added TLS record debug output
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 18 Aug 2010 20:52:42 +0000 (22:52 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 18 Aug 2010 20:52:42 +0000 (22:52 +0200)
src/libcharon/plugins/eap_tls/eap_tls.c

index ac835c7..8c56808 100644 (file)
@@ -69,11 +69,11 @@ struct private_eap_tls_t {
 };
 
 /** Size limit for a single TLS message */
-#define MAX_TLS_MESSAGE_LEN 16384
+#define MAX_TLS_MESSAGE_LEN 65536
 /** Size of a EAP-TLS fragment */
 #define EAP_TLS_FRAGMENT_LEN 1014
 /** Maximum number of EAP-TLS messages/fragments allowed */
-#define MAX_EAP_TLS_MESSAGE_COUNT 16
+#define MAX_EAP_TLS_MESSAGE_COUNT 32
 
 /**
  * Flags of an EAP-TLS message
@@ -174,6 +174,9 @@ static bool write_buf(private_eap_tls_t *this, eap_tls_packet_t *pkt)
                data = chunk_create((char*)(pkt + 1),
                                                pkt_len - sizeof(eap_tls_packet_t));
        }
+       DBG2(DBG_IKE, "received EAP-TLS %s (%u bytes)",
+               (pkt->flags & EAP_TLS_MORE_FRAGS) ? "fragment" : "packet", pkt_len);
+
        if (data.len > this->input.len - this->inpos)
        {
                DBG1(DBG_IKE, "EAP-TLS fragment exceeds TLS message length");
@@ -231,7 +234,7 @@ static eap_payload_t *read_buf(private_eap_tls_t *this, u_int8_t identifier)
                        pkt_len += EAP_TLS_FRAGMENT_LEN;
                        memcpy(start, this->output.ptr + this->outpos, EAP_TLS_FRAGMENT_LEN);
                        this->outpos += EAP_TLS_FRAGMENT_LEN;
-                       DBG2(DBG_IKE, "sending EAP-TLS packet fragment");
+                       DBG2(DBG_IKE, "sending EAP-TLS fragment (%u bytes)", pkt_len);
                }
                else
                {
@@ -240,7 +243,7 @@ static eap_payload_t *read_buf(private_eap_tls_t *this, u_int8_t identifier)
                                   this->output.len - this->outpos);
                        chunk_free(&this->output);
                        this->outpos = 0;
-                       DBG2(DBG_IKE, "sending EAP-TLS packet");
+                       DBG2(DBG_IKE, "sending EAP-TLS packet (%u bytes)", pkt_len);
                }
        }
        else
@@ -267,6 +270,8 @@ static status_t process_buf(private_eap_tls_t *this)
        {
                in = (tls_record_t*)data.ptr;
                len = untoh16(&in->length);
+               DBG2(DBG_IKE, "received TLS %N record (%u bytes)",
+                        tls_content_type_names, in->type, sizeof(tls_record_t) + len);
                if (len > data.len - sizeof(tls_record_t))
                {
                        DBG1(DBG_IKE, "TLS record length invalid");
@@ -315,6 +320,8 @@ static status_t process_buf(private_eap_tls_t *this)
                htoun16(&out.version, this->tls->get_version(this->tls));
                htoun16(&out.length, data.len);
                this->output = chunk_cat("mcm", this->output, header, data);
+               DBG2(DBG_IKE, "sending TLS %N record (%u bytes)",
+                        tls_content_type_names, type, sizeof(tls_record_t) + data.len);
        }
 }