

  68. +	} else

  69. +		return 0;

  70. +}

  71. +

  72.  int connect_https_socket(struct openconnect_info *vpninfo)
  73.  {
  74.  	int ssl_sock = -1;
  75. @@ -114,7 +131,11 @@ int connect_https_socket(struct openconnect_info *vpninfo)

  76.  	if (!vpninfo->port)
  77.  		vpninfo->port = 443;
  78.  
  79. -	if (vpninfo->peer_addr) {

  80. +	/* If we're talking to a server which told us it has dynamic DNS, don't

  81. +	   just re-use its previous IP address. If we're talking to a proxy, we

  82. +	   can use *its* previous IP address. We expect it'll re-do the DNS

  83. +	   lookup for the server anyway. */

  84. +	if (vpninfo->peer_addr && (!vpninfo->is_dyndns || vpninfo->proxy)) {

  85.  	reconnect:
  86.  #ifdef SOCK_CLOEXEC
  87.  		ssl_sock = socket(vpninfo->peer_addr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_IP);
  88. @@ -230,6 +251,13 @@ int connect_https_socket(struct openconnect_info *vpninfo)

  89.  			if (hints.ai_flags & AI_NUMERICHOST)
  90.  				free(hostname);
  91.  			ssl_sock = -EINVAL;
  92. +			/* If we were just retrying for dynamic DNS, reconnct using

  93. +			   the previously-known IP address */

  94. +			if (vpninfo->peer_addr) {

  95. +				vpn_progress(vpninfo, PRG_ERR,

  96. +					     _("Reconnecting to DynDNS server using previously cached IP address\n"));

  97. +				goto reconnect;

  98. +			}

  99.  			goto out;
  100.  		}
  101.  		if (hints.ai_flags & AI_NUMERICHOST)
  102. @@ -257,6 +285,8 @@ int connect_https_socket(struct openconnect_info *vpninfo)

  103.  			if (cancellable_connect(vpninfo, ssl_sock, rp->ai_addr, rp->ai_addrlen) >= 0) {
  104.  				/* Store the peer address we actually used, so that DTLS can
  105.  				   use it again later */
  106. +				free(vpninfo->peer_addr);

  107. +				vpninfo->peer_addrlen = 0;

  108.  				vpninfo->peer_addr = malloc(rp->ai_addrlen);
  109.  				if (!vpninfo->peer_addr) {
  110.  					vpn_progress(vpninfo, PRG_ERR,
  111. @@ -288,6 +318,17 @@ int connect_https_socket(struct openconnect_info *vpninfo)

  112.  			}
  113.  			closesocket(ssl_sock);
  114.  			ssl_sock = -1;
  115. +

  116. +			/* If we're in DynDNS mode but this *was* the cached IP address,

  117. +			 * don't bother falling back to it if it didn't work. */

  118. +			if (vpninfo->peer_addr && vpninfo->peer_addrlen == rp->ai_addrlen &&

  119. +			    match_sockaddr(vpninfo->peer_addr, rp->ai_addr)) {

  120. +				vpn_progress(vpninfo, PRG_TRACE,

  121. +					     _("Forgetting non-functional previous peer address\n"));

  122. +				free(vpninfo->peer_addr);

  123. +				vpninfo->peer_addr = 0;

  124. +				vpninfo->peer_addrlen = 0;

  125. +			}

  126.  		}
  127.  		freeaddrinfo(result);
  128.  
  129. @@ -296,6 +337,11 @@ int connect_https_socket(struct openconnect_info *vpninfo)

  130.  				     _("Failed to connect to host %s\n"),
  131.  				     vpninfo->proxy?:vpninfo->hostname);
  132.  			ssl_sock = -EINVAL;
  133. +			if (vpninfo->peer_addr) {

  134. +				vpn_progress(vpninfo, PRG_ERR,

  135. +					     _("Reconnecting to DynDNS server using previously cached IP address\n"));

  136. +				goto reconnect;

  137. +			}

  138.  			goto out;
  139.  		}
  140.  	}
  141. -- 

  142. 2.1.3
  143.