diff options
| author | Martin Willi <martin@revosec.ch> | 2010-08-31 16:10:55 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-08-31 16:17:01 +0200 |
| commit | f9fc5f2045b18b4e51c43848ef0cb19d9cd223ad (patch) | |
| tree | c044bf47b89f3747e115e3908f7695f7f002ff6a /src/libcharon | |
| parent | 743f94067e6737c2aa40cc598f48d02f51533ed7 (diff) | |
| download | strongswan-f9fc5f2045b18b4e51c43848ef0cb19d9cd223ad.tar.bz2 strongswan-f9fc5f2045b18b4e51c43848ef0cb19d9cd223ad.tar.xz | |
Added strongswan.conf options for EAP-TLS/TTLS fragment size
Diffstat (limited to 'src/libcharon')
| -rw-r--r-- | src/libcharon/plugins/eap_tls/eap_tls.c | 14 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls.c | 15 |
2 files changed, 20 insertions, 9 deletions
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index 3332788eb..991eb6346 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -44,7 +44,9 @@ struct private_eap_tls_t { }; /** Maximum number of EAP-TLS messages/fragments allowed */ -#define MAX_EAP_TLS_MESSAGE_COUNT 24 +#define MAX_MESSAGE_COUNT 24 +/** Default size of a EAP-TLS fragment */ +#define MAX_FRAGMENT_LEN 1024 METHOD(eap_method_t, initiate, status_t, private_eap_tls_t *this, eap_payload_t **out) @@ -66,10 +68,10 @@ METHOD(eap_method_t, process, status_t, status_t status; chunk_t data; - if (++this->processed > MAX_EAP_TLS_MESSAGE_COUNT) + if (++this->processed > MAX_MESSAGE_COUNT) { DBG1(DBG_IKE, "EAP-TLS packet count exceeded (%d > %d)", - this->processed, MAX_EAP_TLS_MESSAGE_COUNT); + this->processed, MAX_MESSAGE_COUNT); return FAILED; } data = in->get_data(in); @@ -120,6 +122,7 @@ static eap_tls_t *eap_tls_create(identification_t *server, identification_t *peer, bool is_server) { private_eap_tls_t *this; + size_t frag_size; INIT(this, .public = { @@ -134,7 +137,10 @@ static eap_tls_t *eap_tls_create(identification_t *server, }, ); - this->tls_eap = tls_eap_create(EAP_TLS, is_server, server, peer, NULL); + frag_size = lib->settings->get_int(lib->settings, + "charon.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN); + this->tls_eap = tls_eap_create(EAP_TLS, is_server, server, peer, + NULL, frag_size); if (!this->tls_eap) { free(this); diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index c5195699c..d450c23d7 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -46,7 +46,9 @@ struct private_eap_ttls_t { }; /** Maximum number of EAP-TTLS messages/fragments allowed */ -#define MAX_EAP_TTLS_MESSAGE_COUNT 32 +#define MAX_MESSAGE_COUNT 32 +/** Default size of a EAP-TTLS fragment */ +#define MAX_FRAGMENT_LEN 1024 METHOD(eap_method_t, initiate, status_t, private_eap_ttls_t *this, eap_payload_t **out) @@ -68,10 +70,10 @@ METHOD(eap_method_t, process, status_t, status_t status; chunk_t data; - if (++this->processed > MAX_EAP_TTLS_MESSAGE_COUNT) + if (++this->processed > MAX_MESSAGE_COUNT) { DBG1(DBG_IKE, "EAP-TTLS packet count exceeded (%d > %d)", - this->processed, MAX_EAP_TTLS_MESSAGE_COUNT); + this->processed, MAX_MESSAGE_COUNT); return FAILED; } data = in->get_data(in); @@ -123,6 +125,7 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, tls_application_t *application) { private_eap_ttls_t *this; + size_t frag_size; INIT(this, .public = { @@ -141,8 +144,10 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, { peer = NULL; } - this->tls_eap = tls_eap_create(EAP_TTLS, is_server, - server, peer, application); + frag_size = lib->settings->get_int(lib->settings, + "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN); + this->tls_eap = tls_eap_create(EAP_TTLS, is_server, server, peer, + application, frag_size); if (!this->tls_eap) { application->destroy(application); |