> > So it basically says that multiple Attribute-Value Pairs of EAP-Message
> > type in the same packet should be considered ONE EAP-Message.
> >
> > But then we are dealing with virtual representation of data, not
> > the factual/physical layout of the packet.
> I've just checked in code to reassemble EAP-Message AVPs within a RADIUS
> message.
cool. I was planning to work on it today, so I guess I don't need to worry
about it anymore :)
I'll check it out later today (more cvs problems right now).
> > On the very similar token. Once we go one level up, and go to EAP message
> > of type 0xd (13). That is the EAP/TLS glue layer, it in turn again specify
> > that the TLS/SSL packet might be fragmented using EAP/TLS glue layer and
> > span multiple packets.
>
> Yes, we should do that as well.
How complex it would be to implement?
Basically we need to look if there's "more" flag set at EAP/TLE glue
layer, if so there will be more distinct packets. The last fragment will
not have "more" flag set. They all should add to size as specificed by the
Length Field (it is always set in the first fragment, and optionally in
later fragments).
The way I see the biggest issue is to "find" those other packets.
--
Adam
http://www.eax.com The Supreme Headquarters of the 32 bit registers