Mercurial > hg > freeDiameter

comparison extensions/dict_nasreq/dict_nasreq.c @ 10:c5c99c73c2bf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added some extensions and functions in the daemon
author Sebastien Decugis <sdecugis@nict.go.jp>
date Fri, 25 Sep 2009 16:12:08 +0900
parents
children 50aaa4028967
comparison
equal deleted inserted replaced
9:fc7c18867cf7 10:c5c99c73c2bf
1 /*********************************************************************************************************
2 * Software License Agreement (BSD License) *
3 * Author: Sebastien Decugis <sdecugis@nict.go.jp> *
4 * *
5 * Copyright (c) 2009, WIDE Project and NICT *
6 * All rights reserved. *
7 * *
8 * Redistribution and use of this software in source and binary forms, with or without modification, are *
9 * permitted provided that the following conditions are met: *
10 * *
11 * * Redistributions of source code must retain the above *
12 * copyright notice, this list of conditions and the *
13 * following disclaimer. *
14 * *
15 * * Redistributions in binary form must reproduce the above *
16 * copyright notice, this list of conditions and the *
17 * following disclaimer in the documentation and/or other *
18 * materials provided with the distribution. *
19 * *
20 * * Neither the name of the WIDE Project or NICT nor the *
21 * names of its contributors may be used to endorse or *
22 * promote products derived from this software without *
23 * specific prior written permission of WIDE Project and *
24 * NICT. *
25 * *
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS *
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF *
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
34 *********************************************************************************************************/
35
36 /*
37 * Dictionary definitions of objects specified in Diameter NASREQ (RFC4005).
38 */
39 #include <freeDiameter/extension.h>
40
41 /* The content of this file follows the same structure as dict_base_proto.c */
42
43 #define CHECK_dict_new( _type, _data, _parent, _ref ) \
44 CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) );
45
46 #define CHECK_dict_search( _type, _criteria, _what, _result ) \
47 CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) );
48
49 struct local_rules_definition {
50 char *avp_name;
51 enum rule_position position;
52 int min;
53 int max;
54 };
55
56 #define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 )
57
58 #define PARSE_loc_rules( _rulearray, _parent) { \
59 int __ar; \
60 for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \
61 struct dict_rule_data __data = { NULL, \
62 (_rulearray)[__ar].position, \
63 0, \
64 (_rulearray)[__ar].min, \
65 (_rulearray)[__ar].max}; \
66 __data.rule_order = RULE_ORDER(__data.rule_position); \
67 CHECK_FCT( fd_dict_search( \
68 fd_g_config->cnf_dict, \
69 DICT_AVP, \
70 AVP_BY_NAME, \
71 (_rulearray)[__ar].avp_name, \
72 &__data.rule_avp, 0 ) ); \
73 if ( !__data.rule_avp ) { \
74 TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \
75 return ENOENT; \
76 } \
77 CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \
78 { \
79 TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \
80 (_rulearray)[__ar].avp_name ); \
81 return EINVAL; \
82 } ); \
83 } \
84 }
85
86 #define enumval_def_u32( _val_, _str_ ) \
87 { _str_, { .u32 = _val_ }}
88
89 #define enumval_def_os( _len_, _val_, _str_ ) \
90 { _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}}
91
92
93 static int dnr_entry(char * conffile)
94 {
95 struct dict_object * nasreq;
96 TRACE_ENTRY("%p", conffile);
97
98 /* No Vendors definitions */
99
100 /* Applications section */
101 {
102 /* NASREQ (RFC 4005) */
103 {
104 struct dict_application_data data = { 1, "Diameter Network Access Server Application" };
105 CHECK_dict_new( DICT_APPLICATION, &data, NULL, &nasreq);
106 }
107 }
108
109 /* Derived AVP types section */
110 {
111 /* QoSFilterRule */
112 {
113 /*
114 The QosFilterRule format is derived from the OctetString AVP Base
115 Format. It uses the ASCII charset. Packets may be marked or
116 metered based on the following information:
117
118 Direction (in or out)
119 Source and destination IP address (possibly masked)
120 Protocol
121 Source and destination port (lists or ranges)
122 DSCP values (no mask or range)
123
124 Rules for the appropriate direction are evaluated in order; the
125 first matched rule terminates the evaluation. Each packet is
126 evaluated once. If no rule matches, the packet is treated as best
127 effort. An access device unable to interpret or apply a QoS rule
128 SHOULD NOT terminate the session.
129
130 QoSFilterRule filters MUST follow the following format:
131
132 action dir proto from src to dst [options]
133
134 tag - Mark packet with a specific DSCP
135 [DIFFSERV]. The DSCP option MUST be
136 included.
137 meter - Meter traffic. The metering options
138 MUST be included.
139
140 dir The format is as described under IPFilterRule.
141
142 proto The format is as described under IPFilterRule.
143
144 src and dst The format is as described under IPFilterRule.
145
146 options:
147
148 DSCP <color>
149 Color values as defined in [DIFFSERV]. Exact
150 matching of DSCP values is required (no masks or
151 ranges).
152
153 metering <rate> <color_under> <color_over>
154 The metering option provides Assured Forwarding,
155 as defined in [DIFFSERVAF], and MUST be present
156 if the action is set to meter. The rate option is
157 the throughput, in bits per second, used
158 by the access device to mark packets. Traffic
159 over the rate is marked with the color_over
160 codepoint, and traffic under the rate is marked
161 with the color_under codepoint. The color_under
162 and color_over options contain the drop
163 preferences and MUST conform to the recommended
164 codepoint keywords described in [DIFFSERVAF]
165 (e.g., AF13).
166
167 The metering option also supports the strict
168 limit on traffic required by Expedited
169 Forwarding, as defined in [DIFFSERVEF]. The
170 color_over option may contain the keyword "drop"
171 to prevent forwarding of traffic that exceeds the
172 rate parameter.
173
174 The rule syntax is a modified subset of ipfw(8) from FreeBSD,
175 and the ipfw.c code may provide a useful base for
176 implementations.
177 */
178 struct dict_type_data data = { AVP_TYPE_OCTETSTRING, "QoSFilterRule" , NULL , NULL };
179 CHECK_dict_new( DICT_TYPE, &data , NULL, NULL);
180 }
181
182 }
183
184 /* AVP section */
185 {
186 struct dict_object * UTF8String_type;
187 struct dict_object * IPFilterRule_type;
188 struct dict_object * QoSFilterRule_type;
189 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type);
190 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "IPFilterRule", &IPFilterRule_type);
191 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "QoSFilterRule", &QoSFilterRule_type);
192
193 /********************************
194 * NAS Session AVPs *
195 ********************************/
196 /* NAS-Port */
197 {
198 /*
199 The NAS-Port AVP (AVP Code 5) is of type Unsigned32 and contains the
200 physical or virtual port number of the NAS which is authenticating
201 the user. Note that "port" is meant in its sense as a service
202 connection on the NAS, not as an IP protocol identifier.
