From 5ae4292cb9fff38dbaadabe583a5d4d4b6876110 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Wed, 18 Aug 2010 22:52:42 +0200
Subject: [PATCH] added TLS record debug output

---
 src/libcharon/plugins/eap_tls/eap_tls.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c
index ac835c795..8c5680861 100644
--- a/src/libcharon/plugins/eap_tls/eap_tls.c
+++ b/src/libcharon/plugins/eap_tls/eap_tls.c
@@ -69,11 +69,11 @@ struct private_eap_tls_t {
 };
 
 /** Size limit for a single TLS message */
-#define MAX_TLS_MESSAGE_LEN 16384
+#define MAX_TLS_MESSAGE_LEN 65536
 /** Size of a EAP-TLS fragment */
 #define EAP_TLS_FRAGMENT_LEN 1014
 /** Maximum number of EAP-TLS messages/fragments allowed */
-#define MAX_EAP_TLS_MESSAGE_COUNT 16
+#define MAX_EAP_TLS_MESSAGE_COUNT 32
 
 /**
  * Flags of an EAP-TLS message
@@ -174,6 +174,9 @@ static bool write_buf(private_eap_tls_t *this, eap_tls_packet_t *pkt)
 		data = chunk_create((char*)(pkt + 1),
 						pkt_len - sizeof(eap_tls_packet_t));
 	}
+	DBG2(DBG_IKE, "received EAP-TLS %s (%u bytes)",
+		(pkt->flags & EAP_TLS_MORE_FRAGS) ? "fragment" : "packet", pkt_len);
+
 	if (data.len > this->input.len - this->inpos)
 	{
 		DBG1(DBG_IKE, "EAP-TLS fragment exceeds TLS message length");
@@ -231,7 +234,7 @@ static eap_payload_t *read_buf(private_eap_tls_t *this, u_int8_t identifier)
 			pkt_len += EAP_TLS_FRAGMENT_LEN;
 			memcpy(start, this->output.ptr + this->outpos, EAP_TLS_FRAGMENT_LEN);
 			this->outpos += EAP_TLS_FRAGMENT_LEN;
-			DBG2(DBG_IKE, "sending EAP-TLS packet fragment");
+			DBG2(DBG_IKE, "sending EAP-TLS fragment (%u bytes)", pkt_len);
 		}
 		else
 		{
@@ -240,7 +243,7 @@ static eap_payload_t *read_buf(private_eap_tls_t *this, u_int8_t identifier)
 				   this->output.len - this->outpos);
 			chunk_free(&this->output);
 			this->outpos = 0;
-			DBG2(DBG_IKE, "sending EAP-TLS packet");
+			DBG2(DBG_IKE, "sending EAP-TLS packet (%u bytes)", pkt_len);
 		}
 	}
 	else
@@ -267,6 +270,8 @@ static status_t process_buf(private_eap_tls_t *this)
 	{
 		in = (tls_record_t*)data.ptr;
 		len = untoh16(&in->length);
+		DBG2(DBG_IKE, "received TLS %N record (%u bytes)",
+			 tls_content_type_names, in->type, sizeof(tls_record_t) + len);
 		if (len > data.len - sizeof(tls_record_t))
 		{
 			DBG1(DBG_IKE, "TLS record length invalid");
@@ -315,6 +320,8 @@ static status_t process_buf(private_eap_tls_t *this)
 		htoun16(&out.version, this->tls->get_version(this->tls));
 		htoun16(&out.length, data.len);
 		this->output = chunk_cat("mcm", this->output, header, data);
+		DBG2(DBG_IKE, "sending TLS %N record (%u bytes)",
+			 tls_content_type_names, type, sizeof(tls_record_t) + data.len);
 	}
 }