2649
|
|
|
Martin Lopatář |
6 years ago
|
|
|
2648
|
|
|
Martin Lopatář |
6 years ago
|
|
|
2647
|
|
|
Martin Lopatář |
6 years ago
|
|
|
2646
|
|
|
Martin Lopatář |
6 years ago
|
|
|
2645
|
|
|
Martin Lopatář |
6 years ago
|
|
|
2644
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2643
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2642
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2641
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2640
|
|
|
Dan Lenski |
6 years ago
|
|
|
2639
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2638
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2637
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2636
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2635
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2634
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2633
|
|
|
Dan Lenski |
6 years ago
|
|
|
2632
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2631
|
|
|
Daniel Lenski |
6 years ago
|
|
|
2630
|
|
Fix a really subtle bug causing 100% CPU utilization after ESP failure and tunnel reconnect (this should fix #76)
Here's what was happening:
1. GlobalProtect connect, start ESP
-> dtls_state = DTLS_CONNECTED, dtls_fd is read-monitored
2. ESP tunnel fails and GP switches to HTTPS (due to network outage, dead peer?),
-> dtls_state = DTLS_NOSECRET, dtls_fd is still read-monitored (!!!)
3. Tunnel restarts (due to rekey or pause-and-reconnect signal, USR2) and /ssl-vpn/getconfig.esp is repulled, including new ESP keys.
-> dtls_state = DTLS_SECRET, dtls_fd is still read-monitored (!!!)
4. ESP probes are sent out *once* in esp_setup(), but dtls_fd != -1, so the dtls_state is *not* upgraded to DTLS_SLEEPING.
-> dtls_state = DTLS_SECRET, dtls_fd is still read-monitored (!!!)
As a result of the probes being sent out, ESP packets will subsequently arrive and select() call in openconnect_mainloop() will wake up… but udp_mainloop() will never be called to service it because…
if (vpninfo->dtls_state > DTLS_DISABLED) { ... ret = vpninfo->proto->udp_mainloop(vpninfo, &timeout); }
This patch fixes that by not just setting dtls_state = DTLS_SECRET when the HTTPS tunnel connects, but actually calling esp_close_secret (which closes dtls_fd, unmonitors it, and sets it to -1).
|
Daniel Lenski |
6 years ago
|
|
|