203
204 Either NAS-Port or NAS-Port-Id (AVP Code 87) SHOULD be present in
205 AA-Request (AAR) commands if the NAS differentiates among its ports.
206 */
207 struct dict_avp_data data = {
208 5, /* Code */
209 0, /* Vendor */
210 "NAS-Port", /* Name */
211 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
212 AVP_FLAG_MANDATORY, /* Fixed flag values */
213 AVP_TYPE_UNSIGNED32 /* base type of data */
214 };
215 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
216 }
217
218 /* NAS-Port-Id */
219 {
220 /*
221 The NAS-Port-Id AVP (AVP Code 87) is of type UTF8String and consists
222 of ASCII text identifying the port of the NAS authenticating the
223 user. Note that "port" is meant in its sense as a service connection
224 on the NAS, not as an IP protocol identifier.
225
226 Either NAS-Port or NAS-Port-Id SHOULD be present in AA-Request (AAR)
227 commands if the NAS differentiates among its ports. NAS-Port-Id is
228 intended for use by NASes that cannot conveniently number their
229 ports.
230 */
231 struct dict_avp_data data = {
232 87, /* Code */
233 0, /* Vendor */
234 "NAS-Port-Id", /* Name */
235 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
236 AVP_FLAG_MANDATORY, /* Fixed flag values */
237 AVP_TYPE_OCTETSTRING /* base type of data */
238 };
239 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
240 }
241
242 /* NAS-Port-Type */
243 {
244 /*
245 The NAS-Port-Type AVP (AVP Code 61) is of type Enumerated and
246 contains the type of the port on which the NAS is authenticating the
247 user. This AVP SHOULD be present if the NAS uses the same NAS-Port
248 number ranges for different service types concurrently.
249
250 The supported values are defined in [RADIUSTypes]. The following
251 list is informational and subject to change by the IANA.
252
253 http://www.iana.org/assignments/radius-types
254 Sub-registry: Values for RADIUS Attribute 61, NAS-Port-Type
255 Reference: [RFC2865]
256
257 Extract on 2009.06.01:
258 0 Async [RFC2865]
259 1 Sync [RFC2865]
260 2 ISDN Sync [RFC2865]
261 3 ISDN Async V.120 [RFC2865]
262 4 ISDN Async V.110 [RFC2865]
263 5 Virtual [RFC2865]
264 6 PIAFS [RFC2865]
265 7 HDLC Clear Channel [RFC2865]
266 8 X.25 [RFC2865]
267 9 X.75 [RFC2865]
268 10 G.3 Fax [RFC2865]
269 11 SDSL - Symmetric DSL [RFC2865]
270 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865]
271 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865]
272 14 IDSL - ISDN Digital Subscriber Line [RFC2865]
273 15 Ethernet [RFC2865]
274 16 xDSL - Digital Subscriber Line of unknown type [RFC2865]
275 17 Cable [RFC2865]
276 18 Wireless - Other [RFC2865]
277 19 Wireless - IEEE 802.11 [RFC2865]
278 20 Token-Ring [RFC3580]
279 21 FDDI [RFC3580]
280 22 Wireless - CDMA2000 [McCann]
281 23 Wireless - UMTS [McCann]
282 24 Wireless - 1X-EV [McCann]
283 25 IAPP [IEEE 802.11F][Kerry]
284 26 FTTP - Fiber to the Premises [Nyce]
285 27 Wireless - IEEE 802.16 [IEEE 802.16] 12 December 2006
286 28 Wireless - IEEE 802.20 [IEEE 802.20] 12 December 2006
287 29 Wireless - IEEE 802.22 [IEEE 802.22] 12 December 2006
288 30 PPPoA - PPP over ATM [RFC4603]
289 31 PPPoEoA - PPP over Ethernet over ATM [RFC4603]
290 32 PPPoEoE - PPP over Ethernet over Ethernet [RFC4603]
291 33 PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603]
292 34 PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603]
293 35 xPON - Passive Optical Network [Hublet][Yan] 19 June 2007
294 */
295
296 struct dict_object *type;
297 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(NAS-Port-Type)" , NULL, NULL};
298 struct dict_enumval_data tvals[] = {
299 enumval_def_u32( 0, "Async [RFC2865]"),
300 enumval_def_u32( 1, "Sync [RFC2865]"),
301 enumval_def_u32( 2, "ISDN Sync [RFC2865]"),
302 enumval_def_u32( 3, "ISDN Async V.120 [RFC2865]"),
303 enumval_def_u32( 4, "ISDN Async V.110 [RFC2865]"),
304 enumval_def_u32( 5, "Virtual [RFC2865]"),
305 enumval_def_u32( 6, "PIAFS [RFC2865]"),
306 enumval_def_u32( 7, "HDLC Clear Channel [RFC2865]"),
307 enumval_def_u32( 8, "X.25 [RFC2865]"),
308 enumval_def_u32( 9, "X.75 [RFC2865]"),
309 enumval_def_u32(10, "G.3 Fax [RFC2865]"),
310 enumval_def_u32(11, "SDSL - Symmetric DSL [RFC2865]"),
311 enumval_def_u32(12, "ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865]"),
312 enumval_def_u32(13, "ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865]"),
313 enumval_def_u32(14, "IDSL - ISDN Digital Subscriber Line [RFC2865]"),
314 enumval_def_u32(15, "Ethernet [RFC2865]"),
315 enumval_def_u32(16, "xDSL - Digital Subscriber Line of unknown type [RFC2865]"),
316 enumval_def_u32(17, "Cable [RFC2865]"),
317 enumval_def_u32(18, "Wireless - Other [RFC2865]"),
318 enumval_def_u32(19, "Wireless - IEEE 802.11 [RFC2865]"),
319 enumval_def_u32(20, "Token-Ring [RFC3580]"),
320 enumval_def_u32(21, "FDDI [RFC3580]"),
321 enumval_def_u32(22, "Wireless - CDMA2000 [McCann]"),
322 enumval_def_u32(23, "Wireless - UMTS [McCann]"),
323 enumval_def_u32(24, "Wireless - 1X-EV [McCann]"),
324 enumval_def_u32(25, "IAPP [IEEE 802.11F][Kerry]"),
325 enumval_def_u32(26, "FTTP - Fiber to the Premises [Nyce]"),
326 enumval_def_u32(27, "Wireless - IEEE 802.16 [IEEE 802.16]"),
327 enumval_def_u32(28, "Wireless - IEEE 802.20 [IEEE 802.20]"),
328 enumval_def_u32(29, "Wireless - IEEE 802.22 [IEEE 802.22]"),
329 enumval_def_u32(30, "PPPoA - PPP over ATM [RFC4603]"),
330 enumval_def_u32(31, "PPPoEoA - PPP over Ethernet over ATM [RFC4603]"),
331 enumval_def_u32(32, "PPPoEoE - PPP over Ethernet over Ethernet [RFC4603]"),
332 enumval_def_u32(33, "PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603]"),
333 enumval_def_u32(34, "PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603]"),
334 enumval_def_u32(35, "xPON - Passive Optical Network [Hublet][Yan]")
335 };
336 struct dict_avp_data data = {
337 61, /* Code */
338 0, /* Vendor */
339 "NAS-Port-Type", /* Name */
340 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
341 AVP_FLAG_MANDATORY, /* Fixed flag values */
342 AVP_TYPE_UNSIGNED32 /* base type of data */
343 };
344 int i;
345 /* Create the Enumerated type, enumerated values, and the AVP */
346 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
347 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
348 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
349 }
350 CHECK_dict_new( DICT_AVP, &data , type, NULL);
351 }
352
353 /* Called-Station-Id */
354 {
355 /*
356 The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and
357 allows the NAS to send the ASCII string describing the layer 2
358 address the user contacted in the request. For dialup access, this
359 can be a phone number obtained by using Dialed Number Identification
360 (DNIS) or a similar technology. Note that this may be different from
361 the phone number the call comes in on. For use with IEEE 802 access,
362 the Called-Station-Id MAY contain a MAC address formatted as
363 described in [RAD802.1X]. It SHOULD only be present in
364 authentication and/or authorization requests.
