restrict PA-TNC messages to maximum size
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Jul 2012 18:01:32 +0000 (20:01 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Jul 2012 19:26:18 +0000 (21:26 +0200)
15 files changed:
src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c
src/libcharon/plugins/tnccs_11/Makefile.am
src/libcharon/plugins/tnccs_11/tnccs_11.c
src/libcharon/plugins/tnccs_20/tnccs_20.c
src/libimcv/imc/imc_agent.c
src/libimcv/imc/imc_state.h
src/libimcv/imv/imv_agent.c
src/libimcv/imv/imv_state.h
src/libimcv/plugins/imc_scanner/imc_scanner_state.c
src/libimcv/plugins/imc_test/imc_test_state.c
src/libimcv/plugins/imv_scanner/imv_scanner_state.c
src/libimcv/plugins/imv_test/imv_test_state.c
src/libpts/plugins/imc_attestation/imc_attestation_state.c
src/libpts/plugins/imv_attestation/imv_attestation_state.c
src/libtnccs/tnc/tnccs/tnccs_manager.h

index 64ed160..3a3a111 100644 (file)
@@ -75,6 +75,11 @@ struct tnccs_connection_entry_t {
        bool *request_handshake_retry;
 
        /**
+        * Maximum size of a PA-TNC message
+        */
+       u_int32_t max_msg_len;
+
+       /**
         * collection of IMV recommendations
         */
        recommendations_t *recs;
@@ -181,7 +186,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
 METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
        private_tnc_tnccs_manager_t *this, tnccs_type_t type, tnccs_t *tnccs,
        tnccs_send_message_t send_message, bool* request_handshake_retry,
-       recommendations_t **recs)
+       u_int32_t max_msg_len, recommendations_t **recs)
 {
        tnccs_connection_entry_t *entry;
 
@@ -190,6 +195,7 @@ METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
        entry->tnccs = tnccs;
        entry->send_message = send_message;
        entry->request_handshake_retry = request_handshake_retry;
+       entry->max_msg_len = max_msg_len;
        if (recs)
        {
                /* we assume a TNC Server needing recommendations from IMVs */
@@ -564,16 +570,18 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result,
                        return TNC_RESULT_SUCCESS;
                }
                case TNC_ATTRIBUTEID_MAX_ROUND_TRIPS:
-                       return uint_attribute(buffer_len, buffer, value_len, 0xffffffff);
+                       return uint_attribute(buffer_len, buffer, value_len,
+                                                                 0xffffffff);
                case TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE:
-                       return uint_attribute(buffer_len, buffer, value_len, 0x00000000);
+                       return uint_attribute(buffer_len, buffer, value_len,
+                                                                 entry->max_msg_len);
                case TNC_ATTRIBUTEID_HAS_LONG_TYPES:
                case TNC_ATTRIBUTEID_HAS_EXCLUSIVE:
                        return bool_attribute(buffer_len, buffer, value_len, 
-                                                                        entry->type == TNCCS_2_0);
+                                                                 entry->type == TNCCS_2_0);
                case TNC_ATTRIBUTEID_HAS_SOH:
                        return bool_attribute(buffer_len, buffer, value_len, 
-                                                                       entry->type == TNCCS_SOH);
+                                                                 entry->type == TNCCS_SOH);
                case TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL:
                {
                        char *protocol;
index c205692..1d29460 100644 (file)
@@ -1,6 +1,8 @@
 
 INCLUDES = \
        -I$(top_srcdir)/src/libstrongswan \
+       -I$(top_srcdir)/src/libcharon \
+       -I$(top_srcdir)/src/libhydra \
        -I$(top_srcdir)/src/libtls \
        -I$(top_srcdir)/src/libtncif \
        -I$(top_srcdir)/src/libtnccs \
index 111cb5f..507f910 100644 (file)
@@ -32,6 +32,7 @@
 #include <tnc/tnccs/tnccs_manager.h>
 
 #include <debug.h>
+#include <daemon.h>
 #include <threading/mutex.h>
 
 typedef struct private_tnccs_11_t private_tnccs_11_t;
@@ -67,6 +68,11 @@ struct private_tnccs_11_t {
        tnccs_batch_t *batch;
 
