chudler/gist:879885

## gistfile1.c
	/*
	 *	We use default fragment size, unless the Framed-MTU
	 *	tells us it's too big.  Note that we do NOT account
	 *	for the EAP-TLS headers if conf->fragment_size is
	 *	large, because that config item looks to be confusing.
	 *
	 *	i.e. it should REALLY be called MTU, and the code here
	 *	should figure out what that means for TLS fragment size.
	 *	asking the administrator to know the internal details
	 *	of EAP-TLS in order to calculate fragment sizes is
	 *	just too much.
	 */
	ssn->offset = inst->conf->fragment_size;
	vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU);
	if (vp && ((vp->vp_integer - 14) < ssn->offset)) {
		/*
		 *	Discount the Framed-MTU by:
		 *	 4 : EAPOL header
		 *	 4 : EAP header (code + id + length)
		 *	 1 : EAP type == EAP-TLS
		 *	 1 : EAP-TLS Flags
		 *	 4 : EAP-TLS Message length
		 *	    (even if conf->include_length == 0,
		 *	     just to be lazy).
		 *	---
		 *	14
		 */
		ssn->offset = vp->vp_integer - 14;
	}
	/*
	* We use default fragment size, unless the Framed-MTU
	* tells us it's too big. Note that we do NOT account
	* for the EAP-TLS headers if conf->fragment_size is
	* large, because that config item looks to be confusing.
	*
	* i.e. it should REALLY be called MTU, and the code here
	* should figure out what that means for TLS fragment size.
	* asking the administrator to know the internal details
	* of EAP-TLS in order to calculate fragment sizes is
	* just too much.
	*/
	ssn->offset = inst->conf->fragment_size;
	vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU);
	if (vp && ((vp->vp_integer - 14) < ssn->offset)) {
	/*
	* Discount the Framed-MTU by:
	* 4 : EAPOL header
	* 4 : EAP header (code + id + length)
	* 1 : EAP type == EAP-TLS
	* 1 : EAP-TLS Flags
	* 4 : EAP-TLS Message length
	* (even if conf->include_length == 0,
	* just to be lazy).
	* ---
	* 14
	*/
	ssn->offset = vp->vp_integer - 14;
	}