365
366 If the Auth-Request-Type AVP is set to authorization-only and the
367 User-Name AVP is absent, the Diameter Server MAY perform
368 authorization based on this field. This can be used by a NAS to
369 request whether a call should be answered based on the DNIS.
370 */
371 struct dict_avp_data data = {
372 30, /* Code */
373 0, /* Vendor */
374 "Called-Station-Id", /* Name */
375 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
376 AVP_FLAG_MANDATORY, /* Fixed flag values */
377 AVP_TYPE_OCTETSTRING /* base type of data */
378 };
379 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
380 }
381
382 /* Calling-Station-Id */
383 {
384 /*
385 The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and
386 allows the NAS to send the ASCII string describing the layer 2
387 address from which the user connected in the request. For dialup
388 access, this is the phone number the call came from, using Automatic
389 Number Identification (ANI) or a similar technology. For use with
390 IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC
391 address, formated as described in [RAD802.1X]. It SHOULD only be
392 present in authentication and/or authorization requests.
393
394 If the Auth-Request-Type AVP is set to authorization-only and the
395 User-Name AVP is absent, the Diameter Server MAY perform
396 authorization based on this field. This can be used by a NAS to
397 request whether a call should be answered based on the layer 2
398 address (ANI, MAC Address, etc.)
399 */
400 struct dict_avp_data data = {
401 31, /* Code */
402 0, /* Vendor */
403 "Calling-Station-Id", /* Name */
404 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
405 AVP_FLAG_MANDATORY, /* Fixed flag values */
406 AVP_TYPE_OCTETSTRING /* base type of data */
407 };
408 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
409 }
410
411 /* Connect-Info */
412 {
413 /*
414 The Connect-Info AVP (AVP Code 77) is of type UTF8String and is sent
415 in the AA-Request message or ACR STOP message. When sent in the
416 Access-Request, it indicates the nature of the user's connection.
417 The connection speed SHOULD be included at the beginning of the first
418 Connect-Info AVP in the message. If the transmit and receive
419 connection speeds differ, both may be included in the first AVP with
420 the transmit speed listed first (the speed the NAS modem transmits
421 at), then a slash (/), then the receive speed, and then other
422 optional information.
423
424 For example: "28800 V42BIS/LAPM" or "52000/31200 V90"
425
426 More than one Connect-Info attribute may be present in an
427 Accounting-Request packet to accommodate expected efforts by the ITU
428 to have modems report more connection information in a standard
429 format that might exceed 252 octets.
430
431 If sent in the ACR STOP, this attribute may summarize statistics
432 relating to session quality. For example, in IEEE 802.11, the
433 Connect-Info attribute may contain information on the number of link
434 layer retransmissions. The exact format of this attribute is
435 implementation specific.
436 */
437 struct dict_avp_data data = {
438 77, /* Code */
439 0, /* Vendor */
440 "Connect-Info", /* Name */
441 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
442 AVP_FLAG_MANDATORY, /* Fixed flag values */
443 AVP_TYPE_OCTETSTRING /* base type of data */
444 };
445 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
446 }
447
448 /* Originating-Line-Info */
449 {
450 /*
451 The Originating-Line-Info AVP (AVP Code 94) is of type OctetString
452 and is sent by the NAS system to convey information about the origin
453 of the call from an SS7 system.
454
455 The originating line information (OLI) element indicates the nature
456 and/or characteristics of the line from which a call originated
457 (e.g., pay phone, hotel, cellular). Telephone companies are starting
458 to offer OLI to their customers as an option over Primary Rate
459 Interface (PRI). Internet Service Providers (ISPs) can use OLI in
460 addition to Called-Station-Id and Calling-Station-Id attributes to
461 differentiate customer calls and to define different services.
462
463 The Value field contains two octets (00 - 99). ANSI T1.113 and
464 BELLCORE 394 can be used for additional information about these
465 values and their use. For more information on current assignment
466 values, see [http://www.nanpa.com/number_resource_info/ani_ii_assignments.html].
467
468 */
469 struct dict_object *type;
470 struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated*(Originating-Line-Info)" , NULL, NULL};
471 struct dict_enumval_data tvals[] = {
472 enumval_def_os( 2, "00", "Plain Old Telephone Service (POTS)"),
473 enumval_def_os( 2, "01", "Multiparty Line (more than 2)"),
474 enumval_def_os( 2, "02", "ANI Failure"),
475 enumval_def_os( 2, "06", "Station Level Rating"),
476 enumval_def_os( 2, "07", "Special Operator Handling Required"),
477 enumval_def_os( 2, "20", "Automatic Identified Outward Dialing (AIOD)"),
478 enumval_def_os( 2, "23", "Coin or Non-Coin"),
479 enumval_def_os( 2, "24", "Toll Free Service (Non-Pay Origination)"),
480 enumval_def_os( 2, "25", "Toll Free Service (Pay Origination)"),
481 enumval_def_os( 2, "27", "Toll Free Service (Coin Control Origination)"),
482 enumval_def_os( 2, "29", "Prison/Inmate Service"),
483 enumval_def_os( 2, "30", "Intercept (Blank)"),
484 enumval_def_os( 2, "31", "Intercept (Trouble)"),
485 enumval_def_os( 2, "32", "Intercept (Regular)"),
486 enumval_def_os( 2, "34", "Telco Operator Handled Call"),
487 enumval_def_os( 2, "52", "Outward Wide Area Telecommunications Service (OUTWATS)"),
488 enumval_def_os( 2, "60", "Telecommunications Relay Service (TRS)(Unrestricted)"),
489 enumval_def_os( 2, "61", "Cellular/Wireless PCS (Type 1)"),
490 enumval_def_os( 2, "62", "Cellular/Wireless PCS (Type 2)"),
491 enumval_def_os( 2, "63", "Cellular/Wireless PCS (Roaming)"),
492 enumval_def_os( 2, "66", "TRS (Hotel)"),
493 enumval_def_os( 2, "67", "TRS (Restricted)"),
494 enumval_def_os( 2, "70", "Pay Station, No Coin Control"),
495 enumval_def_os( 2, "93", "Access for Private Virtual Network Service")
496 };
497 struct dict_avp_data data = {
498 94, /* Code */
499 0, /* Vendor */
500 "Originating-Line-Info", /* Name */
501 AVP_FLAG_VENDOR, /* Fixed flags */
502 0, /* Fixed flag values */
503 AVP_TYPE_OCTETSTRING /* base type of data */
504 };
505 int i;
