#include "pb_tnc_batch.h"
#include "messages/ietf/pb_error_msg.h"
+#include "messages/ietf/pb_pa_msg.h"
#include "state_machine/pb_tnc_state_machine.h"
#include <tnc/tnccs/tnccs.h>
#define PB_TNC_BATCH_FLAG_NONE 0x00
#define PB_TNC_BATCH_FLAG_D (1<<7)
-#define PB_TNC_BATCH_HEADER_SIZE 8
/**
* PB-TNC Message (see section 4.2 of RFC 5793)
#define PB_TNC_FLAG_NONE 0x00
#define PB_TNC_FLAG_NOSKIP (1<<7)
-#define PB_TNC_HEADER_SIZE 12
#define PB_TNC_RESERVED_MSG_TYPE 0xffffffff
msg->build(msg);
msg_value = msg->get_encoding(msg);
- msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
+ msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len;
if (this->batch_len + msg_len > this->max_batch_len)
{
/* build PB-TNC message */
msg_value = msg->get_encoding(msg);
- msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
+ msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len;
msg_type = msg->get_type(msg);
switch (msg_type.vendor_id)
{
data = chunk_skip(this->encoding, this->offset);
- if (data.len < PB_TNC_HEADER_SIZE)
+ if (data.len < PB_TNC_MSG_HEADER_SIZE)
{
DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header",
data.len);
}
else
{
- if (msg_len < PB_TNC_HEADER_SIZE)
+ if (msg_len < PB_TNC_MSG_HEADER_SIZE)
{
DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length",
msg_len);
DBG2(DBG_TNC, "processing %N/%N message (%u bytes)", pen_names, vendor_id,
msg_type_names, msg_type, msg_len);
data.len = msg_len;
- msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE);
+ msg_value = chunk_skip(data, PB_TNC_MSG_HEADER_SIZE);
msg_pen_type = pen_type_create(vendor_id, msg_type);
pb_tnc_msg = pb_tnc_msg_create_from_data(msg_pen_type, msg_value);
#include <library.h>
+#define PB_TNC_BATCH_HEADER_SIZE 8
+#define PB_TNC_MSG_HEADER_SIZE 12
+
/**
* PB-TNC Batch Types as defined in section 4.1 of RFC 5793
*/
}
/* build message header */
- writer = bio_writer_create(64);
+ writer = bio_writer_create(PB_PA_MSG_HEADER_SIZE);
writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE);
writer->write_uint24(writer, this->subtype.vendor_id);
writer->write_uint32(writer, this->subtype.type);
#include <pen/pen.h>
+#define PB_PA_MSG_HEADER_SIZE 12
+
/**
* Class representing the PB-PA message type.
*/
tnc_ift_type_t transport, tnccs_cb_t cb)
{
private_tnccs_20_t *this;
+ size_t max_batch_size, default_max_batch_size;
+ size_t max_message_size, default_max_message_size;
+
+ /* Determine the maximum PB-TNC batch size and PA-TNC message size */
+ switch (transport)
+ {
+ case TNC_IFT_TLS_2_0:
+ case TNC_IFT_TLS_1_0:
+ default_max_batch_size = 8 * TLS_MAX_FRAGMENT_LEN - 16;
+ break;
+ case TNC_IFT_EAP_2_0:
+ case TNC_IFT_EAP_1_1:
+ case TNC_IFT_EAP_1_0:
+ case TNC_IFT_UNKNOWN:
+ default:
+ default_max_batch_size = 4 * TLS_MAX_FRAGMENT_LEN - 14;
+ break;
+ }
+
+ max_batch_size = min(default_max_batch_size,
+ lib->settings->get_int(lib->settings,
+ "%s.plugins.tnccs-20.max_batch_size",
+ default_max_batch_size, lib->ns));
+
+ default_max_message_size = max_batch_size - PB_TNC_BATCH_HEADER_SIZE
+ - PB_TNC_MSG_HEADER_SIZE
+ - PB_PA_MSG_HEADER_SIZE;
+
+ max_message_size = min(default_max_message_size,
+ lib->settings->get_int(lib->settings,
+ "%s.plugins.tnccs-20.max_message_size",
+ default_max_message_size, lib->ns));
INIT(this,
.public = {
.state_machine = pb_tnc_state_machine_create(is_server),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.messages = linked_list_create(),
- .max_batch_len = lib->settings->get_int(lib->settings,
- "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns),
- .max_msg_len = lib->settings->get_int(lib->settings,
- "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns),
+ .max_batch_len = max_batch_size,
+ .max_msg_len = max_message_size,
.ref = 1,
);
projects / thirdparty / strongswan.git / commitdiff
