*/
bool *request_handshake_retry;
+ /**
+ * Maximum size of a PA-TNC message
+ */
+ u_int32_t max_msg_len;
+
/**
* collection of IMV recommendations
*/
METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
private_tnc_tnccs_manager_t *this, tnccs_type_t type, tnccs_t *tnccs,
tnccs_send_message_t send_message, bool* request_handshake_retry,
- recommendations_t **recs)
+ u_int32_t max_msg_len, recommendations_t **recs)
{
tnccs_connection_entry_t *entry;
entry->tnccs = tnccs;
entry->send_message = send_message;
entry->request_handshake_retry = request_handshake_retry;
+ entry->max_msg_len = max_msg_len;
if (recs)
{
/* we assume a TNC Server needing recommendations from IMVs */
return TNC_RESULT_SUCCESS;
}
case TNC_ATTRIBUTEID_MAX_ROUND_TRIPS:
- return uint_attribute(buffer_len, buffer, value_len, 0xffffffff);
+ return uint_attribute(buffer_len, buffer, value_len,
+ 0xffffffff);
case TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE:
- return uint_attribute(buffer_len, buffer, value_len, 0x00000000);
+ return uint_attribute(buffer_len, buffer, value_len,
+ entry->max_msg_len);
case TNC_ATTRIBUTEID_HAS_LONG_TYPES:
case TNC_ATTRIBUTEID_HAS_EXCLUSIVE:
return bool_attribute(buffer_len, buffer, value_len,
- entry->type == TNCCS_2_0);
+ entry->type == TNCCS_2_0);
case TNC_ATTRIBUTEID_HAS_SOH:
return bool_attribute(buffer_len, buffer, value_len,
- entry->type == TNCCS_SOH);
+ entry->type == TNCCS_SOH);
case TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL:
{
char *protocol;
INCLUDES = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libcharon \
+ -I$(top_srcdir)/src/libhydra \
-I$(top_srcdir)/src/libtls \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtnccs \
#include <tnc/tnccs/tnccs_manager.h>
#include <debug.h>
+#include <daemon.h>
#include <threading/mutex.h>
typedef struct private_tnccs_11_t private_tnccs_11_t;
*/
tnccs_batch_t *batch;
+ /**
+ * Maximum PA-TNC message size
+ */
+ size_t max_msg_len;
+
/**
* Mutex locking the batch in construction
*/
if (this->is_server && !this->connection_id)
{
this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
- TNCCS_1_1, (tnccs_t*)this, _send_msg,
- &this->request_handshake_retry, &this->recs);
+ TNCCS_1_1, (tnccs_t*)this, _send_msg,
+ &this->request_handshake_retry,
+ this->max_msg_len, &this->recs);
if (!this->connection_id)
{
return FAILED;
this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
TNCCS_1_1, (tnccs_t*)this, _send_msg,
- &this->request_handshake_retry, NULL);
+ &this->request_handshake_retry,
+ this->max_msg_len, NULL);
if (!this->connection_id)
{
return FAILED;
},
.is_server = is_server,
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .max_msg_len = lib->settings->get_int(lib->settings,
+ "%s.plugins.tnccs-11.max_msg_size", 45000,
+ charon->name),
);
return &this->public;
pb_tnc_batch_type_t batch_type;
/**
- * Maximum PA-TNC batch size
+ * Maximum PB-TNC batch size
*/
size_t max_batch_len;
+ /**
+ * Maximum PA-TNC message size
+ */
+ size_t max_msg_len;
+
/**
* Mutex locking the batch in construction
*/
if (this->is_server && !this->connection_id)
{
this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
- TNCCS_2_0, (tnccs_t*)this, _send_msg,
- &this->request_handshake_retry, &this->recs);
+ TNCCS_2_0, (tnccs_t*)this, _send_msg,
+ &this->request_handshake_retry,
+ this->max_msg_len, &this->recs);
if (!this->connection_id)
{
return FAILED;
this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
TNCCS_2_0, (tnccs_t*)this, _send_msg,
- &this->request_handshake_retry, NULL);
+ &this->request_handshake_retry,
+ this->max_msg_len, NULL);
if (!this->connection_id)
{
return FAILED;
.max_batch_len = lib->settings->get_int(lib->settings,
"%s.plugins.tnccs-20.max_batch_size", 65522,
charon->name),
+ .max_msg_len = lib->settings->get_int(lib->settings,
+ "%s.plugins.tnccs-20.max_msg_size", 65490,
+ charon->name),
);
return &this->public;
*/
TNC_MessageSubtype subtype;
- /**
- * Maximum PA-TNC Message size
- */
- size_t max_msg_len;
-
/**
* ID of IMC as assigned by TNCC
*/
return NULL;
}
+/**
+ * Read an UInt32 attribute
+ */
+static u_int32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