506 /* Create the Enumerated type, enumerated values, and the AVP */
507 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
508 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
509 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
510 }
511 CHECK_dict_new( DICT_AVP, &data , type, NULL);
512 }
513
514 /* Reply-Message */
515 {
516 /*
517 The Reply-Message AVP (AVP Code 18) is of type UTF8String and
518 contains text that MAY be displayed to the user. When used in an
519 AA-Answer message with a successful Result-Code AVP, it indicates
520 success. When found in an AAA message with a Result-Code other than
521 DIAMETER_SUCCESS, the AVP contains a failure message.
522
523 The Reply-Message AVP MAY indicate dialog text to prompt the user
524 before another AA-Request attempt. When used in an AA-Answer with a
525 Result-Code of DIAMETER_MULTI_ROUND_AUTH or in an Re-Auth-Request
526 message, it MAY contain a dialog text to prompt the user for a
527 response.
528
529 Multiple Reply-Messages MAY be included, and if any are displayed,
530 they MUST be displayed in the same order as they appear in the
531 Diameter message.
532 */
533 struct dict_avp_data data = {
534 18, /* Code */
535 0, /* Vendor */
536 "Reply-Message", /* Name */
537 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
538 AVP_FLAG_MANDATORY, /* Fixed flag values */
539 AVP_TYPE_OCTETSTRING /* base type of data */
540 };
541 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
542 }
543
544 /********************************
545 * NAS Authentication AVPs *
546 ********************************/
547 /* User-Password */
548 {
549 /*
550 The User-Password AVP (AVP Code 2) is of type OctetString and
551 contains the password of the user to be authenticated, or the user's
552 input in a multi-round authentication exchange.
553
554 The User-Password AVP contains a user password or one-time password
555 and therefore represents sensitive information. As required in
556 [BASE], Diameter messages are encrypted by using IPsec or TLS.
557 Unless this AVP is used for one-time passwords, the User-Password AVP
558 SHOULD NOT be used in untrusted proxy environments without encrypting
559 it by using end-to-end security techniques, such as the proposed CMS
560 Security [DiamCMS].
561
562 The clear-text password (prior to encryption) MUST NOT be longer than
563 128 bytes in length.
564 */
565 struct dict_avp_data data = {
566 2, /* Code */
567 0, /* Vendor */
568 "User-Password", /* Name */
569 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
570 AVP_FLAG_MANDATORY, /* Fixed flag values */
571 AVP_TYPE_OCTETSTRING /* base type of data */
572 };
573 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
574 }
575
576 /* Password-Retry */
577 {
578 /*
579 The Password-Retry AVP (AVP Code 75) is of type Unsigned32 and MAY be
580 included in the AA-Answer if the Result-Code indicates an
581 authentication failure. The value of this AVP indicates how many
582 authentication attempts a user is permitted before being
583 disconnected. This AVP is primarily intended for use when the
584 Framed-Protocol AVP (see section 6.10.1) is set to ARAP.
585 */
586 struct dict_avp_data data = {
587 75, /* Code */
588 0, /* Vendor */
589 "Password-Retry", /* Name */
590 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
591 AVP_FLAG_MANDATORY, /* Fixed flag values */
592 AVP_TYPE_UNSIGNED32 /* base type of data */
593 };
594 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
595 }
596
597 /* Prompt */
598 {
599 /*
600 The Prompt AVP (AVP Code 76) is of type Enumerated and MAY be present
601 in the AA-Answer message. When present, it is used by the NAS to
602 determine whether the user's response, when entered, should be
603 echoed.
604
605 The supported values are listed in http://www.iana.org/assignments/radius-types
606 Sub-registry: Values for RADIUS Attribute 76, Prompt
607 Reference: [RFC2869]
608 */
609 struct dict_object *type;
610 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Prompt)" , NULL, NULL};
611 struct dict_enumval_data tvals[] = {
612 enumval_def_u32( 0, "No Echo [RFC2869]"),
613 enumval_def_u32( 1, "Echo [RFC2869]")
614 };
615 struct dict_avp_data data = {
616 76, /* Code */
617 0, /* Vendor */
618 "Prompt", /* Name */
619 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
620 AVP_FLAG_MANDATORY, /* Fixed flag values */
621 AVP_TYPE_UNSIGNED32 /* base type of data */
622 };
623 int i;
624 /* Create the Enumerated type, enumerated values, and the AVP */
625 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
626 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
627 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
628 }
629 CHECK_dict_new( DICT_AVP, &data , type, NULL);
630 }
631
632 /* CHAP-Algorithm */
633 {
634 /*
635 The CHAP-Algorithm AVP (AVP Code 403) is of type Enumerated and
636 contains the algorithm identifier used in the computation of the CHAP
637 response [PPPCHAP]. The following values are currently supported:
638
639 CHAP with MD5 5
640 The CHAP response is computed by using the procedure described
641 in [PPPCHAP]. This algorithm requires that the CHAP-Response
642 AVP MUST be present in the CHAP-Auth AVP.
643 */
644 struct dict_object *type;
645 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(CHAP-Algorithm)" , NULL, NULL};
646 struct dict_enumval_data tvals[] = {
647 enumval_def_u32( 5, "CHAP with MD5")
648 };
649 struct dict_avp_data adata = {
650 403, /* Code */
651 0, /* Vendor */
652 "CHAP-Algorithm", /* Name */
653 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
654 AVP_FLAG_MANDATORY, /* Fixed flag values */
655 AVP_TYPE_UNSIGNED32 /* base type of data */
656 };
657 int i;
658 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
659 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
660 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
661 }
662 CHECK_dict_new( DICT_AVP, &adata , type, NULL);
663 }
664
665 /* CHAP-Ident */
666 {
667 /*
668 The CHAP-Ident AVP (AVP Code 404) is of type OctetString and contains
669 the 1 octet CHAP Identifier used in the computation of the CHAP
670 response [PPPCHAP].
671 */
672 struct dict_avp_data adata = {
673 404, /* Code */
674 0, /* Vendor */
675 "CHAP-Ident", /* Name */
676 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
677 AVP_FLAG_MANDATORY, /* Fixed flag values */
678 AVP_TYPE_OCTETSTRING /* base type of data */
679 };
680 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL);
681 }
682
683 /* CHAP-Response */
684 {
685 /*
686 The CHAP-Response AVP (AVP Code 405) is of type OctetString and
687 contains the 16 octet authentication data provided by the user in
688 response to the CHAP challenge [PPPCHAP].
