Merge branch 'issue357-part1' into 'master'

Don't attempt TLS if the client closes the connection with zero data sent.

Closes #357

See merge request openconnect/ocserv!221

src/defs.h

@@ -38,6 +38,7 @@
 #define REASON_ERROR 6
 #define REASON_SESSION_TIMEOUT 7
 #define REASON_TEMP_DISCONNECT 8
+#define REASON_HEALTH_PROBE 9
 
 /* Timeout (secs) for communication between main and sec-mod */
 #define MAIN_SEC_MOD_TIMEOUT 120

src/worker-vpn.c

@@ -103,6 +103,8 @@ static void set_socket_timeout(worker_st * ws, int fd);
 
 static void link_mtu_set(worker_st * ws, unsigned mtu);
 
+static int test_for_tcp_health_probe(struct worker_st *ws);
+
 static void handle_alarm(int signo)
 {
 	if (global_ws)
@@ -789,6 +791,11 @@ void vpn_server(struct worker_st *ws)
 		 * as we need to set some cipher priorities for handshake to start. */
 		ws->vhost = find_vhost(ws->vconfig, NULL);
 
+		if (test_for_tcp_health_probe(ws) != 0) {
+			oclog(ws, LOG_DEBUG, "Received TCP health probe from load-balancer");
+			exit_worker_reason(ws, REASON_HEALTH_PROBE);
+		}
+
 		/* initialize the session */
 		ret = gnutls_init(&session, GNUTLS_SERVER);
 		GNUTLS_FATAL_ERR(ret);
@@ -2689,3 +2696,16 @@ static int parse_dtls_data(struct worker_st *ws,
 	ws->last_msg_udp = now;
 	return ret;
 }
+
+static int test_for_tcp_health_probe(struct worker_st *ws)
+{
+	int ret;
+	uint8_t buffer[1];
+	ret = recv(ws->conn_fd, buffer, sizeof(buffer), MSG_PEEK);
+
+	// If we get back an error, assume this was a tcp health probe
+	if (ret > 0) 
+		return 0;
+	else 
+		return 1;
+}