diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-05-27 19:03:49 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-05-31 20:37:56 +0200 |
| commit | 4dda2984e35220275d2f2098e4f9d3f03a2da8bc (patch) | |
| tree | 8366ec9c130976cc7d9c567a09ccf4026877368c | |
| parent | 75498e6b337c1f7aa40dd03ab33edbb85982f0ad (diff) | |
| download | strongswan-4dda2984e35220275d2f2098e4f9d3f03a2da8bc.tar.bz2 strongswan-4dda2984e35220275d2f2098e4f9d3f03a2da8bc.tar.xz | |
Automatic determination of maximum PB-TNC batch and PA-TNC message size
5 files changed, 46 insertions, 12 deletions
diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c index ef0faf2c1..228c08255 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c @@ -16,6 +16,7 @@ #include "pb_tnc_batch.h" #include "messages/ietf/pb_error_msg.h" +#include "messages/ietf/pb_pa_msg.h" #include "state_machine/pb_tnc_state_machine.h" #include <tnc/tnccs/tnccs.h> @@ -51,7 +52,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t; #define PB_TNC_BATCH_FLAG_NONE 0x00 #define PB_TNC_BATCH_FLAG_D (1<<7) -#define PB_TNC_BATCH_HEADER_SIZE 8 /** * PB-TNC Message (see section 4.2 of RFC 5793) @@ -71,7 +71,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t; #define PB_TNC_FLAG_NONE 0x00 #define PB_TNC_FLAG_NOSKIP (1<<7) -#define PB_TNC_HEADER_SIZE 12 #define PB_TNC_RESERVED_MSG_TYPE 0xffffffff @@ -148,7 +147,7 @@ METHOD(pb_tnc_batch_t, add_msg, bool, msg->build(msg); msg_value = msg->get_encoding(msg); - msg_len = PB_TNC_HEADER_SIZE + msg_value.len; + msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len; if (this->batch_len + msg_len > this->max_batch_len) { @@ -201,7 +200,7 @@ METHOD(pb_tnc_batch_t, build, void, /* build PB-TNC message */ msg_value = msg->get_encoding(msg); - msg_len = PB_TNC_HEADER_SIZE + msg_value.len; + msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len; msg_type = msg->get_type(msg); switch (msg_type.vendor_id) { @@ -339,7 +338,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) data = chunk_skip(this->encoding, this->offset); - if (data.len < PB_TNC_HEADER_SIZE) + if (data.len < PB_TNC_MSG_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header", data.len); @@ -403,7 +402,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) } else { - if (msg_len < PB_TNC_HEADER_SIZE) + if (msg_len < PB_TNC_MSG_HEADER_SIZE) { DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length", msg_len); @@ -475,7 +474,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) DBG2(DBG_TNC, "processing %N/%N message (%u bytes)", pen_names, vendor_id, msg_type_names, msg_type, msg_len); data.len = msg_len; - msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE); + msg_value = chunk_skip(data, PB_TNC_MSG_HEADER_SIZE); msg_pen_type = pen_type_create(vendor_id, msg_type); pb_tnc_msg = pb_tnc_msg_create_from_data(msg_pen_type, msg_value); diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h index 60cef7735..106c5578c 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h @@ -29,6 +29,9 @@ typedef struct pb_tnc_batch_t pb_tnc_batch_t; #include <library.h> +#define PB_TNC_BATCH_HEADER_SIZE 8 +#define PB_TNC_MSG_HEADER_SIZE 12 + /** * PB-TNC Batch Types as defined in section 4.1 of RFC 5793 */ diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c index a9a097bd4..263af3224 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c @@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, build, void, } /* build message header */ - writer = bio_writer_create(64); + writer = bio_writer_create(PB_PA_MSG_HEADER_SIZE); writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE); writer->write_uint24(writer, this->subtype.vendor_id); writer->write_uint32(writer, this->subtype.type); diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h index 093bb45ae..f3b6b1518 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h @@ -27,6 +27,8 @@ typedef struct pb_pa_msg_t pb_pa_msg_t; #include <pen/pen.h> +#define PB_PA_MSG_HEADER_SIZE 12 + /** * Class representing the PB-PA message type. */ diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c index f78b85a68..b593f853f 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c @@ -1032,6 +1032,38 @@ tnccs_t* tnccs_20_create(bool is_server, tnc_ift_type_t transport, tnccs_cb_t cb) { private_tnccs_20_t *this; + size_t max_batch_size, default_max_batch_size; + size_t max_message_size, default_max_message_size; + + /* Determine the maximum PB-TNC batch size and PA-TNC message size */ + switch (transport) + { + case TNC_IFT_TLS_2_0: + case TNC_IFT_TLS_1_0: + default_max_batch_size = 8 * TLS_MAX_FRAGMENT_LEN - 16; + break; + case TNC_IFT_EAP_2_0: + case TNC_IFT_EAP_1_1: + case TNC_IFT_EAP_1_0: + case TNC_IFT_UNKNOWN: + default: + default_max_batch_size = 4 * TLS_MAX_FRAGMENT_LEN - 14; + break; + } + + max_batch_size = min(default_max_batch_size, + lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-20.max_batch_size", + default_max_batch_size, lib->ns)); + + default_max_message_size = max_batch_size - PB_TNC_BATCH_HEADER_SIZE + - PB_TNC_MSG_HEADER_SIZE + - PB_PA_MSG_HEADER_SIZE; + + max_message_size = min(default_max_message_size, + lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-20.max_message_size", + default_max_message_size, lib->ns)); INIT(this, .public = { @@ -1062,10 +1094,8 @@ tnccs_t* tnccs_20_create(bool is_server, .state_machine = pb_tnc_state_machine_create(is_server), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .messages = linked_list_create(), - .max_batch_len = lib->settings->get_int(lib->settings, - "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns), - .max_msg_len = lib->settings->get_int(lib->settings, - "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns), + .max_batch_len = max_batch_size, + .max_msg_len = max_message_size, .ref = 1, ); |