689 */
690 struct dict_avp_data adata = {
691 405, /* Code */
692 0, /* Vendor */
693 "CHAP-Response", /* Name */
694 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
695 AVP_FLAG_MANDATORY, /* Fixed flag values */
696 AVP_TYPE_OCTETSTRING /* base type of data */
697 };
698 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL);
699 }
700
701 /* CHAP-Auth */
702 {
703 /*
704 The CHAP-Auth AVP (AVP Code 402) is of type Grouped and contains the
705 information necessary to authenticate a user using the PPP
706 Challenge-Handshake Authentication Protocol (CHAP) [PPPCHAP]. If the
707 CHAP-Auth AVP is found in a message, the CHAP-Challenge AVP MUST be
708 present as well. The optional AVPs containing the CHAP response
709 depend upon the value of the CHAP-Algorithm AVP. The grouped AVP has
710 the following ABNF grammar:
711
712 CHAP-Auth ::= < AVP Header: 402 >
713 { CHAP-Algorithm }
714 { CHAP-Ident }
715 [ CHAP-Response ]
716 * [ AVP ]
717 */
718 struct dict_object * avp;
719 struct dict_avp_data data = {
720 402, /* Code */
721 0, /* Vendor */
722 "CHAP-Auth", /* Name */
723 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
724 AVP_FLAG_MANDATORY, /* Fixed flag values */
725 AVP_TYPE_GROUPED /* base type of data */
726 };
727 struct local_rules_definition rules[] =
728 { { "CHAP-Algorithm", RULE_REQUIRED, -1, 1 }
729 ,{ "CHAP-Ident", RULE_REQUIRED, -1, 1 }
730 ,{ "CHAP-Response", RULE_OPTIONAL, -1, 1 }
731 };
732
733 CHECK_dict_new( DICT_AVP, &data , NULL, &avp);
734 PARSE_loc_rules( rules, avp );
735 }
736
737 /* CHAP-Challenge */
738 {
739 /*
740 The CHAP-Challenge AVP (AVP Code 60) is of type OctetString and
741 contains the CHAP Challenge sent by the NAS to the CHAP peer
742 [PPPCHAP].
743 */
744 struct dict_avp_data data = {
745 60, /* Code */
746 0, /* Vendor */
747 "CHAP-Challenge", /* Name */
748 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
749 AVP_FLAG_MANDATORY, /* Fixed flag values */
750 AVP_TYPE_OCTETSTRING /* base type of data */
751 };
752 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
753 }
754
755 /* ARAP-Password */
756 {
757 /*
758 The ARAP-Password AVP (AVP Code 70) is of type OctetString and is
759 only present when the Framed-Protocol AVP (see section 6.10.1) is
760 included in the message and is set to ARAP. This AVP MUST NOT be
761 present if either the User-Password or the CHAP-Auth AVP is present.
762 See [RADIUSExt] for more information on the contents of this AVP.
763 */
764 struct dict_avp_data data = {
765 70, /* Code */
766 0, /* Vendor */
767 "ARAP-Password", /* Name */
768 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
769 AVP_FLAG_MANDATORY, /* Fixed flag values */
770 AVP_TYPE_OCTETSTRING /* base type of data */
771 };
772 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
773 }
774
775 /* ARAP-Challenge-Response */
776 {
777 /*
778 The ARAP-Challenge-Response AVP (AVP Code 84) is of type OctetString
779 and is only present when the Framed-Protocol AVP (see section 6.10.1)
780 is included in the message and is set to ARAP. This AVP contains an
781 8 octet response to the dial-in client's challenge. The RADIUS
782 server calculates this value by taking the dial-in client's challenge
783 from the high-order 8 octets of the ARAP-Password AVP and performing
784 DES encryption on this value with the authenticating user's password
785 as the key. If the user's password is fewer than 8 octets in length,
786 the password is padded at the end with NULL octets to a length of 8
787 before it is used as a key.
788 */
789 struct dict_avp_data data = {
790 84, /* Code */
791 0, /* Vendor */
792 "ARAP-Challenge-Response", /* Name */
793 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
794 AVP_FLAG_MANDATORY, /* Fixed flag values */
795 AVP_TYPE_OCTETSTRING /* base type of data */
796 };
797 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
798 }
799
800 /* ARAP-Security */
801 {
802 /*
803 The ARAP-Security AVP (AVP Code 73) is of type Unsigned32 and MAY be
804 present in the AA-Answer message if the Framed-Protocol AVP (see
805 section 6.10.1) is set to the value of ARAP, and the Result-Code AVP
806 is set to DIAMETER_MULTI_ROUND_AUTH. See [RADIUSExt] for more
807 information on the format of this AVP.
808 */
809 struct dict_avp_data data = {
810 73, /* Code */
811 0, /* Vendor */
812 "ARAP-Security", /* Name */
813 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
814 AVP_FLAG_MANDATORY, /* Fixed flag values */
815 AVP_TYPE_UNSIGNED32 /* base type of data */
816 };
817 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
818 }
819
820 /* ARAP-Security-Data */
821 {
822 /*
823 The ARAP-Security-Data AVP (AVP Code 74) is of type OctetString and MAY be
824 present in the AA-Request or AA-Answer message if the Framed-Protocol
825 AVP is set to the value of ARAP, and the Result-Code AVP is set to
826 DIAMETER_MULTI_ROUND_AUTH. This AVP contains the security module
827 challenge or response associated with the ARAP Security Module
828 specified in ARAP-Security.
829 */
830 struct dict_avp_data data = {
831 74, /* Code */
832 0, /* Vendor */
833 "ARAP-Security-Data", /* Name */
834 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
835 AVP_FLAG_MANDATORY, /* Fixed flag values */
836 AVP_TYPE_OCTETSTRING /* base type of data */
837 };
838 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
839 }
840
841 /********************************
842 * NAS Authorization AVPs *
843 ********************************/
844 /* Service-Type */
845 {
846 /*
847 The Service-Type AVP (AVP Code 6) is of type Enumerated and contains
848 the type of service the user has requested or the type of service to
849 be provided. One such AVP MAY be present in an authentication and/or
850 authorization request or response. A NAS is not required to
851 implement all of these service types. It MUST treat unknown or
852 unsupported Service-Types received in a response as a failure and end
853 the session with a DIAMETER_INVALID_AVP_VALUE Result-Code.
854
855 When used in a request, the Service-Type AVP SHOULD be considered a
856 hint to the server that the NAS believes the user would prefer the
857 kind of service indicated. The server is not required to honor the
858 hint. Furthermore, if the service specified by the server is
859 supported, but not compatible with the current mode of access, the
860 NAS MUST fail to start the session. The NAS MUST also generate the
861 appropriate error message(s).
862
863 The following values have been defined for the Service-Type AVP. The
864 complete list of defined values can be found in [RADIUS] and
865 [RADIUSTypes].
