diff options
Diffstat (limited to 'src/libcharon/plugins/eap_tls')
| -rw-r--r-- | src/libcharon/plugins/eap_tls/eap_tls.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index ac835c795..8c5680861 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -69,11 +69,11 @@ struct private_eap_tls_t { }; /** Size limit for a single TLS message */ -#define MAX_TLS_MESSAGE_LEN 16384 +#define MAX_TLS_MESSAGE_LEN 65536 /** Size of a EAP-TLS fragment */ #define EAP_TLS_FRAGMENT_LEN 1014 /** Maximum number of EAP-TLS messages/fragments allowed */ -#define MAX_EAP_TLS_MESSAGE_COUNT 16 +#define MAX_EAP_TLS_MESSAGE_COUNT 32 /** * Flags of an EAP-TLS message @@ -174,6 +174,9 @@ static bool write_buf(private_eap_tls_t *this, eap_tls_packet_t *pkt) data = chunk_create((char*)(pkt + 1), pkt_len - sizeof(eap_tls_packet_t)); } + DBG2(DBG_IKE, "received EAP-TLS %s (%u bytes)", + (pkt->flags & EAP_TLS_MORE_FRAGS) ? "fragment" : "packet", pkt_len); + if (data.len > this->input.len - this->inpos) { DBG1(DBG_IKE, "EAP-TLS fragment exceeds TLS message length"); @@ -231,7 +234,7 @@ static eap_payload_t *read_buf(private_eap_tls_t *this, u_int8_t identifier) pkt_len += EAP_TLS_FRAGMENT_LEN; memcpy(start, this->output.ptr + this->outpos, EAP_TLS_FRAGMENT_LEN); this->outpos += EAP_TLS_FRAGMENT_LEN; - DBG2(DBG_IKE, "sending EAP-TLS packet fragment"); + DBG2(DBG_IKE, "sending EAP-TLS fragment (%u bytes)", pkt_len); } else { @@ -240,7 +243,7 @@ static eap_payload_t *read_buf(private_eap_tls_t *this, u_int8_t identifier) this->output.len - this->outpos); chunk_free(&this->output); this->outpos = 0; - DBG2(DBG_IKE, "sending EAP-TLS packet"); + DBG2(DBG_IKE, "sending EAP-TLS packet (%u bytes)", pkt_len); } } else @@ -267,6 +270,8 @@ static status_t process_buf(private_eap_tls_t *this) { in = (tls_record_t*)data.ptr; len = untoh16(&in->length); + DBG2(DBG_IKE, "received TLS %N record (%u bytes)", + tls_content_type_names, in->type, sizeof(tls_record_t) + len); if (len > data.len - sizeof(tls_record_t)) { DBG1(DBG_IKE, "TLS record length invalid"); @@ -315,6 +320,8 @@ static status_t process_buf(private_eap_tls_t *this) htoun16(&out.version, this->tls->get_version(this->tls)); htoun16(&out.length, data.len); this->output = chunk_cat("mcm", this->output, header, data); + DBG2(DBG_IKE, "sending TLS %N record (%u bytes)", + tls_content_type_names, type, sizeof(tls_record_t) + data.len); } } |