[PATCH] relax requirements for Juniper hostname packet response
Daniel Lenski
dlenski at gmail.com
Mon Jun 12 11:02:13 PDT 2017
This fixes the "Unexpected response of size 3 after hostname packet" error which I get intermittently when connecting to an old Juniper NC server:
$ openconnect --prot=nc -vvvv
...
NCP-Version: 2
...
> 0000: 18 00 00 04 00 00 00 0c 00 64 65 61 64 62 65 65
> 0010: 66 2d 31 32 33 bb 01 00 00 00 00
Read 3 bytes of SSL record
< 0000: d2 01 00
Read 467 bytes of SSL record
Here's what I think is going on: I believe this server is concatenating the
3-byte response packet together with the longer IP-configuration packet that
follows (0x1d2 == 466, which suggests that it's encoding the size of the
following packet).
As far as I can tell, openconnect can simply ignore the first two bytes of
the hostname response packet, and everything else proceeds normally.
Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
oncp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/oncp.c b/oncp.c
index f7d3d68..b57539c 100644
--- a/oncp.c
+++ b/oncp.c
@@ -665,8 +665,9 @@ int oncp_connect(struct openconnect_info *vpninfo)
goto out;
vpn_progress(vpninfo, PRG_TRACE,
_("Read %d bytes of SSL record\n"), ret);
+ dump_buf_hex(vpninfo, PRG_TRACE, '<', (void *)bytes, ret);
- if (ret != 3 || bytes[0] != 1 || bytes[1] != 0) {
+ if (ret != 3) {
vpn_progress(vpninfo, PRG_ERR,
_("Unexpected response of size %d after hostname packet\n"),
ret);
--
2.7.4
More information about the openconnect-devel
mailing list