rfc6929 : combination extended-type/long-extended-type and TLV data type

Alan DeKok aland at deployingradius.com
Tue Nov 10 15:48:58 CET 2015


On Nov 10, 2015, at 5:41 AM, Vereecke, Katrien (Katrien) <katrien.vereecke at alcatel-lucent.com> wrote:
> According to rfc6929 the combination of a extended or long-extended-type and tlv-data type is allowed.
> The rfc states that the TLV-length must have a value between 3 and 255, but is this correct in case of an extended or long extended type , should it then not be respectively 252 and 251 max?

  When the TLV is encapsulated in another attribute, yes... the allowed length is smaller than 255.

> I was testing the TLV data type and long extended type, I defined in my dictionary the following:
> ATTRIBUTE Test-Attr-261-11         246.11      tlv
> ATTRIBUTE Test-Attr-261-11-1     246.11.1  octets
> 
> And in my users file I included
> Test-Attr-261-11-1 = 0x00112233445566aabbccddeeff0011223344..........  => with a length more than 300 octets

  Which is allowed by the server internally, as it can handle arbitrary length data.

> In the wireshark I see that the attribute is fragmented but the length-attr and the tlv-length are both set to  ff and the second fragmented part does only contain the octets up till data length 255, not all octets specified in my users file.  Is this correct?

  Yes.  The RADIUS encoder truncates the data to the maximum allowed length.  It does this for *all* attributes.  Try setting large values for User-Name, or Class.  The same thing will happen.

  Alan DeKok.




More information about the Freeradius-Users mailing list