EAP server: Add support for configuring fragment size
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
f3a3e6987e
commit
7f6ec672ea
13 changed files with 22 additions and 5 deletions
|
|
@ -1313,6 +1313,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
|
||||||
} else if (os_strcmp(buf, "dh_file") == 0) {
|
} else if (os_strcmp(buf, "dh_file") == 0) {
|
||||||
os_free(bss->dh_file);
|
os_free(bss->dh_file);
|
||||||
bss->dh_file = os_strdup(pos);
|
bss->dh_file = os_strdup(pos);
|
||||||
|
} else if (os_strcmp(buf, "fragment_size") == 0) {
|
||||||
|
bss->fragment_size = atoi(pos);
|
||||||
#ifdef EAP_SERVER_FAST
|
#ifdef EAP_SERVER_FAST
|
||||||
} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
|
} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
|
||||||
os_free(bss->pac_opaque_encr_key);
|
os_free(bss->pac_opaque_encr_key);
|
||||||
|
|
|
||||||
|
|
@ -504,6 +504,9 @@ eap_server=0
|
||||||
# "openssl dhparam -out /etc/hostapd.dh.pem 1024"
|
# "openssl dhparam -out /etc/hostapd.dh.pem 1024"
|
||||||
#dh_file=/etc/hostapd.dh.pem
|
#dh_file=/etc/hostapd.dh.pem
|
||||||
|
|
||||||
|
# Fragment size for EAP methods
|
||||||
|
#fragment_size=1400
|
||||||
|
|
||||||
# Configuration data for EAP-SIM database/authentication gateway interface.
|
# Configuration data for EAP-SIM database/authentication gateway interface.
|
||||||
# This is a text string in implementation specific format. The example
|
# This is a text string in implementation specific format. The example
|
||||||
# implementation in eap_sim_db.c uses this as the UNIX domain socket name for
|
# implementation in eap_sim_db.c uses this as the UNIX domain socket name for
|
||||||
|
|
|
||||||
|
|
@ -254,6 +254,7 @@ struct hostapd_bss_config {
|
||||||
int pac_key_refresh_time;
|
int pac_key_refresh_time;
|
||||||
int eap_sim_aka_result_ind;
|
int eap_sim_aka_result_ind;
|
||||||
int tnc;
|
int tnc;
|
||||||
|
int fragment_size;
|
||||||
|
|
||||||
char *radius_server_clients;
|
char *radius_server_clients;
|
||||||
int radius_server_auth_port;
|
int radius_server_auth_port;
|
||||||
|
|
|
||||||
|
|
@ -1651,6 +1651,7 @@ int ieee802_1x_init(struct hostapd_data *hapd)
|
||||||
conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
|
conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
|
||||||
conf.tnc = hapd->conf->tnc;
|
conf.tnc = hapd->conf->tnc;
|
||||||
conf.wps = hapd->wps;
|
conf.wps = hapd->wps;
|
||||||
|
conf.fragment_size = hapd->conf->fragment_size;
|
||||||
|
|
||||||
os_memset(&cb, 0, sizeof(cb));
|
os_memset(&cb, 0, sizeof(cb));
|
||||||
cb.eapol_send = ieee802_1x_eapol_send;
|
cb.eapol_send = ieee802_1x_eapol_send;
|
||||||
|
|
|
||||||
|
|
@ -107,6 +107,7 @@ struct eap_config {
|
||||||
struct wps_context *wps;
|
struct wps_context *wps;
|
||||||
const struct wpabuf *assoc_wps_ie;
|
const struct wpabuf *assoc_wps_ie;
|
||||||
const u8 *peer_addr;
|
const u8 *peer_addr;
|
||||||
|
int fragment_size;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -187,6 +187,9 @@ struct eap_sm {
|
||||||
Boolean start_reauth;
|
Boolean start_reauth;
|
||||||
|
|
||||||
u8 peer_addr[ETH_ALEN];
|
u8 peer_addr[ETH_ALEN];
|
||||||
|
|
||||||
|
/* Fragmentation size for EAP method init() handler */
|
||||||
|
int fragment_size;
|
||||||
};
|
};
|
||||||
|
|
||||||
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
|
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
|
||||||
|
|
|
||||||
|
|
@ -1257,6 +1257,7 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx,
|
||||||
sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
|
sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
|