866
867 Registry Name: Radius Attribute Values
868 Reference: [RFC2865][RFC3575]
869
870 Sub-registry: Values for RADIUS Attribute 6, Service-Type
871 Reference: [RFC2865][RFC3575]
872
873 1 Login
874 2 Framed
875 3 Callback Login
876 4 Callback Framed
877 5 Outbound
878 6 Administrative
879 7 NAS Prompt
880 8 Authenticate Only
881 9 Callback NAS Prompt
882 10 Call Check
883 11 Callback Administrative
884 12 Voice [Chiba]
885 13 Fax [Chiba]
886 14 Modem Relay [Chiba]
887 15 IAPP-Register [IEEE 802.11f][Kerry]
888 16 IAPP-AP-Check [IEEE 802.11f][Kerry]
889 17 Authorize Only [RFC3576]
890
891 The following values are further qualified:
892
893 Login 1
894 The user should be connected to a host. The message MAY
895 include additional AVPs defined in sections 6.16 or 6.17.
896
897 Framed 2
898 A Framed Protocol, such as PPP or SLIP, should be started for
899 the User. The message MAY include additional AVPs defined in
900 section 6.10, or section 7 for tunneling services.
901
902 Callback Login 3
903 The user should be disconnected and called back, then connected
904 to a host. The message MAY include additional AVPs defined in
905 this section.
906
907 Callback Framed 4
908 The user should be disconnected and called back, and then a
909 Framed Protocol, such as PPP or SLIP, should be started for the
910 User. The message MAY include additional AVPs defined in
911 section 6.10, or in section 7 for tunneling services.
912
913 */
914 struct dict_object *type;
915 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Service-Type)" , NULL, NULL};
916 struct dict_enumval_data tvals[] = {
917 enumval_def_u32( 1, "Login"),
918 enumval_def_u32( 2, "Framed"),
919 enumval_def_u32( 3, "Callback Login"),
920 enumval_def_u32( 4, "Callback Framed"),
921 enumval_def_u32( 5, "Outbound"),
922 enumval_def_u32( 6, "Administrative"),
923 enumval_def_u32( 7, "NAS Prompt"),
924 enumval_def_u32( 8, "Authenticate Only"),
925 enumval_def_u32( 9, "Callback NAS Prompt"),
926 enumval_def_u32(10, "Call Check"),
927 enumval_def_u32(11, "Callback Administrative"),
928 enumval_def_u32(12, "Voice [Chiba]"),
929 enumval_def_u32(13, "Fax [Chiba]"),
930 enumval_def_u32(14, "Modem Relay [Chiba]"),
931 enumval_def_u32(15, "IAPP-Register [IEEE 802.11f][Kerry]"),
932 enumval_def_u32(16, "IAPP-AP-Check [IEEE 802.11f][Kerry]"),
933 enumval_def_u32(17, "Authorize Only [RFC3576]")
934 };
935 struct dict_avp_data data = {
936 6, /* Code */
937 0, /* Vendor */
938 "Service-Type", /* Name */
939 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
940 AVP_FLAG_MANDATORY, /* Fixed flag values */
941 AVP_TYPE_UNSIGNED32 /* base type of data */
942 };
943 int i;
944 /* Create the Enumerated type, enumerated values, and the AVP */
945 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
946 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
947 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
948 }
949 CHECK_dict_new( DICT_AVP, &data , type, NULL);
950 }
951
952 /* Callback-Number */
953 {
954 /*
955 The Callback-Number AVP (AVP Code 19) is of type UTF8String and
956 contains a dialing string to be used for callback. It MAY be used in
957 an authentication and/or authorization request as a hint to the
958 server that a Callback service is desired, but the server is not
959 required to honor the hint in the corresponding response.
960 */
961 struct dict_avp_data data = {
962 19, /* Code */
963 0, /* Vendor */
964 "Callback-Number", /* Name */
965 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
966 AVP_FLAG_MANDATORY, /* Fixed flag values */
967 AVP_TYPE_OCTETSTRING /* base type of data */
968 };
969 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
970 }
971
972 /* Callback-Id */
973 {
974 /*
975 The Callback-Id AVP (AVP Code 20) is of type UTF8String and contains
976 the name of a place to be called, to be interpreted by the NAS. This
977 AVP MAY be present in an authentication and/or authorization
978 response.
979
980 This AVP is not roaming-friendly as it assumes that the Callback-Id
981 is configured on the NAS. Using the Callback-Number AVP therefore
982 preferable.
983 */
984 struct dict_avp_data data = {
985 20, /* Code */
986 0, /* Vendor */
987 "Callback-Id", /* Name */
988 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
989 AVP_FLAG_MANDATORY, /* Fixed flag values */
990 AVP_TYPE_OCTETSTRING /* base type of data */
991 };
992 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
993 }
994
995 /* Idle-Timeout */
996 {
997 /*
998 The Idle-Timeout AVP (AVP Code 28) is of type Unsigned32 and sets the
999 maximum number of consecutive seconds of idle connection allowable to
1000 the user before termination of the session or before a prompt is
1001 issued. The default is none, or system specific.
1002 */
1003 struct dict_avp_data data = {
1004 28, /* Code */
1005 0, /* Vendor */
1006 "Idle-Timeout", /* Name */
1007 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1008 AVP_FLAG_MANDATORY, /* Fixed flag values */
1009 AVP_TYPE_UNSIGNED32 /* base type of data */
1010 };
1011 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1012 }
1013
1014 /* Port-Limit */
1015 {
1016 /*
1017 The Port-Limit AVP (AVP Code 62) is of type Unsigned32 and sets the
1018 maximum number of ports the NAS provides to the user. It MAY be used
1019 in an authentication and/or authorization request as a hint to the
1020 server that multilink PPP [PPPMP] service is desired, but the server
1021 is not required to honor the hint in the corresponding response.
1022 */
1023 struct dict_avp_data data = {
1024 62, /* Code */
1025 0, /* Vendor */
1026 "Port-Limit", /* Name */
1027 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1028 AVP_FLAG_MANDATORY, /* Fixed flag values */
1029 AVP_TYPE_UNSIGNED32 /* base type of data */
1030 };
1031 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1032 }
1033
1034 /* NAS-Filter-Rule */
1035 {
1036 /*
1037 The NAS-Filter-Rule AVP (AVP Code 400) is of type IPFilterRule and
1038 provides filter rules that need to be configured on the NAS for the
1039 user. One or more of these AVPs MAY be present in an authorization
1040 response.
1041 */
1042 struct dict_avp_data data = {
1043 400, /* Code */
1044 0, /* Vendor */
1045 "NAS-Filter-Rule", /* Name */
1046 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1047 AVP_FLAG_MANDATORY, /* Fixed flag values */
1048 AVP_TYPE_OCTETSTRING /* base type of data */
1049 };
1050 CHECK_dict_new( DICT_AVP, &data , IPFilterRule_type, NULL);
1051 }
1052
1053 /* Filter-Id */
1054 {
1055 /*
1056 The Filter-Id AVP (AVP Code 11) is of type UTF8String and contains
1057 the name of the filter list for this user. Zero or more Filter-Id
1058 AVPs MAY be sent in an authorization answer.
1059
1060 Identifying a filter list by name allows the filter to be used on
1061 different NASes without regard to filter-list implementation details.
