make maximum PB-TNC batch size configurable
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 11 Jul 2012 07:23:45 +0000 (09:23 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 11 Jul 2012 15:09:05 +0000 (17:09 +0200)
man/strongswan.conf.5.in
src/libcharon/plugins/tnccs_20/tnccs_20.c

index 08dda25..4abd065 100644 (file)
@@ -500,6 +500,9 @@ certificates even if they don't contain a CA basic constraint.
 .BR charon.plugins.stroke.max_concurrent " [4]"
 Maximum number of stroke messages handled concurrently
 .TP
+.BR charon.plugins.tnccs-20.max_batch_size " [65522]"
+Maximum size of a PB-TNC batch (upper limit via PT-EAP = 65529)
+.TP
 .BR charon.plugins.tnc-ifmap.device_name
 Unique name of strongSwan as a PEP and/or PDP device
 .TP
index 576cd82..ea33d46 100644 (file)
@@ -35,6 +35,7 @@
 #include <tnc/imv/imv_manager.h>
 
 #include <debug.h>
+#include <daemon.h>
 #include <threading/mutex.h>
 #include <utils/linked_list.h>
 #include <pen/pen.h>
@@ -77,6 +78,11 @@ struct private_tnccs_20_t {
        pb_tnc_batch_type_t batch_type;
 
        /**
+        * Maximum PA-TNC batch size
+        */
+       size_t max_batch_len;
+
+       /**
         * Mutex locking the batch in construction
         */
        mutex_t *mutex;
@@ -649,7 +655,7 @@ METHOD(tls_t, build, status_t,
                                msg->build(msg);
                                msg_value = msg->get_encoding(msg);
                                batch_len += PB_TNC_HEADER_SIZE + msg_value.len;
-                               if (batch_len > *buflen)
+                               if (batch_len > min(this->max_batch_len, *buflen))
                                {
                                        /* message does not fit into batch of maximum size */
                                        break;
@@ -674,7 +680,7 @@ METHOD(tls_t, build, status_t,
                        msg_count = this->messages->get_count(this->messages);
                        if (msg_count)
                        {
-                               DBG2(DBG_TNC, "%d PB-TNC message%s for %N batch queued",
+                               DBG2(DBG_TNC, "queued %d PB-TNC message%s for next %N batch",
                                         msg_count, (msg_count == 1) ? "" : "s",
                                         pb_tnc_batch_type_names, this->batch_type);
                        }
@@ -768,6 +774,9 @@ tls_t *tnccs_20_create(bool is_server)
                .state_machine = pb_tnc_state_machine_create(is_server),
                .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
                .messages = linked_list_create(),
+               .max_batch_len = lib->settings->get_int(lib->settings,
+                                                               "%s.plugins.tnccs-20.max_batch_size", 65522,
+                                                               charon->name),
        );
 
        return &this->public;