||||||
if (conf->peer_addr)
|
if (conf->peer_addr)
|
||||||
os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
|
os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
|
||||||
|
sm->fragment_size = conf->fragment_size;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
|
wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,8 @@ static void * eap_ikev2_init(struct eap_sm *sm)
|
||||||
if (data == NULL)
|
if (data == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
data->state = MSG;
|
data->state = MSG;
|
||||||
data->fragment_size = IKEV2_FRAGMENT_SIZE;
|
data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
|
||||||
|
IKEV2_FRAGMENT_SIZE;
|
||||||
data->ikev2.state = SA_INIT;
|
data->ikev2.state = SA_INIT;
|
||||||
data->ikev2.peer_auth = PEER_AUTH_SECRET;
|
data->ikev2.peer_auth = PEER_AUTH_SECRET;
|
||||||
data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");
|
data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");
|
||||||
|
|
|
||||||
|
|
@ -45,8 +45,7 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO: make this configurable */
|
data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398;
|
||||||
data->tls_out_limit = 1398;
|
|
||||||
if (data->phase2) {
|
if (data->phase2) {
|
||||||
/* Limit the fragment size in the inner TLS authentication
|
/* Limit the fragment size in the inner TLS authentication
|
||||||
* since the outer authentication with EAP-PEAP does not yet
|
* since the outer authentication with EAP-PEAP does not yet
|
||||||
|
|
|
||||||
|
|
@ -91,7 +91,8 @@ static void * eap_tnc_init(struct eap_sm *sm)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
data->fragment_size = 1300;
|
data->fragment_size = sm->fragment_size > 100 ?
|
||||||
|
sm->fragment_size - 98 : 1300;
|
||||||
|
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -136,7 +136,8 @@ static void * eap_wsc_init(struct eap_sm *sm)
|
||||||
os_free(data);
|
os_free(data);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
data->fragment_size = WSC_FRAGMENT_SIZE;
|
data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
|
||||||
|
WSC_FRAGMENT_SIZE;
|
||||||
|
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -830,6 +830,7 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
|
||||||
eap_conf.wps = eapol->conf.wps;
|
eap_conf.wps = eapol->conf.wps;
|
||||||
eap_conf.assoc_wps_ie = assoc_wps_ie;
|
eap_conf.assoc_wps_ie = assoc_wps_ie;
|
||||||
eap_conf.peer_addr = addr;
|
eap_conf.peer_addr = addr;
|
||||||
|
eap_conf.fragment_size = eapol->conf.fragment_size;
|
||||||
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
|
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
|
||||||
if (sm->eap == NULL) {
|
if (sm->eap == NULL) {
|
||||||
eapol_auth_free(sm);
|
eapol_auth_free(sm);
|
||||||
|
|
@ -1077,6 +1078,7 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
|
||||||
dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
|
dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
|
||||||
dst->tnc = src->tnc;
|
dst->tnc = src->tnc;
|
||||||
dst->wps = src->wps;
|
dst->wps = src->wps;
|
||||||
|
dst->fragment_size = src->fragment_size;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,7 @@ struct eapol_auth_config {
|
||||||
int eap_sim_aka_result_ind;
|
int eap_sim_aka_result_ind;
|
||||||
int tnc;
|
int tnc;
|
||||||
struct wps_context *wps;
|
struct wps_context *wps;
|
||||||
|
int fragment_size;
|
||||||
|
|
||||||
/* Opaque context pointer to owner data for callback functions */
|
/* Opaque context pointer to owner data for callback functions */
|
||||||
void *ctx;
|
void *ctx;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue