Makes a host connection to an arbitrary TCP/IP host:port, and checks the
estimates of the MTU/MSS provided by various getsockopt() calls, just as
OpenConnect uses in calculate_mtu().
TODO: Implement a working os-tcp-mtu for Windows, and build that too.
Signed-off-by: Daniel Lenski <email address hidden>
In file included from auth-globalprotect.c:20:
auth-globalprotect.c: In function 'parse_prelogin_xml':
openconnect-internal.h:1180:17: warning: pointer '__realloc_old_176' may be used after 'realloc' [-Wuse-after-free]
1180 | free(__realloc_old); \
| ^~~~~~~~~~~~~~~~~~~
openconnect-internal.h:1178:13: note: call to 'realloc' here
1178 | p = realloc(p, size); \
| ^~~~~~~~~~~~~~~~
This is a true warning. The second argument to the realloc_inplace()
macro includes a strlen() of the first. Evaluate it first, before the
attempt to realloc().
Signed-off-by: David Woodhouse <email address hidden>
We weren't attempting to resend ESP probes at all, except at the retry
interval of about a minute. In a lossy network, or perhaps when the
server is slow to configure its end and start accepting ESP probes,
this meant that users sometimes saw the ESP failing to establish for
a whole minute (or multiple thereof).
Drop the loops in the protocol-specific udp_send_probes() functions
which were a primitive attempt to handle packet loss, and instead
deliberately send one probe a second for five seconds, before giving
up for the remainder of the dtls_attempt_period.
Fix up the reconnect handling with vpninfo->dtls_need_reconnect while
we're at it; it looks like that would just cause us to keep sending
probes and the flag would never be cleared.
Fixes: #601
Signed-off-by: David Woodhouse <email address hidden>
ab5f163...
by
Dimitri Papadopoulos <email address hidden>
pulsesecure.net → ivanti.com
We should also rename Pulse Connect Secure to Ivanti Connect Secure
at some point. For now, even the Ivanti web site uses both, perhaps
we should wait before we switch Pulse to Ivanti.