EAP-success Id mis-match?

Cao,Zhen (cz) zehn.cao at gmail.com
Tue Feb 5 03:43:44 CET 2013

Hi Alan,

We tested with eap-ttls and eap-tls, there was no id+1 behavior. So i
went into the code in eap-sim.

In functions eap_sim_sendstart(EAP_HANDLER * handler),
eap_sim_sendchallenge(EAP_HANDLER * handler), and
eap_sim_sendsuccess(EAP_HANDLER * handler), there is code like this
‘*newvp->vp_integer = ess->sim_id++;’

this makes the server uses the increased id when sending out the eap-success.

I believe this the cause of the problem. What's your opinion?

thanks and regards,

On Mon, Feb 4, 2013 at 12:11 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Cao,Zhen (cz) wrote:
>> What’s the standard way then?
>   RFC 2284 Section 2.2.2 says this for EAP-Success:
>    Identifier
>       The Identifier field is one octet and aids in matching replies to
>       Responses.  The Identifier field MUST match the Indentifier field
>       of the Response packet that it is sent in response to.
>   This is what FreeRADIUS does.  See src/modules/rlm_eap/eap.c,
> eap_compose() function.  Success and Failure send the same ID.  Other
> EAP packet types increment the ID.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list