} else if (os_strcmp(buf, "dh_file") == 0) {
os_free(bss->dh_file);
bss->dh_file = os_strdup(pos);
+ } else if (os_strcmp(buf, "fragment_size") == 0) {
+ bss->fragment_size = atoi(pos);
#ifdef EAP_SERVER_FAST
} else if (os_strcmp(buf, "pac_opaque_encr_key") == 0) {
os_free(bss->pac_opaque_encr_key);
# "openssl dhparam -out /etc/hostapd.dh.pem 1024"
#dh_file=/etc/hostapd.dh.pem
+# Fragment size for EAP methods
+#fragment_size=1400
+
# Configuration data for EAP-SIM database/authentication gateway interface.
# This is a text string in implementation specific format. The example
# implementation in eap_sim_db.c uses this as the UNIX domain socket name for
int pac_key_refresh_time;
int eap_sim_aka_result_ind;
int tnc;
+ int fragment_size;
char *radius_server_clients;
int radius_server_auth_port;
conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
conf.tnc = hapd->conf->tnc;
conf.wps = hapd->wps;
+ conf.fragment_size = hapd->conf->fragment_size;
os_memset(&cb, 0, sizeof(cb));
cb.eapol_send = ieee802_1x_eapol_send;
struct wps_context *wps;
const struct wpabuf *assoc_wps_ie;
const u8 *peer_addr;
+ int fragment_size;
};
Boolean start_reauth;
u8 peer_addr[ETH_ALEN];
+
+ /* Fragmentation size for EAP method init() handler */
+ int fragment_size;
};
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
if (conf->peer_addr)
os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
+ sm->fragment_size = conf->fragment_size;
wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
if (data == NULL)
return NULL;
data->state = MSG;
- data->fragment_size = IKEV2_FRAGMENT_SIZE;
+ data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
+ IKEV2_FRAGMENT_SIZE;
data->ikev2.state = SA_INIT;
data->ikev2.peer_auth = PEER_AUTH_SECRET;
data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");
return -1;
}
- /* TODO: make this configurable */
- data->tls_out_limit = 1398;
+ data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398;
if (data->phase2) {
/* Limit the fragment size in the inner TLS authentication
* since the outer authentication with EAP-PEAP does not yet
return NULL;
}
- data->fragment_size = 1300;
+ data->fragment_size = sm->fragment_size > 100 ?
+ sm->fragment_size - 98 : 1300;
return data;
}
os_free(data);
return NULL;
}
- data->fragment_size = WSC_FRAGMENT_SIZE;
+ data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
+ WSC_FRAGMENT_SIZE;
return data;
}
eap_conf.wps = eapol->conf.wps;
eap_conf.assoc_wps_ie = assoc_wps_ie;
eap_conf.peer_addr = addr;
+ eap_conf.fragment_size = eapol->conf.fragment_size;
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
if (sm->eap == NULL) {
eapol_auth_free(sm);
dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
dst->tnc = src->tnc;
dst->wps = src->wps;
+ dst->fragment_size = src->fragment_size;
return 0;
}
int eap_sim_aka_result_ind;
int tnc;
struct wps_context *wps;
+ int fragment_size;
/* Opaque context pointer to owner data for callback functions */
void *ctx;