diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-09-08 12:58:40 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-09-08 12:58:45 +0200 |
| commit | de29e3a683f91d5b392e7a6176c6a0730ebb7847 (patch) | |
| tree | 5653031fe0ac82841d43c29caa8d61cf4dfe901a | |
| parent | 99b0f633c2252a6291cad8702110c0156e8c3840 (diff) | |
| download | strongswan-de29e3a683f91d5b392e7a6176c6a0730ebb7847.tar.bz2 strongswan-de29e3a683f91d5b392e7a6176c6a0730ebb7847.tar.xz | |
max max_message_count configurable and move it into tls_eap_t
| -rw-r--r-- | src/libcharon/plugins/eap_tls/eap_tls.c | 16 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_tnc/eap_tnc.c | 16 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls.c | 16 | ||||
| -rw-r--r-- | src/libtls/tls_eap.c | 24 | ||||
| -rw-r--r-- | src/libtls/tls_eap.h | 4 |
5 files changed, 37 insertions, 39 deletions
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index 53b61c847..efe72c437 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -33,11 +33,6 @@ struct private_eap_tls_t { eap_tls_t public; /** - * Number of EAP-TLS messages processed so far - */ - int processed; - - /** * TLS stack, wrapped by EAP helper */ tls_eap_t *tls_eap; @@ -68,12 +63,6 @@ METHOD(eap_method_t, process, status_t, status_t status; chunk_t data; - if (++this->processed > MAX_MESSAGE_COUNT) - { - DBG1(DBG_IKE, "EAP-TLS packet count exceeded (%d > %d)", - this->processed, MAX_MESSAGE_COUNT); - return FAILED; - } data = in->get_data(in); status = this->tls_eap->process(this->tls_eap, data, &data); if (status == NEED_MORE) @@ -123,6 +112,7 @@ static eap_tls_t *eap_tls_create(identification_t *server, { private_eap_tls_t *this; size_t frag_size; + int max_msg_count; tls_t *tls; INIT(this, @@ -140,8 +130,10 @@ static eap_tls_t *eap_tls_create(identification_t *server, frag_size = lib->settings->get_int(lib->settings, "charon.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN); + max_msg_count = lib->settings->get_int(lib->settings, + "charon.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT); tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL); - this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size); + this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count); if (!this->tls_eap) { free(this); diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index 234b1444d..65f4a23a0 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -34,11 +34,6 @@ struct private_eap_tnc_t { eap_tnc_t public; /** - * Number of EAP-TNC messages processed so far - */ - int processed; - - /** * TLS stack, wrapped by EAP helper */ tls_eap_t *tls_eap; @@ -70,12 +65,6 @@ METHOD(eap_method_t, process, status_t, status_t status; chunk_t data; - if (++this->processed > MAX_MESSAGE_COUNT) - { - DBG1(DBG_IKE, "EAP-TNC packet count exceeded (%d > %d)", - this->processed, MAX_MESSAGE_COUNT); - return FAILED; - } data = in->get_data(in); status = this->tls_eap->process(this->tls_eap, data, &data); if (status == NEED_MORE) @@ -125,6 +114,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, { private_eap_tnc_t *this; size_t frag_size; + int max_msg_count; tls_t *tnc_if_tnccs; INIT(this, @@ -142,8 +132,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, frag_size = lib->settings->get_int(lib->settings, "charon.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN); + max_msg_count = lib->settings->get_int(lib->settings, + "charon.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT); tnc_if_tnccs = tnc_if_tnccs_create(is_server, TLS_PURPOSE_EAP_TNC); - this->tls_eap = tls_eap_create(EAP_TNC, tnc_if_tnccs, frag_size); + this->tls_eap = tls_eap_create(EAP_TNC, tnc_if_tnccs, frag_size, max_msg_count); if (!this->tls_eap) { free(this); diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index d9220a33c..a62af6ea4 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -35,11 +35,6 @@ struct private_eap_ttls_t { eap_ttls_t public; /** - * Number of EAP-TLS messages processed so far - */ - int processed; - - /** * TLS stack, wrapped by EAP helper */ tls_eap_t *tls_eap; @@ -70,12 +65,6 @@ METHOD(eap_method_t, process, status_t, status_t status; chunk_t data; - if (++this->processed > MAX_MESSAGE_COUNT) - { - DBG1(DBG_IKE, "EAP-TTLS packet count exceeded (%d > %d)", - this->processed, MAX_MESSAGE_COUNT); - return FAILED; - } data = in->get_data(in); status = this->tls_eap->process(this->tls_eap, data, &data); if (status == NEED_MORE) @@ -126,6 +115,7 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, { private_eap_ttls_t *this; size_t frag_size; + int max_msg_count; tls_t *tls; INIT(this, @@ -147,8 +137,10 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, } frag_size = lib->settings->get_int(lib->settings, "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN); + max_msg_count = lib->settings->get_int(lib->settings, + "charon.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT); tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application); - this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size); + this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count); if (!this->tls_eap) { application->destroy(application); diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c index d923f2126..fa1cf5563 100644 --- a/src/libtls/tls_eap.c +++ b/src/libtls/tls_eap.c @@ -36,7 +36,7 @@ struct private_tls_eap_t { tls_eap_t public; /** - * Type of EAP method, EAP-TLS or EAP-TTLS + * Type of EAP method, EAP-TLS, EAP-TTLS, or EAP-TNC */ eap_type_t type; @@ -59,6 +59,16 @@ struct private_tls_eap_t { * Maximum size of an outgoing EAP-TLS fragment */ size_t frag_size; + + /** + * Number of EAP messages/fragments processed so far + */ + int processed; + + /** + * Maximum number of processed EAP messages/fragments + */ + int max_msg_count; }; /** @@ -251,6 +261,14 @@ METHOD(tls_eap_t, process, status_t, eap_tls_packet_t *pkt; status_t status; + if (++this->processed > this->max_msg_count) + { + DBG1(DBG_IKE, "%N packet count exceeded (%d > %d)", + eap_type_names, this->type, + this->processed, this->max_msg_count); + return FAILED; + } + pkt = (eap_tls_packet_t*)in.ptr; if (in.len < sizeof(eap_tls_packet_t) || untoh16(&pkt->length) != in.len) @@ -321,7 +339,8 @@ METHOD(tls_eap_t, destroy, void, /** * See header */ -tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size) +tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, + int max_msg_count) { private_tls_eap_t *this; @@ -341,6 +360,7 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size) .is_server = tls->is_server(tls), .first_fragment = TRUE, .frag_size = frag_size, + .max_msg_count = max_msg_count, .tls = tls, ); diff --git a/src/libtls/tls_eap.h b/src/libtls/tls_eap.h index 7d25ba799..ebda2636d 100644 --- a/src/libtls/tls_eap.h +++ b/src/libtls/tls_eap.h @@ -73,7 +73,9 @@ struct tls_eap_t { * @param type EAP type, EAP-TLS or EAP-TTLS * @param tls TLS implementation * @param frag_size maximum size of a TLS fragment we send + * @param max_msg_count maximum number of processed messages */ -tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size); +tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, + int max_msg_count); #endif /** TLS_EAP_H_ @}*/ |