1062 However, this AVP is not roaming friendly, as filter naming differs
1063 from one service provider to another.
1064
1065 In non-RADIUS environments, it is RECOMMENDED that the NAS-Filter-
1066 Rule AVP be used instead.
1067 */
1068 struct dict_avp_data data = {
1069 11, /* Code */
1070 0, /* Vendor */
1071 "Filter-Id", /* Name */
1072 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1073 AVP_FLAG_MANDATORY, /* Fixed flag values */
1074 AVP_TYPE_OCTETSTRING /* base type of data */
1075 };
1076 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1077 }
1078
1079 /* Configuration-Token */
1080 {
1081 /*
1082 The Configuration-Token AVP (AVP Code 78) is of type OctetString and
1083 is sent by a Diameter Server to a Diameter Proxy Agent or Translation
1084 Agent in an AA-Answer command to indicate a type of user profile to
1085 be used. It should not be sent to a Diameter Client (NAS).
1086
1087 The format of the Data field of this AVP is site specific.
1088 */
1089 struct dict_avp_data data = {
1090 78, /* Code */
1091 0, /* Vendor */
1092 "Configuration-Token", /* Name */
1093 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1094 AVP_FLAG_MANDATORY, /* Fixed flag values */
1095 AVP_TYPE_OCTETSTRING /* base type of data */
1096 };
1097 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1098 }
1099
1100 /* QoS-Filter-Rule */
1101 {
1102 /*
1103 The QoS-Filter-Rule AVP (AVP Code 407) is of type QoSFilterRule and
1104 provides QoS filter rules that need to be configured on the NAS for
1105 the user. One or more such AVPs MAY be present in an authorization
1106 response.
1107 */
1108 struct dict_avp_data data = {
1109 407, /* Code */
1110 0, /* Vendor */
1111 "QoS-Filter-Rule", /* Name */
1112 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1113 AVP_FLAG_MANDATORY, /* Fixed flag values */
1114 AVP_TYPE_OCTETSTRING /* base type of data */
1115 };
1116 CHECK_dict_new( DICT_AVP, &data , QoSFilterRule_type, NULL);
1117 }
1118
1119 /*** Framed Access Authorization AVPs ***/
1120
1121 /* Framed-Protocol */
1122 {
1123 /*
1124 The Framed-Protocol AVP (AVP Code 7) is of type Enumerated and
1125 contains the framing to be used for framed access. This AVP MAY be
1126 present in both requests and responses. The supported values are
1127 listed in [RADIUSTypes].
1128
1129 Sub-registry: Values for RADIUS Attribute 7, Framed-Protocol
1130 Reference: [RFC2865]
1131 */
1132 struct dict_object *type;
1133 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Protocol)" , NULL, NULL};
1134 struct dict_enumval_data tvals[] = {
1135 enumval_def_u32( 1, "PPP"),
1136 enumval_def_u32( 2, "SLIP"),
1137 enumval_def_u32( 3, "AppleTalk Remote Access Protocol (ARAP)"),
1138 enumval_def_u32( 4, "Gandalf proprietary SingleLink/MultiLink protocol"),
1139 enumval_def_u32( 5, "Xylogics proprietary IPX/SLIP"),
1140 enumval_def_u32( 6, "X.75 Synchronous"),
1141 enumval_def_u32( 7, "GPRS PDP Context [Moore]")
1142 };
1143 struct dict_avp_data data = {
1144 7, /* Code */
1145 0, /* Vendor */
1146 "Framed-Protocol", /* Name */
1147 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1148 AVP_FLAG_MANDATORY, /* Fixed flag values */
1149 AVP_TYPE_UNSIGNED32 /* base type of data */
1150 };
1151 int i;
1152 /* Create the Enumerated type, enumerated values, and the AVP */
1153 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1154 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1155 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1156 }
1157 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1158 }
1159
1160 /* Framed-Routing */
1161 {
1162 /*
1163 The Framed-Routing AVP (AVP Code 10) is of type Enumerated and
1164 contains the routing method for the user when the user is a router to
1165 a network. This AVP SHOULD only be present in authorization
1166 responses. The supported values are listed in [RADIUSTypes].
1167
1168 Sub-registry: Values for RADIUS Attribute 10, Framed-Routing
1169 Reference: [RFC2865]
1170 */
1171 struct dict_object *type;
1172 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Routing)" , NULL, NULL};
1173 struct dict_enumval_data tvals[] = {
1174 enumval_def_u32( 0, "None"),
1175 enumval_def_u32( 1, "Send routing packets"),
1176 enumval_def_u32( 2, "Listen for routing packets"),
1177 enumval_def_u32( 3, "Send and Listen")
1178 };
1179 struct dict_avp_data data = {
1180 10, /* Code */
1181 0, /* Vendor */
1182 "Framed-Routing", /* Name */
1183 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1184 AVP_FLAG_MANDATORY, /* Fixed flag values */
1185 AVP_TYPE_UNSIGNED32 /* base type of data */
1186 };
1187 int i;
1188 /* Create the Enumerated type, enumerated values, and the AVP */
1189 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1190 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1191 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1192 }
1193 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1194 }
1195
1196 /* Framed-MTU */
1197 {
1198 /*
1199 The Framed-MTU AVP (AVP Code 12) is of type Unsigned32 and contains
1200 the Maximum Transmission Unit to be configured for the user, when it
1201 is not negotiated by some other means (such as PPP). This AVP SHOULD
1202 only be present in authorization responses. The MTU value MUST be in
1203 the range from 64 to 65535.
1204 */
1205 struct dict_avp_data data = {
1206 12, /* Code */
1207 0, /* Vendor */
1208 "Framed-MTU", /* Name */
1209 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1210 AVP_FLAG_MANDATORY, /* Fixed flag values */
1211 AVP_TYPE_UNSIGNED32 /* base type of data */
1212 };
1213 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1214 }
1215
1216 /* Framed-Compression */
1217 {
1218 /*
1219 The Framed-Compression AVP (AVP Code 13) is of type Enumerated and
1220 contains the compression protocol to be used for the link. It MAY be
1221 used in an authorization request as a hint to the server that a
1222 specific compression type is desired, but the server is not required
1223 to honor the hint in the corresponding response.
1224
1225 More than one compression protocol AVP MAY be sent. The NAS is
1226 responsible for applying the proper compression protocol to the
1227 appropriate link traffic.
