From f9fc5f2045b18b4e51c43848ef0cb19d9cd223ad Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 31 Aug 2010 16:10:55 +0200 Subject: Added strongswan.conf options for EAP-TLS/TTLS fragment size --- src/libcharon/plugins/eap_ttls/eap_ttls.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'src/libcharon/plugins/eap_ttls') diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index c5195699c..d450c23d7 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -46,7 +46,9 @@ struct private_eap_ttls_t { }; /** Maximum number of EAP-TTLS messages/fragments allowed */ -#define MAX_EAP_TTLS_MESSAGE_COUNT 32 +#define MAX_MESSAGE_COUNT 32 +/** Default size of a EAP-TTLS fragment */ +#define MAX_FRAGMENT_LEN 1024 METHOD(eap_method_t, initiate, status_t, private_eap_ttls_t *this, eap_payload_t **out) @@ -68,10 +70,10 @@ METHOD(eap_method_t, process, status_t, status_t status; chunk_t data; - if (++this->processed > MAX_EAP_TTLS_MESSAGE_COUNT) + if (++this->processed > MAX_MESSAGE_COUNT) { DBG1(DBG_IKE, "EAP-TTLS packet count exceeded (%d > %d)", - this->processed, MAX_EAP_TTLS_MESSAGE_COUNT); + this->processed, MAX_MESSAGE_COUNT); return FAILED; } data = in->get_data(in); @@ -123,6 +125,7 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, tls_application_t *application) { private_eap_ttls_t *this; + size_t frag_size; INIT(this, .public = { @@ -141,8 +144,10 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, { peer = NULL; } - this->tls_eap = tls_eap_create(EAP_TTLS, is_server, - server, peer, application); + frag_size = lib->settings->get_int(lib->settings, + "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN); + this->tls_eap = tls_eap_create(EAP_TTLS, is_server, server, peer, + application, frag_size); if (!this->tls_eap) { application->destroy(application); -- cgit v1.2.3