+ TNC_AttributeID attribute_id)
+{
+ TNC_UInt32 len;
+ char buf[4];
+
+ if (this->get_attribute &&
+ this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
+ TNC_RESULT_SUCCESS && len == 4)
+ {
+ return untoh32(buf);
+ }
+ return 0;
+ }
+
METHOD(imc_agent_t, create_state, TNC_Result,
private_imc_agent_t *this, imc_state_t *state)
{
TNC_ConnectionID conn_id;
char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
+ u_int32_t max_msg_len;
conn_id = state->get_connection_id(state);
if (find_connection(this, conn_id))
tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
+ max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
state->set_flags(state, has_long, has_excl);
+ state->set_max_msg_len(state, max_msg_len);
+
+ DBG2(DBG_IMC, "IMC %u \"%s\" created a state for %s %s Connection ID %u: "
+ "%slong %sexcl %ssoh", this->id, this->name,
+ tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
+ has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
+ DBG2(DBG_IMC, " over %s %s with maximum PA-TNC msg size of %u bytes",
+ t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
- DBG2(DBG_IMC, "IMC %u \"%s\" created a state for Connection ID %u: "
- "%s %s with %slong %sexcl %ssoh over %s %s",
- this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?",
- tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-",
- has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?");
free(tnccs_p);
free(tnccs_v);
free(t_p);
while (attr_list->get_count(attr_list))
{
- pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
+ pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state));
enumerator = attr_list->create_enumerator(attr_list);
while (enumerator->enumerate(enumerator, &attr))
.name = name,
.vendor_id = vendor_id,
.subtype = subtype,
- .max_msg_len = 65490,
.id = id,
.additional_ids = linked_list_create(),
.connections = linked_list_create(),
*/
void (*set_flags)(imc_state_t *this, bool has_long, bool has_excl);
+ /**
+ * Set the maximum size of a PA-TNC message for this TNCCS connection
+ *
+ * @max_msg_len maximum size of a PA-TNC message
+ */
+ void (*set_max_msg_len)(imc_state_t *this, u_int32_t max_msg_len);
+
+ /**
+ * Get the maximum size of a PA-TNC message for this TNCCS connection
+ *
+ * @return maximum size of a PA-TNC message
+ */
+ u_int32_t (*get_max_msg_len)(imc_state_t *this);
+
/**
* Change the connection state
*
return NULL;
}
+/**
+ * Read an UInt32 attribute
+ */
+static u_int32_t get_uint_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
+ TNC_AttributeID attribute_id)
+{
+ TNC_UInt32 len;
+ char buf[4];
+
+ if (this->get_attribute &&
+ this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
+ TNC_RESULT_SUCCESS && len == 4)
+ {
+ return untoh32(buf);
+ }
+ return 0;
+ }
+
METHOD(imv_agent_t, create_state, TNC_Result,
private_imv_agent_t *this, imv_state_t *state)
{
TNC_ConnectionID conn_id;
char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
+ u_int32_t max_msg_len;
conn_id = state->get_connection_id(state);
if (find_connection(this, conn_id))
tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
+ max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
state->set_flags(state, has_long, has_excl);
+ state->set_max_msg_len(state, max_msg_len);
+
+ DBG2(DBG_IMV, "IMV %u \"%s\" created a state for %s %s Connection ID %u: "
+ "%slong %sexcl %ssoh", this->id, this->name,
+ tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
+ has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
+ DBG2(DBG_IMV, " over %s %s with maximum PA-TNC msg size of %u bytes",
+ t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
- DBG2(DBG_IMV, "IMV %u \"%s\" created a state for Connection ID %u: "
- "%s %s with %slong %sexcl %ssoh over %s %s",
- this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?",
- tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-",
- has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?");
free(tnccs_p);
free(tnccs_v);
free(t_p);
*/
void (*set_flags)(imv_state_t *this, bool has_long, bool has_excl);
+ /**
+ * Set the maximum size of a PA-TNC message for this TNCCS connection
+ *
