eap_tls_t public;
/**
- * Number of EAP-TLS messages processed so far
- */
- int processed;
-
- /**
* TLS stack, wrapped by EAP helper
*/
tls_eap_t *tls_eap;
status_t status;
chunk_t data;
- if (++this->processed > MAX_MESSAGE_COUNT)
- {
- DBG1(DBG_IKE, "EAP-TLS packet count exceeded (%d > %d)",
- this->processed, MAX_MESSAGE_COUNT);
- return FAILED;
- }
data = in->get_data(in);
status = this->tls_eap->process(this->tls_eap, data, &data);
if (status == NEED_MORE)
{
private_eap_tls_t *this;
size_t frag_size;
+ int max_msg_count;
tls_t *tls;
INIT(this,
frag_size = lib->settings->get_int(lib->settings,
"charon.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN);
+ max_msg_count = lib->settings->get_int(lib->settings,
+ "charon.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL);
- this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size);
+ this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count);
if (!this->tls_eap)
{
free(this);
eap_tnc_t public;
/**
- * Number of EAP-TNC messages processed so far
- */
- int processed;
-
- /**
* TLS stack, wrapped by EAP helper
*/
tls_eap_t *tls_eap;
status_t status;
chunk_t data;
- if (++this->processed > MAX_MESSAGE_COUNT)
- {
- DBG1(DBG_IKE, "EAP-TNC packet count exceeded (%d > %d)",
- this->processed, MAX_MESSAGE_COUNT);
- return FAILED;
- }
data = in->get_data(in);
status = this->tls_eap->process(this->tls_eap, data, &data);
if (status == NEED_MORE)
{
private_eap_tnc_t *this;
size_t frag_size;
+ int max_msg_count;
tls_t *tnc_if_tnccs;
INIT(this,
frag_size = lib->settings->get_int(lib->settings,
"charon.plugins.eap-tnc.fragment_size", MAX_FRAGMENT_LEN);
+ max_msg_count = lib->settings->get_int(lib->settings,
+ "charon.plugins.eap-tnc.max_message_count", MAX_MESSAGE_COUNT);
tnc_if_tnccs = tnc_if_tnccs_create(is_server, TLS_PURPOSE_EAP_TNC);
- this->tls_eap = tls_eap_create(EAP_TNC, tnc_if_tnccs, frag_size);
+ this->tls_eap = tls_eap_create(EAP_TNC, tnc_if_tnccs, frag_size, max_msg_count);
if (!this->tls_eap)
{
free(this);
eap_ttls_t public;
/**
- * Number of EAP-TLS messages processed so far
- */
- int processed;
-
- /**
* TLS stack, wrapped by EAP helper
*/
tls_eap_t *tls_eap;
status_t status;
chunk_t data;
- if (++this->processed > MAX_MESSAGE_COUNT)
- {
- DBG1(DBG_IKE, "EAP-TTLS packet count exceeded (%d > %d)",
- this->processed, MAX_MESSAGE_COUNT);
- return FAILED;
- }
data = in->get_data(in);
status = this->tls_eap->process(this->tls_eap, data, &data);
if (status == NEED_MORE)
{
private_eap_ttls_t *this;
size_t frag_size;
+ int max_msg_count;
tls_t *tls;
INIT(this,
}
frag_size = lib->settings->get_int(lib->settings,
"charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN);
+ max_msg_count = lib->settings->get_int(lib->settings,
+ "charon.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT);
tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application);
- this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size);
+ this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count);
if (!this->tls_eap)
{
application->destroy(application);
tls_eap_t public;
/**
- * Type of EAP method, EAP-TLS or EAP-TTLS
+ * Type of EAP method, EAP-TLS, EAP-TTLS, or EAP-TNC
*/
eap_type_t type;
* Maximum size of an outgoing EAP-TLS fragment
*/
size_t frag_size;
+
+ /**
+ * Number of EAP messages/fragments processed so far
+ */
+ int processed;
+
+ /**
+ * Maximum number of processed EAP messages/fragments
+ */
+ int max_msg_count;
};
/**
eap_tls_packet_t *pkt;
status_t status;
+ if (++this->processed > this->max_msg_count)
+ {
+ DBG1(DBG_IKE, "%N packet count exceeded (%d > %d)",
+ eap_type_names, this->type,
+ this->processed, this->max_msg_count);
+ return FAILED;
+ }
+
pkt = (eap_tls_packet_t*)in.ptr;
if (in.len < sizeof(eap_tls_packet_t) ||
untoh16(&pkt->length) != in.len)
/**
* See header
*/
-tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size)
+tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
+ int max_msg_count)
{
private_tls_eap_t *this;
.is_server = tls->is_server(tls),
.first_fragment = TRUE,
.frag_size = frag_size,
+ .max_msg_count = max_msg_count,
.tls = tls,
);
* @param type EAP type, EAP-TLS or EAP-TTLS
* @param tls TLS implementation
* @param frag_size maximum size of a TLS fragment we send
+ * @param max_msg_count maximum number of processed messages
*/
-tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size);
+tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
+ int max_msg_count);
#endif /** TLS_EAP_H_ @}*/
projects / strongswan.git / commitdiff