~lopin/openconnect/lopin-gp-deb-2

From Revision 2649 to 2630

expand all

collapse all

Rev		Summary	Authors	Date	Diff	Files
2649		removed debian directory removed debian directory	Martin Lopatář	6 years ago
2648		Updated README Updated README	Martin Lopatář	6 years ago
2647		skip tests on package build + set customized version skip tests on package build + set customized version	Martin Lopatář	6 years ago
2646		updated changelog updated changelog	Martin Lopatář	6 years ago
2645		added ./debian directory from master branch added ./debian directory from master branch https://anonscm.debian.org/git/collab-maint/openconnect.git	Martin Lopatář	6 years ago
2644		allow whitespace in login response allow whitespace in login response	Daniel Lenski	6 years ago
2643		Let's try some CI Let's try some CI	Daniel Lenski	6 years ago
2642		Close #80, fix #82 (I completely botched the cherry-pick fro... Close #80, fix #82 (I completely botched the cherry-pick from the gpst branch in be074cd)	Daniel Lenski	6 years ago
2641		Revert "Merge pull request #80 from jdz/globalprotect" Revert "Merge pull request #80 from jdz/globalprotect" This reverts commit bf579e82267477e4d471af85cc913f16f985ad44, reversing changes made to a390ef046b77e94309415fbab93bd9379167d2d2. I merged this PR too quickly; it doesn't actually fix anything AFAICT.	Daniel Lenski	6 years ago
2640		Merge pull request #80 from jdz/globalprotect Merge pull request #80 from jdz/globalprotect Fix ESP tunnel MTU calculation	Dan Lenski	6 years ago
2639		underp underp	Daniel Lenski	6 years ago
2638		Check all oc_text_buf for errors (e.g. out-of-memory) before... Check all oc_text_buf for errors (e.g. out-of-memory) before using their contents	Daniel Lenski	6 years ago
2637		Replace static auth form for GlobalProtect portal with a dyn... Replace static auth form for GlobalProtect portal with a dynamic auth form (Also adds more memory-allocation checks to the portal auth form)	Daniel Lenski	6 years ago
2636		properly handle alternate GPST tunnel path properly handle alternate GPST tunnel path	Daniel Lenski	6 years ago
2635		Smarter MTU calculation for GlobalProtect Smarter MTU calculation for GlobalProtect - If we have no ESP support, ESP disabled, or no ESP keys received, then   we're definitely using the TLS tunne and we should calculate tunnel MTU   based on the TCP MSS, subtracting the TLS+GPST overhead (and only use the   base/wire MTU as a crude fallback if necessary). - If we've got ESP enabled and ESP keys, then we should calculate tunnel   MTU based on the base/wire MTU, subtracting the IP+UDP+ESP overhead.	Daniel Lenski	6 years ago
2634		add test login script add test login script	Daniel Lenski	6 years ago
2633		Update PAN_GlobalProtect_protocol_doc.md Update PAN_GlobalProtect_protocol_doc.md	Dan Lenski	6 years ago
2632		ensure openconnect will actually compile with !defined(HAVE_... ensure openconnect will actually compile with !defined(HAVE_ESP)	Daniel Lenski	6 years ago
2631		simplify esp.c by reusing ka_check_deadline() function simplify esp.c by reusing ka_check_deadline() function	Daniel Lenski	6 years ago
2630		Fix a really subtle bug causing 100% CPU utilization after E... Fix a really subtle bug causing 100% CPU utilization after ESP failure and tunnel reconnect (this should fix #76) Here's what was happening: 1. GlobalProtect connect, start ESP    -> dtls_state = DTLS_CONNECTED, dtls_fd is read-monitored 2. ESP tunnel fails and GP switches to HTTPS (due to network outage, dead peer?),    -> dtls_state = DTLS_NOSECRET, dtls_fd is still read-monitored (!!!) 3. Tunnel restarts (due to rekey or pause-and-reconnect signal, USR2) and    /ssl-vpn/getconfig.esp is repulled, including new ESP keys.    -> dtls_state = DTLS_SECRET, dtls_fd is still read-monitored (!!!) 4. ESP probes are sent out *once* in esp_setup(), but dtls_fd != -1, so the    dtls_state is *not* upgraded to DTLS_SLEEPING.    -> dtls_state = DTLS_SECRET, dtls_fd is still read-monitored (!!!) As a result of the probes being sent out, ESP packets will subsequently arrive and select() call in openconnect_mainloop() will wake up… but udp_mainloop() will never be called to service it because…         if (vpninfo->dtls_state > DTLS_DISABLED) {                 ...                 ret = vpninfo->proto->udp_mainloop(vpninfo, &timeout);         } This patch fixes that by not just setting dtls_state = DTLS_SECRET when the HTTPS tunnel connects, but actually calling esp_close_secret (which closes dtls_fd, unmonitors it, and sets it to -1).	Daniel Lenski	6 years ago

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1