        /**
+        * Maximum PA-TNC message size
+        */
+       size_t max_msg_len;
+
+       /**
         * Mutex locking the batch in construction
         */
        mutex_t *mutex;
@@ -289,8 +295,9 @@ METHOD(tls_t, process, status_t,
        if (this->is_server && !this->connection_id)
        {
                this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
-                                                               TNCCS_1_1, (tnccs_t*)this, _send_msg,
-                                                               &this->request_handshake_retry, &this->recs);
+                                                                       TNCCS_1_1, (tnccs_t*)this, _send_msg,
+                                                                       &this->request_handshake_retry,
+                                                                       this->max_msg_len, &this->recs);
                if (!this->connection_id)
                {
                        return FAILED;
@@ -416,7 +423,8 @@ METHOD(tls_t, build, status_t,
 
                this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
                                                                                TNCCS_1_1, (tnccs_t*)this, _send_msg,
-                                                                               &this->request_handshake_retry, NULL);
+                                                                               &this->request_handshake_retry,
+                                                                               this->max_msg_len, NULL);
                if (!this->connection_id)
                {
                        return FAILED;
@@ -545,6 +553,9 @@ tls_t *tnccs_11_create(bool is_server)
                },
                .is_server = is_server,
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+               .max_msg_len = lib->settings->get_int(lib->settings,
+                                                               "%s.plugins.tnccs-11.max_msg_size", 45000,
+                                                               charon->name),
        );
 
        return &this->public;
index c99c2d1..68a1455 100644 (file)
@@ -78,11 +78,16 @@ struct private_tnccs_20_t {
        pb_tnc_batch_type_t batch_type;
 
        /**
-        * Maximum PA-TNC batch size
+        * Maximum PB-TNC batch size
         */
        size_t max_batch_len;
 
        /**
+        * Maximum PA-TNC message size
+        */
+       size_t max_msg_len;
+
+       /**
         * Mutex locking the batch in construction
         */
        mutex_t *mutex;
@@ -407,8 +412,9 @@ METHOD(tls_t, process, status_t,
        if (this->is_server && !this->connection_id)
        {
                this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
-                                                               TNCCS_2_0, (tnccs_t*)this, _send_msg,
-                                                               &this->request_handshake_retry, &this->recs);
+                                                                       TNCCS_2_0, (tnccs_t*)this, _send_msg,
+                                                                       &this->request_handshake_retry,
+                                                                       this->max_msg_len, &this->recs);
                if (!this->connection_id)
                {
                        return FAILED;
@@ -583,7 +589,8 @@ METHOD(tls_t, build, status_t,
 
                this->connection_id = tnc->tnccs->create_connection(tnc->tnccs,
                                                                                TNCCS_2_0, (tnccs_t*)this, _send_msg,
-                                                                               &this->request_handshake_retry, NULL);
+                                                                               &this->request_handshake_retry,
+                                                                               this->max_msg_len, NULL);
                if (!this->connection_id)
                {
                        return FAILED;
@@ -797,6 +804,9 @@ tls_t *tnccs_20_create(bool is_server)
                .max_batch_len = lib->settings->get_int(lib->settings,
                                                                "%s.plugins.tnccs-20.max_batch_size", 65522,
                                                                charon->name),
+               .max_msg_len = lib->settings->get_int(lib->settings,
+                                                               "%s.plugins.tnccs-20.max_msg_size", 65490,
+                                                               charon->name),
        );
 
        return &this->public;
index 2d181c3..b372c4c 100644 (file)
@@ -48,11 +48,6 @@ struct private_imc_agent_t {
        TNC_MessageSubtype subtype;
 
        /**
-        * Maximum PA-TNC Message size
-        */
-       size_t max_msg_len;
-
-       /**
         * ID of IMC as assigned by TNCC
         */
        TNC_IMCID id;
@@ -337,12 +332,31 @@ static char* get_str_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
        return NULL;
  }
 
