rfc6929 : combination extended-type/long-extended-type and TLV data type
aland at deployingradius.com
Tue Nov 10 15:48:58 CET 2015
On Nov 10, 2015, at 5:41 AM, Vereecke, Katrien (Katrien) <katrien.vereecke at alcatel-lucent.com> wrote:
> According to rfc6929 the combination of a extended or long-extended-type and tlv-data type is allowed.
> The rfc states that the TLV-length must have a value between 3 and 255, but is this correct in case of an extended or long extended type , should it then not be respectively 252 and 251 max?
When the TLV is encapsulated in another attribute, yes... the allowed length is smaller than 255.
> I was testing the TLV data type and long extended type, I defined in my dictionary the following:
> ATTRIBUTE Test-Attr-261-11 246.11 tlv
> ATTRIBUTE Test-Attr-261-11-1 246.11.1 octets
> And in my users file I included
> Test-Attr-261-11-1 = 0x00112233445566aabbccddeeff0011223344.......... => with a length more than 300 octets
Which is allowed by the server internally, as it can handle arbitrary length data.
> In the wireshark I see that the attribute is fragmented but the length-attr and the tlv-length are both set to ff and the second fragmented part does only contain the octets up till data length 255, not all octets specified in my users file. Is this correct?
Yes. The RADIUS encoder truncates the data to the maximum allowed length. It does this for *all* attributes. Try setting large values for User-Name, or Class. The same thing will happen.
More information about the Freeradius-Users