max max_message_count configurable and move it into tls_eap_t
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 8 Sep 2010 10:58:40 +0000 (12:58 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 8 Sep 2010 10:58:45 +0000 (12:58 +0200)
src/libcharon/plugins/eap_tls/eap_tls.c
src/libcharon/plugins/eap_tnc/eap_tnc.c
src/libcharon/plugins/eap_ttls/eap_ttls.c
src/libtls/tls_eap.c
src/libtls/tls_eap.h

index 53b61c8..efe72c4 100644 (file)
@@ -33,11 +33,6 @@ struct private_eap_tls_t {
        eap_tls_t public;
 
        /**
-        * Number of EAP-TLS messages processed so far
-        */
-       int processed;
-
-       /**
         * TLS stack, wrapped by EAP helper
         */
        tls_eap_t *tls_eap;
@@ -68,12 +63,6 @@ METHOD(eap_method_t, process, status_t,
        status_t status;
        chunk_t data;
 
-       if (++this->processed > MAX_MESSAGE_COUNT)
-       {
-               DBG1(DBG_IKE, "EAP-TLS packet count exceeded (%d > %d)",
-                        this->processed, MAX_MESSAGE_COUNT);
-               return FAILED;
-       }
        data = in->get_data(in);
        status = this->tls_eap->process(this->tls_eap, data, &data);
        if (status == NEED_MORE)
@@ -123,6 +112,7 @@ static eap_tls_t *eap_tls_create(identification_t *server,
 {
        private_eap_tls_t *this;
        size_t frag_size;
+       int max_msg_count;
        tls_t *tls;
 
        INIT(this,
@@ -140,8 +130,10 @@ static eap_tls_t *eap_tls_create(identification_t *server,
 
        frag_size = lib->settings->get_int(lib->settings,
                                        "charon.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN);
+       max_msg_count = lib->settings->get_int(lib->settings,
+                                       "charon.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT);
        tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL);
-       this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size);
+       this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count);
        if (!this->tls_eap)
        {
                free(this);
index 234b144..65f4a23 100644 (file)
@@ -34,11 +34,6 @@ struct private_eap_tnc_t {
        eap_tnc_t public;
 
        /**
-        * Number of EAP-TNC messages processed so far
-        */
-       int processed;
-
-       /**
         * TLS stack, wrapped by EAP helper
         */
        tls_eap_t *tls_eap;
@@ -70,12 +65,6 @@ METHOD(eap_method_t, process, status_t,
        status_t status;
        chunk_t data;
 
-       if (++this->processed > MAX_MESSAGE_COUNT)
-       {
-               DBG1(DBG_IKE, "EAP-TNC packet count exceeded (%d > %d)",
-                        this->processed, MAX_MESSAGE_COUNT);
-               return FAILED;
-       }
        data = in->get_data(in);
        status = this->tls_eap->process(this->tls_eap, data, &data);
        if (status == NEED_MORE)
@@ -125,6 +114,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 {
        private_eap_tnc_t *this;
        size_t frag_size;
+       int max_msg_count;
        tls_t *tnc_if_tnccs;
 
        INIT(this,
@@ -142,8 +132,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
 
        frag_size = lib->settings->get_int(lib->settings,
                                        "charon.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN);
+       max_msg_count = lib->settings->get_int(lib->settings,
+                                       "charon.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT);
        tnc_if_tnccs = tnc_if_tnccs_create(is_server, TLS_PURPOSE_EAP_TNC);
-       this->tls_eap = tls_eap_create(EAP_TNC, tnc_if_tnccs, frag_size);
+       this->tls_eap = tls_eap_create(EAP_TNC, tnc_if_tnccs, frag_size, max_msg_count);
        if (!this->tls_eap)
        {
                free(this);
index d9220a3..a62af6e 100644 (file)
@@ -35,11 +35,6 @@ struct private_eap_ttls_t {
        eap_ttls_t public;
 
        /**
-        * Number of EAP-TLS messages processed so far
-        */
-       int processed;
-
-       /**
         * TLS stack, wrapped by EAP helper
         */
        tls_eap_t *tls_eap;
@@ -70,12 +65,6 @@ METHOD(eap_method_t, process, status_t,
        status_t status;
        chunk_t data;
 
-       if (++this->processed > MAX_MESSAGE_COUNT)
-       {
-               DBG1(DBG_IKE, "EAP-TTLS packet count exceeded (%d > %d)",
-                        this->processed, MAX_MESSAGE_COUNT);
-               return FAILED;
-       }
        data = in->get_data(in);
        status = this->tls_eap->process(this->tls_eap, data, &data);
        if (status == NEED_MORE)
@@ -126,6 +115,7 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
 {
        private_eap_ttls_t *this;
        size_t frag_size;
+       int max_msg_count;
        tls_t *tls;
 
        INIT(this,
@@ -147,8 +137,10 @@ static eap_ttls_t *eap_ttls_create(identification_t *server,
        }
        frag_size = lib->settings->get_int(lib->settings,
                                        "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN);
+       max_msg_count = lib->settings->get_int(lib->settings,
+                                       "charon.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT);
        tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application);
-       this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size);
+       this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count);
        if (!this->tls_eap)
        {
                application->destroy(application);
index d923f21..fa1cf55 100644 (file)
@@ -36,7 +36,7 @@ struct private_tls_eap_t {
        tls_eap_t public;
 
        /**
-        * Type of EAP method, EAP-TLS or EAP-TTLS
+        * Type of EAP method, EAP-TLS, EAP-TTLS, or EAP-TNC
         */
        eap_type_t type;
 
@@ -59,6 +59,16 @@ struct private_tls_eap_t {
         * Maximum size of an outgoing EAP-TLS fragment
         */
        size_t frag_size;
+
+       /**
+        * Number of EAP messages/fragments processed so far
+        */
+       int processed;
+
+       /**
+        * Maximum number of processed EAP messages/fragments 
+        */
+       int max_msg_count;
 };
 
 /**
@@ -251,6 +261,14 @@ METHOD(tls_eap_t, process, status_t,
        eap_tls_packet_t *pkt;
        status_t status;
 
+       if (++this->processed > this->max_msg_count)
+       {
+               DBG1(DBG_IKE, "%N packet count exceeded (%d > %d)",
+                        eap_type_names, this->type,
+                        this->processed, this->max_msg_count);
+               return FAILED;
+       }
+
        pkt = (eap_tls_packet_t*)in.ptr;
        if (in.len < sizeof(eap_tls_packet_t) ||
                untoh16(&pkt->length) != in.len)
@@ -321,7 +339,8 @@ METHOD(tls_eap_t, destroy, void,
 /**
  * See header
  */
-tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size)
+tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
+                                                 int max_msg_count)
 {
        private_tls_eap_t *this;
 
@@ -341,6 +360,7 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size)
                .is_server = tls->is_server(tls),
                .first_fragment = TRUE,
                .frag_size = frag_size,
+               .max_msg_count = max_msg_count,
                .tls = tls,
        );
 
index 7d25ba7..ebda263 100644 (file)
@@ -73,7 +73,9 @@ struct tls_eap_t {
  * @param type                         EAP type, EAP-TLS or EAP-TTLS
  * @param tls                          TLS implementation
  * @param frag_size                    maximum size of a TLS fragment we send
+ * @param max_msg_count                maximum number of processed messages
  */
-tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size);
+tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
+                                                 int max_msg_count);
 
 #endif /** TLS_EAP_H_ @}*/