+/**
+ * Read an UInt32 attribute
+ */
+static u_int32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id,
+                                                                       TNC_AttributeID attribute_id)
+{
+       TNC_UInt32 len;
+       char buf[4];
+
+       if (this->get_attribute  &&
+               this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
+                                                       TNC_RESULT_SUCCESS && len == 4)
+       {
+               return untoh32(buf);
+       }
+       return 0;
+ }
+
 METHOD(imc_agent_t, create_state, TNC_Result,
        private_imc_agent_t *this, imc_state_t *state)
 {
        TNC_ConnectionID conn_id;
        char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
        bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
+       u_int32_t max_msg_len;
 
        conn_id = state->get_connection_id(state);
        if (find_connection(this, conn_id))
@@ -361,14 +375,18 @@ METHOD(imc_agent_t, create_state, TNC_Result,
        tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
        t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
        t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
+       max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
 
        state->set_flags(state, has_long, has_excl);
+       state->set_max_msg_len(state, max_msg_len);
+
+       DBG2(DBG_IMC, "IMC %u \"%s\" created a state for %s %s Connection ID %u: "
+                                 "%slong %sexcl %ssoh", this->id, this->name,
+                                 tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
+                             has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
+       DBG2(DBG_IMC, "  over %s %s with maximum PA-TNC msg size of %u bytes",
+                                 t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
 
-       DBG2(DBG_IMC, "IMC %u \"%s\" created a state for Connection ID %u: "
-                                 "%s %s with %slong %sexcl %ssoh over %s %s",
-                                 this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?",
-                                 tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-",
-                                 has_soh ? "+":"-",  t_p ? t_p:"?", t_v ? t_v :"?");
        free(tnccs_p);
        free(tnccs_v);
        free(t_p);
@@ -478,7 +496,7 @@ METHOD(imc_agent_t, send_message, TNC_Result,
 
        while (attr_list->get_count(attr_list))
        {
-               pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
+               pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state));
 
                enumerator = attr_list->create_enumerator(attr_list);
                while (enumerator->enumerate(enumerator, &attr))
@@ -688,7 +706,6 @@ imc_agent_t *imc_agent_create(const char *name,
                .name = name,
                .vendor_id = vendor_id,
                .subtype = subtype,
-               .max_msg_len = 65490,
                .id = id,
                .additional_ids = linked_list_create(),
                .connections = linked_list_create(),
index f1b0358..0e46ad5 100644 (file)
@@ -64,6 +64,20 @@ D attached to the state
        void (*set_flags)(imc_state_t *this, bool has_long, bool has_excl);
 
        /**
+        * Set the maximum size of a PA-TNC message for this TNCCS connection
+        *
+        * @max_msg_len                 maximum size of a PA-TNC message
+        */
+       void (*set_max_msg_len)(imc_state_t *this, u_int32_t max_msg_len);
+
+       /**
+        * Get the maximum size of a PA-TNC message for this TNCCS connection
+        *
+        * @return                              maximum size of a PA-TNC message
+        */
+       u_int32_t (*get_max_msg_len)(imc_state_t *this);
+
+       /**
         * Change the connection state
         *
         * @param new_state             new connection state
index 19c2dd6..2f1c2d3 100644 (file)
@@ -355,12 +355,31 @@ static char* get_str_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
        return NULL;
  }
 
+/**
+ * Read an UInt32 attribute
+ */
+static u_int32_t get_uint_attribute(private_imv_agent_t *this, TNC_ConnectionID id,
+                                                                       TNC_AttributeID attribute_id)
+{
+       TNC_UInt32 len;
+       char buf[4];
+
+       if (this->get_attribute  &&
+               this->get_attribute(this->id, id, attribute_id, 4, buf, &len) ==
+                                                       TNC_RESULT_SUCCESS && len == 4)
+       {
+               return untoh32(buf);
+       }
+       return 0;
+ }
+
 METHOD(imv_agent_t, create_state, TNC_Result,
        private_imv_agent_t *this, imv_state_t *state)
 {
        TNC_ConnectionID conn_id;
        char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
        bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
+       u_int32_t max_msg_len;
 
        conn_id = state->get_connection_id(state);
        if (find_connection(this, conn_id))
@@ -379,14 +398,18 @@ METHOD(imv_agent_t, create_state, TNC_Result,
        tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION);
        t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
        t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
+       max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
 
        state->set_flags(state, has_long, has_excl);
+       state->set_max_msg_len(state, max_msg_len);
+
+       DBG2(DBG_IMV, "IMV %u \"%s\" created a state for %s %s Connection ID %u: "
+                                 "%slong %sexcl %ssoh", this->id, this->name,
+                                 tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
+                             has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
+       DBG2(DBG_IMV, "  over %s %s with maximum PA-TNC msg size of %u bytes",
+                                 t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
 