+ * @max_msg_len maximum size of a PA-TNC message
+ */
+ void (*set_max_msg_len)(imv_state_t *this, u_int32_t max_msg_len);
+
+ /**
+ * Get the maximum size of a PA-TNC message for this TNCCS connection
+ *
+ * @return maximum size of a PA-TNC message
+ */
+ u_int32_t (*get_max_msg_len)(imv_state_t *this);
+
/**
* Change the connection state
*
*/
bool has_excl;
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
this->has_excl = has_excl;
}
+METHOD(imc_state_t, set_max_msg_len, void,
+ private_imc_scanner_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+ private_imc_scanner_state_t *this)
+{
+ return this->max_msg_len;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
{
.has_long = _has_long,
.has_excl = _has_excl,
.set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
.change_state = _change_state,
.destroy = _destroy,
},
*/
bool has_excl;
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
+
/**
* Command to transmit to IMV
*/
this->has_excl = has_excl;
}
+METHOD(imc_state_t, set_max_msg_len, void,
+ private_imc_test_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+ private_imc_test_state_t *this)
+{
+ return this->max_msg_len;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_test_state_t *this, TNC_ConnectionState new_state)
{
.has_long = _has_long,
.has_excl = _has_excl,
.set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
.change_state = _change_state,
.destroy = _destroy,
},
*/
bool has_excl;
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
+
/**
* IMV action recommendation
*/
this->has_excl = has_excl;
}
+METHOD(imv_state_t, set_max_msg_len, void,
+ private_imv_scanner_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+ private_imv_scanner_state_t *this)
+{
+ return this->max_msg_len;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
{
.has_long = _has_long,
.has_excl = _has_excl,
.set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
*/
bool has_excl;
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
+
/**
* IMV action recommendation
*/
this->has_excl = has_excl;
}
+METHOD(imv_state_t, set_max_msg_len, void,
+ private_imv_test_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+ private_imv_test_state_t *this)
+{
+ return this->max_msg_len;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_test_state_t *this, TNC_ConnectionState new_state)
{
.has_long = _has_long,
.has_excl = _has_excl,
.set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
*/
bool has_excl;
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
+
/**
* PTS object
*/
this->has_excl = has_excl;
}
+METHOD(imc_state_t, set_max_msg_len, void,
+ private_imc_attestation_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+ private_imc_attestation_state_t *this)
+{
+ return this->max_msg_len;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
{
.has_long = _has_long,
.has_excl = _has_excl,
.set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
.change_state = _change_state,
.destroy = _destroy,
},
*/
bool has_excl;
+ /**
+ * Maximum PA-TNC message size for this TNCCS connection
+ */
+ u_int32_t max_msg_len;
+
/**
* IMV Attestation handshake state
*/
this->has_excl = has_excl;
}
+METHOD(imv_state_t, set_max_msg_len, void,
+ private_imv_attestation_state_t *this, u_int32_t max_msg_len)
+{
+ this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+ private_imv_attestation_state_t *this)
+{
+ return this->max_msg_len;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
{
.has_long = _has_long,
.has_excl = _has_excl,
.set_flags = _set_flags,
+ .set_max_msg_len = _set_max_msg_len,
+ .get_max_msg_len = _get_max_msg_len,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
* @param tnccs TNCCS connection instance
* @param send_message TNCCS callback function
* @param request_handshake_retry pointer to boolean variable
+ * @param max_msg_len maximum PA-TNC message size
* @param recs pointer to IMV recommendation set
* @return assigned connection ID
*/
tnccs_type_t type, tnccs_t *tnccs,
tnccs_send_message_t send_message,
bool *request_handshake_retry,
+ u_int32_t max_msg_len,
recommendations_t **recs);
/**
projects / thirdparty / strongswan.git / commitdiff
