EAP-success Id mis-match?
Cao,Zhen (cz)
zehn.cao at gmail.com
Tue Feb 5 03:43:44 CET 2013
Hi Alan,
We tested with eap-ttls and eap-tls, there was no id+1 behavior. So i
went into the code in eap-sim.
src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c
In functions eap_sim_sendstart(EAP_HANDLER * handler),
eap_sim_sendchallenge(EAP_HANDLER * handler), and
eap_sim_sendsuccess(EAP_HANDLER * handler), there is code like this
‘*newvp->vp_integer = ess->sim_id++;’
this makes the server uses the increased id when sending out the eap-success.
I believe this the cause of the problem. What's your opinion?
thanks and regards,
zhen
On Mon, Feb 4, 2013 at 12:11 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Cao,Zhen (cz) wrote:
>> What’s the standard way then?
>
> RFC 2284 Section 2.2.2 says this for EAP-Success:
>
> Identifier
>
> The Identifier field is one octet and aids in matching replies to
> Responses. The Identifier field MUST match the Indentifier field
> of the Response packet that it is sent in response to.
>
> This is what FreeRADIUS does. See src/modules/rlm_eap/eap.c,
> eap_compose() function. Success and Failure send the same ID. Other
> EAP packet types increment the ID.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list