Mercurial > hg > freeDiameter
annotate doc/app_redirect.conf.sample @ 1562:6219359a36a9 default tip
Merge latest changes from proposed branch
| author | Sebastien Decugis <sdecugis@freediameter.net> |
|---|---|
| date | Mon, 21 Jun 2021 19:08:18 +0800 |
| parents | 8d7201a747eb |
| children |
| rev | line source |
|---|---|
|
722
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
1 # This file contains the configuration for the app_redirect extension of freeDiameter. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
2 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
3 # This extension provides configurable Redirect messages. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
4 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
5 # Lines starting with a # are comments and ignored. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
6 # Spaces and newlines are not meaningful, except inside quoted areas. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
7 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
8 ######################################################################################### |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
9 # See Diameter RFC for a detailed explanation on Redirects semantics # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
10 ######################################################################################### |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
11 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
12 ## default_redirect_cache_time |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
13 # Specify the default value for Redirect-Max-Cache-Time. |
| 987 | 14 # This value can be overwritten for each rule as specified below. |
|
722
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
15 # If this value is not specified, the default is: |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
16 #default_redirect_cache_time = 86400; ## => 1 day |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
17 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
18 # The remaining of this file contains a list of RULE elements. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
19 # Each RULE consists in three parts: |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
20 # - a CRITERIA that specifies which messages the RULE applies to. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
21 # - a REDIRECT_TYPE that specifies what type of redirect is to be sent, and its duration. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
22 # - a TARGET_HOSTS list that specifies the host(s) to send the message to. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
23 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
24 # The rules are matched in the order they appear in this file. Once a rule has matched, the |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
25 # remaining rules are not processed. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
26 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
27 # The basic format of a rule is: |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
28 # REDIRECT_TYPE : CRITERIA to TARGET_HOSTS ; |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
29 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
30 # These are a few examples. The definition of each term follows. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
31 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
32 # 1) REALM_AND_APPLICATION : app=3 "Destination-Realm"="myrealm.net" to "aaas://acct1.myrealm.net" "aaas://acct2.myrealm.net"; |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
33 # will ask all peers sending a Base Accounting message for realm "myrealm.net" to send |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
34 # this message directly to either 'acct1.myrealm.net' or 'acct2.myrealm.net'. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
35 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
36 # 2) ALL_SESSION 3600 : "Origin-AAA-Protocol"=1 "Destination-Realm"="myrealm.net" to "aaas://raddiam.myrealm.net"; |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
37 # Will ask any peer sending messages translated from RADIUS and targeted to this realm |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
38 # to address all the messages from the same session to 'raddiam.myrealm.net'. The |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
39 # redirect entry should be stored for 1 hour. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
40 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
41 # 3) ALL_HOST : from.realm=[".*\.(fr|de|es)"] to "aaas://relay-EU.myrealm.net"; |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
42 # ALL_HOST : from.realm=[".*\.(cn|jp|vn)"] to "aaas://relay-ASIA.myrealm.net"; |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
43 # Redirect messages to different relays depending on where they come from. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
44 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
45 # 4) ALL_HOST : to "aaas://newserv.myrealm.net"; |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
46 # This server was relocated, tell all peers to go directly to the new one. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
47 # This rule should appear last because it matches all messages, so further rules will never be used. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
48 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
49 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
50 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
51 # REDIRECT_TYPE |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
52 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
53 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
54 # The redirect_type is one of the following (see Redirect-Host-Usage AVP definition in RFC for semantics): |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
55 # DONT_CACHE |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
56 # ALL_SESSION |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
57 # ALL_REALM |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
58 # REALM_AND_APPLICATION |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
59 # ALL_APPLICATION |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
60 # ALL_HOST |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
61 # ALL_USER |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
62 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
63 # In addition, an integer can follow. If specified, it overwrites the default_redirect_cache_time |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
64 # value for this rule. The value is always specified in seconds. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
65 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
66 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
67 # CRITERIA |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
68 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
69 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
70 # Each RULE can contain 0 or more criteria. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
71 # If no criteria is specified, all messages are assumed to match (wildcard). |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
72 # If more than one criteria is specified, an "AND" relationship is assumed. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
73 # If you need to specify "OR", just create separate rules. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
74 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
75 # In the following definitions, "STR/REG" stands for: |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
76 # - a quoted string "some.peer" that will match exactly this string (case-insensitive), or |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
77 # - a bracket-quoted string ["some regex"] that will be interpreted as a POSIX extended regular expression (case-sensitive), and attempt to match the string. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
78 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
79 # A criteria is one of the following: |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
80 # from.id="STR/REG" -> matches messages received from peer with this Diameter Identity. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
81 # from.realm="STR/REG" -> matches messages received from peer with this Realm. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
82 # app=U32_VALUE -> matches messages with this Diameter Application-Id value in its header. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
83 # "AVP-name"=U32_VALUE -> matches messages that contain an avp "AVP-name" (replace with the realm name) with this value. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
84 # "AVP-name"="STR/REG" -> matches messages that contain an avp "AVP-name" (replace with the realm name) with this . |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
85 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
86 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
87 # TARGET_HOSTS |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
88 # |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
89 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
90 # This is a simple list of DiameterURI that must be sent back. |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
91 # See the RFC for valid format of Diameter URI: |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
92 # "aaa://" FQDN [ port ] [ transport ] [ protocol ] |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
93 # "aaas://" FQDN [ port ] [ transport ] [ protocol ] |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
94 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
95 ###################################################################################### |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
96 |
|
6a7323cd78b3
New app_redirect.fdx code (UNTESTED)
Sebastien Decugis <sdecugis@nict.go.jp>
parents:
diff
changeset
|
97 |