EAP server: Add support for configuring fragment size

2010-07-18 19:28:53 -07:00 · 2010-07-18 19:28:53 -07:00 · 7f6ec672ea
commit 7f6ec672ea
parent f3a3e6987e
13 changed files with 22 additions and 5 deletions
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@ -1313,6 +1313,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 		} else if (os_strcmp(buf, "dh_file") == 0) {
 			os_free(bss->dh_file);
 			bss->dh_file = os_strdup(pos);
+		} else if (os_strcmp(buf, "fragment_size") == 0) {
+			bss->fragment_size = atoi(pos);
 #ifdef EAP_SERVER_FAST
 		} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
 			os_free(bss->pac_opaque_encr_key);
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@ -504,6 +504,9 @@ eap_server=0
 # "openssl dhparam -out /etc/hostapd.dh.pem 1024"
 #dh_file=/etc/hostapd.dh.pem

+# Fragment size for EAP methods
+#fragment_size=1400
+
 # Configuration data for EAP-SIM database/authentication gateway interface.
 # This is a text string in implementation specific format. The example
 # implementation in eap_sim_db.c uses this as the UNIX domain socket name for
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@ -254,6 +254,7 @@ struct hostapd_bss_config {
 	int pac_key_refresh_time;
 	int eap_sim_aka_result_ind;
 	int tnc;
+	int fragment_size;

 	char *radius_server_clients;
 	int radius_server_auth_port;
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@ -1651,6 +1651,7 @@ int ieee802_1x_init(struct hostapd_data *hapd)
 	conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
 	conf.tnc = hapd->conf->tnc;
 	conf.wps = hapd->wps;
+	conf.fragment_size = hapd->conf->fragment_size;

 	os_memset(&cb, 0, sizeof(cb));
 	cb.eapol_send = ieee802_1x_eapol_send;
--- a/src/eap_server/eap.h
+++ b/src/eap_server/eap.h
@ -107,6 +107,7 @@ struct eap_config {
 	struct wps_context *wps;
 	const struct wpabuf *assoc_wps_ie;
 	const u8 *peer_addr;
+	int fragment_size;
 };


--- a/src/eap_server/eap_i.h
+++ b/src/eap_server/eap_i.h
@ -187,6 +187,9 @@ struct eap_sm {
 	Boolean start_reauth;

 	u8 peer_addr[ETH_ALEN];
+
+	/* Fragmentation size for EAP method init() handler */
+	int fragment_size;
 };

 int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@ -1257,6 +1257,7 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx,
 		sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
 	if (conf->peer_addr)
 		os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
+	sm->fragment_size = conf->fragment_size;

 	wpa_printf(MSG_DEBUG, "EAP: Server state machine created");

--- a/src/eap_server/eap_server_ikev2.c
+++ b/src/eap_server/eap_server_ikev2.c
@ -93,7 +93,8 @@ static void * eap_ikev2_init(struct eap_sm *sm)
 	if (data == NULL)
 		return NULL;
 	data->state = MSG;
-	data->fragment_size = IKEV2_FRAGMENT_SIZE;
+	data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
+		IKEV2_FRAGMENT_SIZE;
 	data->ikev2.state = SA_INIT;
 	data->ikev2.peer_auth = PEER_AUTH_SECRET;
 	data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@ -45,8 +45,7 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 		return -1;
 	}

-	/* TODO: make this configurable */
-	data->tls_out_limit = 1398;
+	data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398;
 	if (data->phase2) {
 		/* Limit the fragment size in the inner TLS authentication
 		 * since the outer authentication with EAP-PEAP does not yet
--- a/src/eap_server/eap_server_tnc.c
+++ b/src/eap_server/eap_server_tnc.c
@ -91,7 +91,8 @@ static void * eap_tnc_init(struct eap_sm *sm)
 		return NULL;
 	}

-	data->fragment_size = 1300;
+	data->fragment_size = sm->fragment_size > 100 ?
+		sm->fragment_size - 98 : 1300;

 	return data;
 }
--- a/src/eap_server/eap_server_wsc.c
+++ b/src/eap_server/eap_server_wsc.c
@ -136,7 +136,8 @@ static void * eap_wsc_init(struct eap_sm *sm)
 		os_free(data);
 		return NULL;
 	}
-	data->fragment_size = WSC_FRAGMENT_SIZE;
+	data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
+		WSC_FRAGMENT_SIZE;

 	return data;
 }
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@ -830,6 +830,7 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
 	eap_conf.wps = eapol->conf.wps;
 	eap_conf.assoc_wps_ie = assoc_wps_ie;
 	eap_conf.peer_addr = addr;
+	eap_conf.fragment_size = eapol->conf.fragment_size;
 	sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
 	if (sm->eap == NULL) {
 		eapol_auth_free(sm);
@ -1077,6 +1078,7 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
 	dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
 	dst->tnc = src->tnc;
 	dst->wps = src->wps;
+	dst->fragment_size = src->fragment_size;
 	return 0;
 }

--- a/src/eapol_auth/eapol_auth_sm.h
+++ b/src/eapol_auth/eapol_auth_sm.h
@ -40,6 +40,7 @@ struct eapol_auth_config {
 	int eap_sim_aka_result_ind;
 	int tnc;
 	struct wps_context *wps;
+	int fragment_size;

 	/* Opaque context pointer to owner data for callback functions */
 	void *ctx;