~mamarley/openconnect/+git/gitlab-main:pulse_concatenated_and_split_packets

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

7400f4b... by Dan Lenski on 2022-06-21

Handle concatenated and/or split packets in Pulse TLS tunnel

Borrows the approach of ppp.c. Should fix #456.

I have managed to test the handling of both concatenated and
split packets against a "real" Pulse server.

I'm not precisely certain of the server version, but it's older than 9.1R14;
it doesn't show the modified 9.1R14+ config packet of
https://gitlab.com/openconnect/openconnect/-/merge_requests/331.

1. The test server can be induced to reply with concatenated packets by
   sending it fragmented Legacy IP datagrams. For example, with a tunnel
   MTU of 1400 bytes, send fragmented pings:
   `ping -s $((MTU - 28 + 1)) -c1 -M dont $IP`.

   Resulting trace-level log messages:

   ```
   Sending IF-T/TLS data packet of 1396 bytes
   Sending IPv4 data packet of 1396 bytes
   Sending IF-T/TLS data packet of 25 bytes
   Sending IPv4 data packet of 25 bytes
   No work to do; sleeping for 2147483647 ms...
   Received packet of 1412 bytes with 41 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received IPv4 data packet of 25 bytes
   ```

2. Test server can be induced to reply with split packets by sending it
   fragmented Legacy IP datagrams such that the concatenated replies won't
   fit in a single TLS frame (16384 bytes). For example:
   `ping -s 16385 -c1 -M dont $IP`

   Resulting trace-level log messages (omitting the outgoing bits for brevity):

   ```
   Received packet of 1412 bytes with 14972 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 13560 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 12148 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 10736 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 9324 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 7912 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 6500 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 5088 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 3676 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 2264 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received packet of 1412 bytes with 852 trailing bytes of concatenated packet.
   Received IPv4 data packet of 1396 bytes
   Received partial packet, 852 of 1293 bytes
   Received IPv4 data packet of 1277 bytes
   ```

Signed-off-by: Daniel Lenski <email address hidden>

07f527a... by Dan Lenski on 2022-09-05

Improve packet logging over Pulse IFT-T/TLS tunnel

1. Don't dump full "normal"/expected packet contents as hex, unless
   '--dump-http-traffic' is specified.
2. Report IP version of packets sent/received.
3. Use 'hdr_size' instead of literal '16'; found one case where
   it was incorrectly coded as '8', probably due to copy-pasting
   from CSTP.

Signed-off-by: Daniel Lenski <email address hidden>

8eea1aa... by Nikos Mavrogiannopoulos on 2024-01-06

Merge branch 'bugfix/win-external-browser-flag' into 'master'

Support --external-browser flag on _WIN32 systems

See merge request openconnect/openconnect!489

e33f399... by Dimitri Papadopoulos Orfanos <email address hidden> on 2024-01-06

Merge branch 'libxml/parser' into 'master'

Include <libxml/tree.h> from a single place

See merge request openconnect/openconnect!507

f8dcf17... by Nikos Mavrogiannopoulos on 2024-01-06

Merge branch 'tmp-android-fixes' into 'master'

.gitlab-ci.yml: specify the toolchain image used

See merge request openconnect/openconnect!520

009eb36... by Dimitri Papadopoulos Orfanos <email address hidden> on 2024-01-06

Include <libxml/tree.h> from a single place

<libxml/tree.h> used to be included both by "openconnect-internal.h"
and from *.c source files. We don't need both. Let's settle on including
from "openconnect-internal.h" only.

Signed-off-by: Dimitri Papadopoulos Orfanos <email address hidden>

86009bb... by Nikos Mavrogiannopoulos on 2024-01-06

.gitlab-ci.yml: specify the toolchain image used

Signed-off-by: Nikos Mavrogiannopoulos <email address hidden>

74d2744... by Nikos Mavrogiannopoulos on 2024-01-06

Merge branch 'stricter_chunked_encoding_error_detection' into 'master'

Stricter chunked-encoding error detection

See merge request openconnect/openconnect!468

fb3036f... by Nikos Mavrogiannopoulos on 2024-01-06

Merge branch 'asctime_newline' into 'master'

Remove trailing new line returned by ctime()

Closes #598

See merge request openconnect/openconnect!469

783137e... by Nikos Mavrogiannopoulos on 2024-01-06

Merge branch 'change_default_UA_string_to_be_compatible_with_newer_Cisco_servers' into 'master'

Change default user-agent string to be compatible with newer Cisco servers

Closes #544, #593, #602, #618, #635, #657, #662, and #665

See merge request openconnect/openconnect!497