-       DBG2(DBG_IMV, "IMV %u \"%s\" created a state for Connection ID %u: "
-                                 "%s %s with %slong %sexcl %ssoh over %s %s",
-                                 this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?",
-                                 tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-",
-                                 has_soh ? "+":"-",  t_p ? t_p:"?", t_v ? t_v :"?");
        free(tnccs_p);
        free(tnccs_v);
        free(t_p);
index 9e7a29a..574d3d7 100644 (file)
@@ -63,6 +63,20 @@ struct imv_state_t {
        void (*set_flags)(imv_state_t *this, bool has_long, bool has_excl);
 
        /**
+        * Set the maximum size of a PA-TNC message for this TNCCS connection
+        *
+        * @max_msg_len                 maximum size of a PA-TNC message
+        */
+       void (*set_max_msg_len)(imv_state_t *this, u_int32_t max_msg_len);
+
+       /**
+        * Get the maximum size of a PA-TNC message for this TNCCS connection
+        *
+        * @return                              maximum size of a PA-TNC message
+        */
+       u_int32_t (*get_max_msg_len)(imv_state_t *this);
+
+       /**
         * Change the connection state
         *
         * @param new_state             new connection state
index 5631055..9737245 100644 (file)
@@ -48,6 +48,10 @@ struct private_imc_scanner_state_t {
         */
        bool has_excl;
 
+       /**
+        * Maximum PA-TNC message size for this TNCCS connection
+        */
+       u_int32_t max_msg_len;
 };
 
 METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -75,6 +79,18 @@ METHOD(imc_state_t, set_flags, void,
        this->has_excl = has_excl;
 }
 
+METHOD(imc_state_t, set_max_msg_len, void,
+       private_imc_scanner_state_t *this, u_int32_t max_msg_len)
+{
+       this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+       private_imc_scanner_state_t *this)
+{
+       return this->max_msg_len;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
 {
@@ -101,6 +117,8 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
                                .has_long = _has_long,
                                .has_excl = _has_excl,
                                .set_flags = _set_flags,
+                               .set_max_msg_len = _set_max_msg_len,
+                               .get_max_msg_len = _get_max_msg_len,
                                .change_state = _change_state,
                                .destroy = _destroy,
                        },
index 7663196..28fd003 100644 (file)
@@ -50,6 +50,11 @@ struct private_imc_test_state_t {
        bool has_excl;
 
        /**
+        * Maximum PA-TNC message size for this TNCCS connection
+        */
+       u_int32_t max_msg_len;
+
+       /**
         * Command to transmit to IMV
         */
        char *command;
@@ -96,6 +101,18 @@ METHOD(imc_state_t, set_flags, void,
        this->has_excl = has_excl;
 }
 
+METHOD(imc_state_t, set_max_msg_len, void,
+       private_imc_test_state_t *this, u_int32_t max_msg_len)
+{
+       this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+       private_imc_test_state_t *this)
+{
+       return this->max_msg_len;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_test_state_t *this, TNC_ConnectionState new_state)
 {
@@ -169,6 +186,8 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
                                .has_long = _has_long,
                                .has_excl = _has_excl,
                                .set_flags = _set_flags,
+                               .set_max_msg_len = _set_max_msg_len,
+                               .get_max_msg_len = _get_max_msg_len,
                                .change_state = _change_state,
                                .destroy = _destroy,
                        },
index 422cb98..cf92123 100644 (file)
@@ -50,6 +50,11 @@ struct private_imv_scanner_state_t {
        bool has_excl;
 
        /**
+        * Maximum PA-TNC message size for this TNCCS connection
+        */
+       u_int32_t max_msg_len;
+
+       /**
         * IMV action recommendation
         */
        TNC_IMV_Action_Recommendation rec;
@@ -115,6 +120,18 @@ METHOD(imv_state_t, set_flags, void,
        this->has_excl = has_excl;
 }
 
+METHOD(imv_state_t, set_max_msg_len, void,
+       private_imv_scanner_state_t *this, u_int32_t max_msg_len)
+{
+       this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+       private_imv_scanner_state_t *this)
+{
+       return this->max_msg_len;
+}
+
 METHOD(imv_state_t, change_state, void,
        private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
 {
@@ -223,6 +240,8 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
                                .has_long = _has_long,
                                .has_excl = _has_excl,
                                .set_flags = _set_flags,
+                               .set_max_msg_len = _set_max_msg_len,
+                               .get_max_msg_len = _get_max_msg_len,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
index 530090a..f664e14 100644 (file)
@@ -51,6 +51,11 @@ struct private_imv_test_state_t {
        bool has_excl;
 
