Well, it is not adding new fields but putting some data in the data fields of those messages that allow to do that, e.g., put a certain value in the EAP Type Data field:

  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |  Type-Data ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-


We are trying to build a PoC of an architecture that implies sending back some extra authorization info to the supplicant. Our first idea was included server response in the form of an AVP but we do not get the message tunneled to the client(supplicant) back (we are currently using EAP-TTLS), that is the reason why we thought of modifying EAP responses, to convey that certain info that we are not able to deliver to the supplicant back. I know that it is not a clean way of doing that but it is something like our last attempt.

BTW, Why are not AVP tunnelled back to supplicant and do not go inside TTLS session?

Regards,
2009/3/16 Alan DeKok <aland@deployingradius.com>
Enrique de la Hoz wrote:
> We are trying to develop a module to make possible to add extra
> information to EAP Messages.

 Huh?  Why would you ever do that?

 The EAP protocol is well defined.  Adding "extra" information to it is
like adding "extra" data to IP packets.  It will be ignored... at best.

> We are employing rlm_perlo module. Up to
> now, we have been able to add new EAP-Message attributes to the RADIUS
> response packets but we cannot figure out how to modify the current
> EAP-Message already addedd. It is assumed (from RFC 3579) that multiple
> EAP Message attributes will be concatenated to form a single EAP Packet
> but the thing is that we do not receive the added information in our
> supplicant.
>
> Two questions arise:
>  1) Is it possible to modify EAP-Message attributes from perl modules?
>  2) If not, should we go through a per EAP-athentication method C source
> code modification?

 What are you trying to do, and why?

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Enrique de la Hoz de la Hoz