diff options
Diffstat (limited to 'src/libtnccs/plugins/tnccs_20')
-rw-r--r-- | src/libtnccs/plugins/tnccs_20/Makefile.am | 2 | ||||
-rw-r--r-- | src/libtnccs/plugins/tnccs_20/Makefile.in | 8 | ||||
-rw-r--r-- | src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c | 13 | ||||
-rw-r--r-- | src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h | 3 | ||||
-rw-r--r-- | src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c | 2 | ||||
-rw-r--r-- | src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h | 2 | ||||
-rw-r--r-- | src/libtnccs/plugins/tnccs_20/tnccs_20.c | 38 |
7 files changed, 53 insertions, 15 deletions
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.am b/src/libtnccs/plugins/tnccs_20/Makefile.am index f64526eda..2aefecd26 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.am +++ b/src/libtnccs/plugins/tnccs_20/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-tnccs-20.la diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 468f21780..230440b87 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -279,6 +279,7 @@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ @@ -297,6 +298,7 @@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ @@ -324,6 +326,7 @@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -415,6 +418,7 @@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -432,7 +436,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libtnccs AM_CFLAGS = \ - -rdynamic + $(PLUGIN_CFLAGS) @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-tnccs-20.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-tnccs-20.la diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c index ef0faf2c1..228c08255 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c @@ -16,6 +16,7 @@ #include "pb_tnc_batch.h" #include "messages/ietf/pb_error_msg.h" +#include "messages/ietf/pb_pa_msg.h" #include "state_machine/pb_tnc_state_machine.h" #include <tnc/tnccs/tnccs.h> @@ -51,7 +52,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t; #define PB_TNC_BATCH_FLAG_NONE 0x00 #define PB_TNC_BATCH_FLAG_D (1<<7) -#define PB_TNC_BATCH_HEADER_SIZE 8 /** * PB-TNC Message (see section 4.2 of RFC 5793) @@ -71,7 +71,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t; #define PB_TNC_FLAG_NONE 0x00 #define PB_TNC_FLAG_NOSKIP (1<<7) -#define PB_TNC_HEADER_SIZE 12 #define PB_TNC_RESERVED_MSG_TYPE 0xffffffff @@ -148,7 +147,7 @@ METHOD(pb_tnc_batch_t, add_msg, bool, msg->build(msg); msg_value = msg->get_encoding(msg); - msg_len = PB_TNC_HEADER_SIZE + msg_value.len; + msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len; if (this->batch_len + msg_len > this->max_batch_len) { @@ -201,7 +200,7 @@ METHOD(pb_tnc_batch_t, build, void, /* build PB-TNC message */ msg_value = msg->get_encoding(msg); - msg_len = PB_TNC_HEADER_SIZE + msg_value.len; + msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len; msg_type = msg->get_type(msg); switch (msg_type.vendor_id) { @@ -339,7 +338,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) data = chunk_skip(this->encoding, this->offset); - if (data.len < PB_TNC_HEADER_SIZE) + if (data.len < PB_TNC_MSG_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header", data.len); @@ -403,7 +402,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) } else { - if (msg_len < PB_TNC_HEADER_SIZE) + if (msg_len < PB_TNC_MSG_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length", msg_len); @@ -475,7 +474,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) DBG2(DBG_TNC, "processing %N/%N message (%u bytes)", pen_names, vendor_id, msg_type_names, msg_type, msg_len); data.len = msg_len; - msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE); + msg_value = chunk_skip(data, PB_TNC_MSG_HEADER_SIZE); msg_pen_type = pen_type_create(vendor_id, msg_type); pb_tnc_msg = pb_tnc_msg_create_from_data(msg_pen_type, msg_value); diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h index 60cef7735..106c5578c 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h @@ -29,6 +29,9 @@ typedef struct pb_tnc_batch_t pb_tnc_batch_t; #include <library.h> +#define PB_TNC_BATCH_HEADER_SIZE 8 +#define PB_TNC_MSG_HEADER_SIZE 12 + /** * PB-TNC Batch Types as defined in section 4.1 of RFC 5793 */ diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c index a9a097bd4..263af3224 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c @@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, build, void, } /* build message header */ - writer = bio_writer_create(64); + writer = bio_writer_create(PB_PA_MSG_HEADER_SIZE); writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE); writer->write_uint24(writer, this->subtype.vendor_id); writer->write_uint32(writer, this->subtype.type); diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h index 093bb45ae..f3b6b1518 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h @@ -27,6 +27,8 @@ typedef struct pb_pa_msg_t pb_pa_msg_t; #include <pen/pen.h> +#define PB_PA_MSG_HEADER_SIZE 12 + /** * Class representing the PB-PA message type. */ diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c index f78b85a68..dc4da51c6 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c @@ -1032,6 +1032,38 @@ tnccs_t* tnccs_20_create(bool is_server, tnc_ift_type_t transport, tnccs_cb_t cb) { private_tnccs_20_t *this; + size_t max_batch_size, default_max_batch_size; + size_t max_message_size, default_max_message_size; + + /* Determine the maximum PB-TNC batch size and PA-TNC message size */ + switch (transport) + { + case TNC_IFT_TLS_2_0: + case TNC_IFT_TLS_1_0: + default_max_batch_size = 128 * TLS_MAX_FRAGMENT_LEN - 16; + break; + case TNC_IFT_EAP_2_0: + case TNC_IFT_EAP_1_1: + case TNC_IFT_EAP_1_0: + case TNC_IFT_UNKNOWN: + default: + default_max_batch_size = 4 * TLS_MAX_FRAGMENT_LEN - 14; + break; + } + + max_batch_size = min(default_max_batch_size, + lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-20.max_batch_size", + default_max_batch_size, lib->ns)); + + default_max_message_size = max_batch_size - PB_TNC_BATCH_HEADER_SIZE + - PB_TNC_MSG_HEADER_SIZE + - PB_PA_MSG_HEADER_SIZE; + + max_message_size = min(default_max_message_size, + lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-20.max_message_size", + default_max_message_size, lib->ns)); INIT(this, .public = { @@ -1062,10 +1094,8 @@ tnccs_t* tnccs_20_create(bool is_server, .state_machine = pb_tnc_state_machine_create(is_server), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .messages = linked_list_create(), - .max_batch_len = lib->settings->get_int(lib->settings, - "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns), - .max_msg_len = lib->settings->get_int(lib->settings, - "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns), + .max_batch_len = max_batch_size, + .max_msg_len = max_message_size, .ref = 1, ); |