Automatic determination of maximum PB-TNC batch and PA-TNC message size
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 27 May 2014 17:03:49 +0000 (19:03 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 31 May 2014 18:37:56 +0000 (20:37 +0200)
src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.h
src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
src/libtnccs/plugins/tnccs_20/tnccs_20.c

index ef0faf2..228c082 100644 (file)
@@ -16,6 +16,7 @@
 
 #include "pb_tnc_batch.h"
 #include "messages/ietf/pb_error_msg.h"
+#include "messages/ietf/pb_pa_msg.h"
 #include "state_machine/pb_tnc_state_machine.h"
 
 #include <tnc/tnccs/tnccs.h>
@@ -51,7 +52,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t;
 
 #define PB_TNC_BATCH_FLAG_NONE         0x00
 #define PB_TNC_BATCH_FLAG_D                    (1<<7)
-#define PB_TNC_BATCH_HEADER_SIZE       8
 
 /**
  *   PB-TNC Message (see section 4.2 of RFC 5793)
@@ -71,7 +71,6 @@ typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t;
 
 #define PB_TNC_FLAG_NONE                       0x00
 #define PB_TNC_FLAG_NOSKIP                     (1<<7)
-#define PB_TNC_HEADER_SIZE                     12
 
 #define PB_TNC_RESERVED_MSG_TYPE       0xffffffff
 
@@ -148,7 +147,7 @@ METHOD(pb_tnc_batch_t, add_msg, bool,
 
        msg->build(msg);
        msg_value = msg->get_encoding(msg);
-       msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
+       msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len;
 
        if (this->batch_len + msg_len > this->max_batch_len)
        {
@@ -201,7 +200,7 @@ METHOD(pb_tnc_batch_t, build, void,
 
                /* build PB-TNC message */
                msg_value = msg->get_encoding(msg);
-               msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
+               msg_len = PB_TNC_MSG_HEADER_SIZE + msg_value.len;
                msg_type = msg->get_type(msg);
                switch (msg_type.vendor_id)
                {
@@ -339,7 +338,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
 
        data = chunk_skip(this->encoding, this->offset);
 
-       if (data.len < PB_TNC_HEADER_SIZE)
+       if (data.len < PB_TNC_MSG_HEADER_SIZE)
        {
                DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header",
                                          data.len);
@@ -403,7 +402,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
        }
        else
        {
-               if (msg_len < PB_TNC_HEADER_SIZE)
+               if (msg_len < PB_TNC_MSG_HEADER_SIZE)
                {
                        DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length",
                                                   msg_len);
@@ -475,7 +474,7 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
        DBG2(DBG_TNC, "processing %N/%N message (%u bytes)", pen_names, vendor_id,
                 msg_type_names, msg_type, msg_len);
        data.len = msg_len;
-       msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE);
+       msg_value = chunk_skip(data, PB_TNC_MSG_HEADER_SIZE);
        msg_pen_type = pen_type_create(vendor_id, msg_type);
        pb_tnc_msg = pb_tnc_msg_create_from_data(msg_pen_type, msg_value);
 
index 60cef77..106c557 100644 (file)
@@ -29,6 +29,9 @@ typedef struct pb_tnc_batch_t pb_tnc_batch_t;
 
 #include <library.h>
 
+#define PB_TNC_BATCH_HEADER_SIZE        8
+#define PB_TNC_MSG_HEADER_SIZE         12
+
 /**
   * PB-TNC Batch Types as defined in section 4.1 of RFC 5793
  */
index a9a097b..263af32 100644 (file)
@@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, build, void,
        }
 
        /* build message header */
-       writer = bio_writer_create(64);
+       writer = bio_writer_create(PB_PA_MSG_HEADER_SIZE);
        writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE);
        writer->write_uint24(writer, this->subtype.vendor_id);
        writer->write_uint32(writer, this->subtype.type);
index 093bb45..f3b6b15 100644 (file)
@@ -27,6 +27,8 @@ typedef struct pb_pa_msg_t pb_pa_msg_t;
 
 #include <pen/pen.h>
 
+#define PB_PA_MSG_HEADER_SIZE  12
+
 /**
  * Class representing the PB-PA message type.
  */
index f78b85a..b593f85 100644 (file)
@@ -1032,6 +1032,38 @@ tnccs_t* tnccs_20_create(bool is_server,
                                                 tnc_ift_type_t transport, tnccs_cb_t cb)
 {
        private_tnccs_20_t *this;
+       size_t max_batch_size, default_max_batch_size;
+       size_t max_message_size, default_max_message_size;
+
+       /* Determine the maximum PB-TNC batch size and PA-TNC message size */
+       switch (transport)
+       {
+               case TNC_IFT_TLS_2_0:
+               case TNC_IFT_TLS_1_0:
+                       default_max_batch_size = 8 * TLS_MAX_FRAGMENT_LEN - 16;
+                       break;
+               case TNC_IFT_EAP_2_0:
+               case TNC_IFT_EAP_1_1:
+               case TNC_IFT_EAP_1_0:
+               case TNC_IFT_UNKNOWN:
+               default:
+                       default_max_batch_size = 4 * TLS_MAX_FRAGMENT_LEN - 14;
+                       break;
+       }
+
+       max_batch_size = min(default_max_batch_size,
+                                               lib->settings->get_int(lib->settings,
+                                                               "%s.plugins.tnccs-20.max_batch_size",
+                                                                default_max_batch_size, lib->ns));
+
+       default_max_message_size = max_batch_size - PB_TNC_BATCH_HEADER_SIZE
+                                                                                         - PB_TNC_MSG_HEADER_SIZE
+                                                                                         - PB_PA_MSG_HEADER_SIZE;
+
+       max_message_size = min(default_max_message_size,
+                                                       lib->settings->get_int(lib->settings,
+                                                               "%s.plugins.tnccs-20.max_message_size",
+                                                                default_max_message_size, lib->ns));
 
        INIT(this,
                .public = {
@@ -1062,10 +1094,8 @@ tnccs_t* tnccs_20_create(bool is_server,
                .state_machine = pb_tnc_state_machine_create(is_server),
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
                .messages = linked_list_create(),
-               .max_batch_len = lib->settings->get_int(lib->settings,
-                                               "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns),
-               .max_msg_len = lib->settings->get_int(lib->settings,
-                                               "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns),
+               .max_batch_len = max_batch_size,
+               .max_msg_len = max_message_size,
                .ref = 1,
        );