From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 9 Jul 2012 18:56:19 +0000 (+0200)
Subject: EAP-TNC does not support fragmentation
X-Git-Tag: 5.0.1~429
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4492ffc90798fb3764868e9887a0c96009b9b9e4;p=thirdparty%2Fstrongswan.git

EAP-TNC does not support fragmentation
---

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index ef37f2f236..45380b304b 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -399,15 +399,9 @@ Maximum number of processed EAP-TLS packets (0 = no limit)
 .BR charon.plugins.eap-tls.include_length " [yes]"
 Include length in non-fragmented EAP-TLS packets
 .TP
-.BR charon.plugins.eap-tnc.fragment_size " [50000]"
-Maximum size of an EAP-TNC packet
-.TP
 .BR charon.plugins.eap-tnc.max_message_count " [10]"
 Maximum number of processed EAP-TNC packets (0 = no limit)
 .TP
-.BR charon.plugins.eap-tnc.include_length " [yes]"
-Include length in non-fragmented EAP-TNC packets
-.TP
 .BR charon.plugins.eap-ttls.fragment_size " [1024]"
 Maximum size of an EAP-TTLS packet
 .TP
diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c
index 14e8c18cdb..53c488d943 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c
@@ -21,6 +21,16 @@
 #include <debug.h>
 #include <daemon.h>
 
+/**
+ * Maximum size of an EAP-TNC message
+ */
+#define EAP_TNC_MAX_MESSAGE_LEN 65535
+
+/**
+ * Maximum number of EAP-TNC messages allowed
+ */
+#define EAP_TNC_MAX_MESSAGE_COUNT 10
+
 typedef struct private_eap_tnc_t private_eap_tnc_t;
 
 /**
@@ -39,12 +49,6 @@ struct private_eap_tnc_t {
 	tls_eap_t *tls_eap;
 };
 
-
-/** Maximum number of EAP-TNC messages/fragments allowed */
-#define MAX_MESSAGE_COUNT 10
-/** Default size of a EAP-TNC fragment */
-#define MAX_FRAGMENT_LEN 50000
-
 METHOD(eap_method_t, initiate, status_t,
 	private_eap_tnc_t *this, eap_payload_t **out)
 {
@@ -147,12 +151,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 		},
 	);
 
-	frag_size = lib->settings->get_int(lib->settings,
-					"%s.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN,
-					charon->name);
 	max_msg_count = lib->settings->get_int(lib->settings,
-					"%s.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT,
-					charon->name);
+					"%s.plugins.eap-tnc.max_message_count",
+					EAP_TNC_MAX_MESSAGE_COUNT, charon->name);
 	include_length = lib->settings->get_bool(lib->settings,
 					"%s.plugins.eap-tnc.include_length", TRUE, charon->name);
 	protocol = lib->settings->get_str(lib->settings,
@@ -176,7 +177,8 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 		return NULL;
 	}
 	tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, is_server);
-	this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs, frag_size,
+	this->tls_eap = tls_eap_create(EAP_TNC, (tls_t*)tnccs,
+											 EAP_TNC_MAX_MESSAGE_LEN,
 											 max_msg_count, include_length);
 	if (!this->tls_eap)
 	{