#include <processing/jobs/process_message_job.h>
#include <encoding/payloads/fragment_payload.h>
+#include <bio/bio_writer.h>
/**
* Number of old messages hashes we keep for retransmission.
*/
#define MAX_OLD_HASHES 2
+/**
+ * Maximum packet size for fragmented packets (same as in sockets)
+ */
+#define MAX_PACKET 10000
+
/**
* First sequence number of responding packets.
*
*/
linked_list_t *list;
+ /**
+ * Length of all currently received fragments
+ */
+ size_t len;
+
+ /**
+ * Maximum length of a fragmented packet
+ */
+ size_t max_packet;
+
} frag;
/**
DESTROY_FUNCTION_IF(this->frag.list, (void*)fragment_destroy);
this->frag.list = NULL;
this->frag.last = 0;
+ this->frag.len = 0;
this->frag.id = id;
}
enumerator_t *enumerator;
fragment_t *fragment;
status_t status = SUCCESS;
+ chunk_t data;
u_int8_t num;
payload = (fragment_payload_t*)msg->get_payload(msg, FRAGMENT_V1);
}
}
+ data = payload->get_data(payload);
+ this->frag.len += data.len;
+ if (this->frag.len > this->frag.max_packet)
+ {
+ DBG1(DBG_IKE, "fragmented IKE message is too large");
+ enumerator->destroy(enumerator);
+ clear_fragments(this, 0);
+ return FAILED;
+ }
+
INIT(fragment,
.num = num,
- .data = chunk_clone(payload->get_data(payload)),
+ .data = chunk_clone(data),
);
this->frag.list->insert_before(this->frag.list, enumerator, fragment);
{
message_t *message;
packet_t *pkt;
- chunk_t data = chunk_empty;
host_t *src, *dst;
+ bio_writer_t *writer;
+ writer = bio_writer_create(this->frag.len);
DBG1(DBG_IKE, "received fragment #%hhu, reassembling fragmented IKE "
"message", num);
enumerator = this->frag.list->create_enumerator(this->frag.list);
while (enumerator->enumerate(enumerator, &fragment))
{
- data = chunk_cat("mc", data, fragment->data);
+ writer->write_data(writer, fragment->data);
}
enumerator->destroy(enumerator);
src = msg->get_source(msg);
dst = msg->get_destination(msg);
- pkt = packet_create_from_data(src->clone(src), dst->clone(dst), data);
+ pkt = packet_create_from_data(src->clone(src), dst->clone(dst),
+ writer->extract_buf(writer));
+ writer->destroy(writer);
message = message_create_from_packet(pkt);
if (message->parse_header(message) != SUCCESS)
.responding = {
.seqnr = RESPONDING_SEQ,
},
+ .frag = {
+ .max_packet = lib->settings->get_int(lib->settings,
+ "%s.max_packet", MAX_PACKET, charon->name),
+ },
.ike_sa = ike_sa,
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
.queued_tasks = linked_list_create(),
projects / thirdparty / strongswan.git / commitdiff
