summaryrefslogtreecommitdiff
path: root/src/libtnccs/plugins/tnccs_20
diff options
context:
space:
mode:
Diffstat (limited to 'src/libtnccs/plugins/tnccs_20')
-rw-r--r--src/libtnccs/plugins/tnccs_20/Makefile.am2
-rw-r--r--src/libtnccs/plugins/tnccs_20/Makefile.in8
-rw-r--r--src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c13
-rw-r--r--src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h3
-rw-r--r--src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c2
-rw-r--r--src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h2
-rw-r--r--src/libtnccs/plugins/tnccs_20/tnccs_20.c38
7 files changed, 53 insertions, 15 deletions
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.am b/src/libtnccs/plugins/tnccs_20/Makefile.am
index f64526eda..2aefecd26 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.am
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.am
@@ -5,7 +5,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libtnccs
AM_CFLAGS = \
- -rdynamic
+ $(PLUGIN_CFLAGS)
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-tnccs-20.la
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index 468f21780..230440b87 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -279,6 +279,7 @@ NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
@@ -297,6 +298,7 @@ PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
PTHREADLIB = @PTHREADLIB@
PYTHON = @PYTHON@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -324,6 +326,7 @@ abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@@ -415,6 +418,7 @@ srcdir = @srcdir@
starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
t_plugins = @t_plugins@
@@ -432,7 +436,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libtnccs
AM_CFLAGS = \
- -rdynamic
+ $(PLUGIN_CFLAGS)
@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-20.la
@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-20.la
diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
index ef0faf2c1..228c08255 100644
--- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
+++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
@@ -16,6 +16,7 @@
#include "pb_tnc_batch.h"
#include "messages/ietf/pb_error_msg.h"
+#include "messages/ietf/pb_pa_msg.h"
#include "state_machine/pb_tnc_state_machine.h"
#include <tnc/tnccs/tnccs.h>
@@ -51,7 +52,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t;
#define PB_TNC_BATCH_FLAG_NONE 0x00
#define PB_TNC_BATCH_FLAG_D (1<<7)
-#define PB_TNC_BATCH_HEADER_SIZE 8
/**
* PB-TNC Message (see section 4.2 of RFC 5793)
@@ -71,7 +71,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t;
#define PB_TNC_FLAG_NONE 0x00
#define PB_TNC_FLAG_NOSKIP (1<<7)
-#define PB_TNC_HEADER_SIZE 12
#define PB_TNC_RESERVED_MSG_TYPE 0xffffffff
@@ -148,7 +147,7 @@ METHOD(pb_tnc_batch_t, add_msg, bool,
msg->build(msg);
msg_value = msg->get_encoding(msg);
- msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
+ msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len;
if (this->batch_len + msg_len > this->max_batch_len)
{
@@ -201,7 +200,7 @@ METHOD(pb_tnc_batch_t, build, void,
/* build PB-TNC message */
msg_value = msg->get_encoding(msg);
- msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
+ msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len;
msg_type = msg->get_type(msg);
switch (msg_type.vendor_id)
{
@@ -339,7 +338,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
data = chunk_skip(this->encoding, this->offset);
- if (data.len < PB_TNC_HEADER_SIZE)
+ if (data.len < PB_TNC_MSG_HEADER_SIZE)
{
DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header",
data.len);
@@ -403,7 +402,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
}
else
{
- if (msg_len < PB_TNC_HEADER_SIZE)
+ if (msg_len < PB_TNC_MSG_HEADER_SIZE)
{
DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length",
msg_len);
@@ -475,7 +474,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
DBG2(DBG_TNC, "processing %N/%N message (%u bytes)", pen_names, vendor_id,
msg_type_names, msg_type, msg_len);
data.len = msg_len;
- msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE);
+ msg_value = chunk_skip(data, PB_TNC_MSG_HEADER_SIZE);
msg_pen_type = pen_type_create(vendor_id, msg_type);
pb_tnc_msg = pb_tnc_msg_create_from_data(msg_pen_type, msg_value);
diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h
index 60cef7735..106c5578c 100644
--- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h
+++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h
@@ -29,6 +29,9 @@ typedef struct pb_tnc_batch_t pb_tnc_batch_t;
#include <library.h>
+#define PB_TNC_BATCH_HEADER_SIZE 8
+#define PB_TNC_MSG_HEADER_SIZE 12
+
/**
* PB-TNC Batch Types as defined in section 4.1 of RFC 5793
*/
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
index a9a097bd4..263af3224 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
@@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, build, void,
}
/* build message header */
- writer = bio_writer_create(64);
+ writer = bio_writer_create(PB_PA_MSG_HEADER_SIZE);
writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE);
writer->write_uint24(writer, this->subtype.vendor_id);
writer->write_uint32(writer, this->subtype.type);
diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
index 093bb45ae..f3b6b1518 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
@@ -27,6 +27,8 @@ typedef struct pb_pa_msg_t pb_pa_msg_t;
#include <pen/pen.h>
+#define PB_PA_MSG_HEADER_SIZE 12
+
/**
* Class representing the PB-PA message type.
*/
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
index f78b85a68..dc4da51c6 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
@@ -1032,6 +1032,38 @@ tnccs_t* tnccs_20_create(bool is_server,
tnc_ift_type_t transport, tnccs_cb_t cb)
{
private_tnccs_20_t *this;
+ size_t max_batch_size, default_max_batch_size;
+ size_t max_message_size, default_max_message_size;
+
+ /* Determine the maximum PB-TNC batch size and PA-TNC message size */
+ switch (transport)
+ {
+ case TNC_IFT_TLS_2_0:
+ case TNC_IFT_TLS_1_0:
+ default_max_batch_size = 128 * TLS_MAX_FRAGMENT_LEN - 16;
+ break;
+ case TNC_IFT_EAP_2_0:
+ case TNC_IFT_EAP_1_1:
+ case TNC_IFT_EAP_1_0:
+ case TNC_IFT_UNKNOWN:
+ default:
+ default_max_batch_size = 4 * TLS_MAX_FRAGMENT_LEN - 14;
+ break;
+ }
+
+ max_batch_size = min(default_max_batch_size,
+ lib->settings->get_int(lib->settings,
+ "%s.plugins.tnccs-20.max_batch_size",
+ default_max_batch_size, lib->ns));
+
+ default_max_message_size = max_batch_size - PB_TNC_BATCH_HEADER_SIZE
+ - PB_TNC_MSG_HEADER_SIZE
+ - PB_PA_MSG_HEADER_SIZE;
+
+ max_message_size = min(default_max_message_size,
+ lib->settings->get_int(lib->settings,
+ "%s.plugins.tnccs-20.max_message_size",
+ default_max_message_size, lib->ns));
INIT(this,
.public = {
@@ -1062,10 +1094,8 @@ tnccs_t* tnccs_20_create(bool is_server,
.state_machine = pb_tnc_state_machine_create(is_server),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.messages = linked_list_create(),
- .max_batch_len = lib->settings->get_int(lib->settings,
- "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns),
- .max_msg_len = lib->settings->get_int(lib->settings,
- "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns),
+ .max_batch_len = max_batch_size,
+ .max_msg_len = max_message_size,
.ref = 1,
);