So I've been looking at adding support for Diameter EAP in my server. After reading up on rfc4072
and rfc3748
I was fooled to have a general idea.
My expectation was that the client would pass a so called EAP-Start
message (an empty EAP-Payload
AVP) to my server. I would respond with an proper EAP request for identity (type 1) and diameter client would deliver the response to that in the new EAP-Payload and then the cycle would continue.
However, when I was looking at actual pcap traces from freeDiameter
(ex this pcap) I noticed that the 1st EAP diameter request (No.6) contained an EAP Identity response (!!) already. Kind of by-passing the initial round-trip.
While I don't have a huge a problem with implementing this I would really like to know if this is by (EAP-)spec? Can you start an EAP transaction with a response with?
Yes - actually, that IS in the spec.
So you need ANY message to trigger the server to start EAP sequence. That is why usually you see the same message twice.