        /**
+        * Maximum PA-TNC message size for this TNCCS connection
+        */
+       u_int32_t max_msg_len;
+
+       /**
         * IMV action recommendation
         */
        TNC_IMV_Action_Recommendation rec;
@@ -122,6 +127,18 @@ METHOD(imv_state_t, set_flags, void,
        this->has_excl = has_excl;
 }
 
+METHOD(imv_state_t, set_max_msg_len, void,
+       private_imv_test_state_t *this, u_int32_t max_msg_len)
+{
+       this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+       private_imv_test_state_t *this)
+{
+       return this->max_msg_len;
+}
+
 METHOD(imv_state_t, change_state, void,
        private_imv_test_state_t *this, TNC_ConnectionState new_state)
 {
@@ -274,6 +291,8 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
                                .has_long = _has_long,
                                .has_excl = _has_excl,
                                .set_flags = _set_flags,
+                               .set_max_msg_len = _set_max_msg_len,
+                               .get_max_msg_len = _get_max_msg_len,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
index 72a55f6..391572d 100644 (file)
@@ -51,6 +51,11 @@ struct private_imc_attestation_state_t {
        bool has_excl;
 
        /**
+        * Maximum PA-TNC message size for this TNCCS connection
+        */
+       u_int32_t max_msg_len;
+
+       /**
         * PTS object
         */
        pts_t *pts;
@@ -87,6 +92,18 @@ METHOD(imc_state_t, set_flags, void,
        this->has_excl = has_excl;
 }
 
+METHOD(imc_state_t, set_max_msg_len, void,
+       private_imc_attestation_state_t *this, u_int32_t max_msg_len)
+{
+       this->max_msg_len = max_msg_len;
+}
+
+METHOD(imc_state_t, get_max_msg_len, u_int32_t,
+       private_imc_attestation_state_t *this)
+{
+       return this->max_msg_len;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
 {
@@ -135,6 +152,8 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
                                .has_long = _has_long,
                                .has_excl = _has_excl,
                                .set_flags = _set_flags,
+                               .set_max_msg_len = _set_max_msg_len,
+                               .get_max_msg_len = _get_max_msg_len,
                                .change_state = _change_state,
                                .destroy = _destroy,
                        },
index 7041bc5..00ec146 100644 (file)
@@ -62,6 +62,11 @@ struct private_imv_attestation_state_t {
        bool has_excl;
 
        /**
+        * Maximum PA-TNC message size for this TNCCS connection
+        */
+       u_int32_t max_msg_len;
+
+       /**
         * IMV Attestation handshake state
         */
        imv_attestation_handshake_state_t handshake_state;
@@ -150,6 +155,18 @@ METHOD(imv_state_t, set_flags, void,
        this->has_excl = has_excl;
 }
 
+METHOD(imv_state_t, set_max_msg_len, void,
+       private_imv_attestation_state_t *this, u_int32_t max_msg_len)
+{
+       this->max_msg_len = max_msg_len;
+}
+
+METHOD(imv_state_t, get_max_msg_len, u_int32_t,
+       private_imv_attestation_state_t *this)
+{
+       return this->max_msg_len;
+}
+
 METHOD(imv_state_t, change_state, void,
        private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
 {
@@ -358,6 +375,8 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                                .has_long = _has_long,
                                .has_excl = _has_excl,
                                .set_flags = _set_flags,
+                               .set_max_msg_len = _set_max_msg_len,
+                               .get_max_msg_len = _get_max_msg_len,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
index 9ca4504..cbf2dc0 100644 (file)
@@ -70,6 +70,7 @@ struct tnccs_manager_t {
         * @param tnccs                                         TNCCS connection instance
         * @param send_message                          TNCCS callback function
         * @param request_handshake_retry       pointer to boolean variable
+        * @param max_msg_len                           maximum PA-TNC message size
         * @param recs                                          pointer to IMV recommendation set
         * @return                                                      assigned connection ID
         */
@@ -77,6 +78,7 @@ struct tnccs_manager_t {
                                                                                  tnccs_type_t type, tnccs_t *tnccs,
                                                                                  tnccs_send_message_t send_message,
                                                                                  bool *request_handshake_retry,
+                                                                                 u_int32_t max_msg_len,
                                                                                  recommendations_t **recs);
 
        /**