Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The outer EAP packet (section 2.2.1) that contains a PEAP packet MUST have the Type field set to 25 (see section 1.9).
The following diagram shows the format of the PEAP packet, which is placed in the Type-Data field of the EAP packet.
The fields of the header are transmitted as bytes from left to right.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Flags |
Ver |
Data (variable) |
|||||||||||||||||||||||||||||
... |
Flags (6 bits): A 6-bit field that is used to represent a set of flags. The value MUST be formatted as follows.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1L
M
S
A
B
C
-
L (1 bit): The L bit is set to indicate the presence of the TLS_Message_Length field, as discussed later.
The L bit MUST be set to zero in the PEAP fragment acknowledgement packet (section 2.2.3).
The L bit MUST be set to one in the first fragment of a fragmented message.
-
M (1 bit): If the TLS message encapsulated in PEAP is fragmented, the M bit MUST be set on all but the last fragment. If the TLS message encapsulated in PEAP is not fragmented, the M bit MUST NOT be set.<1>
-
S (1 bit): The S bit is set in a PEAP start message. This differentiates the PEAP start message from a fragment acknowledgment. The S bit MUST be sent only by the PEAP server and it MUST be set only in the first packet from the PEAP server to the peer. Note that the PEAP start message carries the initial handshake for the TLS session, as specified in [RFC2246] section 7.
-
D - R1 (1 bit): The R bits are reserved. They MUST be set to zero when sent and MUST be ignored on receipt.
-
E - R2 (1 bit): The R bits are reserved. They MUST be set to zero when sent and MUST be ignored on receipt.
-
F - R3 (1 bit): The R bits are reserved. They MUST be set to zero when sent and MUST be ignored on receipt.
Ver (2 bits): Two bits are used to communicate and negotiate the version of PEAP being used; it MUST be formatted as follows.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1The flags field documented earlier.
R
V
-
R (1 bit): The R bit is reserved. It MUST be set to zero when sent and MUST be ignored on receipt.
-
V (1 bit): Indicates the version of PEAP. It MUST be set to zero.
Data (variable): An array of bytes that MUST be formatted as follows.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1TLS_Message_Length
TLS_Data (variable)
...
-
TLS_Message_Length (4 bytes): A 32-bit unsigned integer in network byte order that indicates the length, in bytes, of the unfragmented TLS Data, and is present only if the L flag is set in the Flags field.
-
TLS_Data (variable): The encapsulated (complete or fragmented) TLS packet in TLS record format (as specified in [RFC2246] section 6).