1228
1229 The supported values are listed in [RADIUSTypes].
1230 Sub-registry: Values for RADIUS Attribute 13, Framed-Compression
1231 Reference: [RFC2865]
1232 */
1233 struct dict_object *type;
1234 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Compression)" , NULL, NULL};
1235 struct dict_enumval_data tvals[] = {
1236 enumval_def_u32( 0, "None"),
1237 enumval_def_u32( 1, "VJ TCP/IP header compression"),
1238 enumval_def_u32( 2, "IPX header compression"),
1239 enumval_def_u32( 3, "Stac-LZS compression")
1240 };
1241 struct dict_avp_data data = {
1242 13, /* Code */
1243 0, /* Vendor */
1244 "Framed-Compression", /* Name */
1245 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1246 AVP_FLAG_MANDATORY, /* Fixed flag values */
1247 AVP_TYPE_UNSIGNED32 /* base type of data */
1248 };
1249 int i;
1250 /* Create the Enumerated type, enumerated values, and the AVP */
1251 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1252 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1253 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1254 }
1255 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1256 }
1257
1258 /*** IP Access Authorization AVPs ***/
1259
1260 /* Framed-IP-Address */
1261 {
1262 /*
1263 The Framed-IP-Address AVP (AVP Code 8) [RADIUS] is of type
1264 OctetString and contains an IPv4 address of the type specified in the
1265 attribute value to be configured for the user. It MAY be used in an
1266 authorization request as a hint to the server that a specific address
1267 is desired, but the server is not required to honor the hint in the
1268 corresponding response.
1269
1270 Two values have special significance: 0xFFFFFFFF and 0xFFFFFFFE. The
1271 value 0xFFFFFFFF indicates that the NAS should allow the user to
1272 select an address (i.e., negotiated). The value 0xFFFFFFFE indicates
1273 that the NAS should select an address for the user (e.g., assigned
1274 from a pool of addresses kept by the NAS).
1275 */
1276 struct dict_avp_data data = {
1277 8, /* Code */
1278 0, /* Vendor */
1279 "Framed-IP-Address", /* Name */
1280 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1281 AVP_FLAG_MANDATORY, /* Fixed flag values */
1282 AVP_TYPE_OCTETSTRING /* base type of data */
1283 };
1284 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1285 }
1286
1287 /* Framed-IP-Netmask */
1288 {
1289 /*
1290 The Framed-IP-Netmask AVP (AVP Code 9) is of type OctetString and
1291 contains the four octets of the IPv4 netmask to be configured for the
1292 user when the user is a router to a network. It MAY be used in an
1293 authorization request as a hint to the server that a specific netmask
1294 is desired, but the server is not required to honor the hint in the
1295 corresponding response. This AVP MUST be present in a response if
1296 the request included this AVP with a value of 0xFFFFFFFF.
1297 */
1298 struct dict_avp_data data = {
1299 9, /* Code */
1300 0, /* Vendor */
1301 "Framed-IP-Netmask", /* Name */
1302 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1303 AVP_FLAG_MANDATORY, /* Fixed flag values */
1304 AVP_TYPE_OCTETSTRING /* base type of data */
1305 };
1306 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1307 }
1308
1309 /* Framed-Route */
1310 {
1311 /*
1312 The Framed-Route AVP (AVP Code 22) is of type UTF8String and contains
1313 the ASCII routing information to be configured for the user on the
1314 NAS. Zero or more of these AVPs MAY be present in an authorization
1315 response.
1316
1317 The string MUST contain a destination prefix in dotted quad form
1318 optionally followed by a slash and a decimal length specifier stating
1319 how many high-order bits of the prefix should be used. This is
1320 followed by a space, a gateway address in dotted quad form, a space,
1321 and one or more metrics separated by spaces; for example,
1322
1323 "192.168.1.0/24 192.168.1.1 1".
1324
1325 The length specifier may be omitted, in which case it should default
1326 to 8 bits for class A prefixes, to 16 bits for class B prefixes, and
1327 to 24 bits for class C prefixes; for example,
1328
1329 "192.168.1.0 192.168.1.1 1".
1330
1331 Whenever the gateway address is specified as "0.0.0.0" the IP address
1332 of the user SHOULD be used as the gateway address.
1333 */
1334 struct dict_avp_data data = {
1335 22, /* Code */
1336 0, /* Vendor */
1337 "Framed-Route", /* Name */
1338 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1339 AVP_FLAG_MANDATORY, /* Fixed flag values */
1340 AVP_TYPE_OCTETSTRING /* base type of data */
1341 };
1342 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1343 }
1344
1345 /* Framed-Pool */
1346 {
1347 /*
1348 The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains
1349 the name of an assigned address pool that SHOULD be used to assign an
1350 address for the user. If a NAS does not support multiple address
1351 pools, the NAS SHOULD ignore this AVP. Address pools are usually
1352 used for IP addresses but can be used for other protocols if the NAS
1353 supports pools for those protocols.
1354
1355 Although specified as type OctetString for compatibility with RADIUS
1356 [RADIUSExt], the encoding of the Data field SHOULD also conform to
1357 the rules for the UTF8String Data Format.
1358 */
1359 struct dict_avp_data data = {
1360 88, /* Code */
1361 0, /* Vendor */
1362 "Framed-Pool", /* Name */
1363 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1364 AVP_FLAG_MANDATORY, /* Fixed flag values */
1365 AVP_TYPE_OCTETSTRING /* base type of data */
1366 };
1367 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1368 }
1369
1370 /* Framed-Interface-Id */
1371 {
1372 /*
1373 The Framed-Interface-Id AVP (AVP Code 96) is of type Unsigned64 and
1374 contains the IPv6 interface identifier to be configured for the user.
1375 It MAY be used in authorization requests as a hint to the server that
1376 a specific interface id is desired, but the server is not required to
1377 honor the hint in the corresponding response.
1378 */
1379 struct dict_avp_data data = {
1380 96, /* Code */
1381 0, /* Vendor */
1382 "Framed-Interface-Id", /* Name */
1383 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1384 AVP_FLAG_MANDATORY, /* Fixed flag values */
1385 AVP_TYPE_UNSIGNED64 /* base type of data */
1386 };
1387 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1388 }
1389
1390 /* Framed-IPv6-Prefix */
1391 {
1392 /*
1393 The Framed-IPv6-Prefix AVP (AVP Code 97) is of type OctetString and
1394 contains the IPv6 prefix to be configured for the user. One or more
1395 AVPs MAY be used in authorization requests as a hint to the server
1396 that specific IPv6 prefixes are desired, but the server is not
1397 required to honor the hint in the corresponding response.
1398 */
1399 struct dict_avp_data data = {
1400 97, /* Code */
1401 0, /* Vendor */
1402 "Framed-IPv6-Prefix", /* Name */
1403 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1404 AVP_FLAG_MANDATORY, /* Fixed flag values */
1405 AVP_TYPE_OCTETSTRING /* base type of data */
1406 };
1407 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1408 }
1409
1410 /* Framed-IPv6-Route */
1411 {
1412 /*
1413 The Framed-IPv6-Route AVP (AVP Code 99) is of type UTF8String and
1414 contains the ASCII routing information to be configured for the user
1415 on the NAS. Zero or more of these AVPs MAY be present in an
1416 authorization response.
1417
1418 The string MUST contain an IPv6 address prefix followed by a slash
1419 and a decimal length specifier stating how many high order bits of
1420 the prefix should be used. This is followed by a space, a gateway
1421 address in hexadecimal notation, a space, and one or more metrics
1422 separated by spaces; for example,
1423
1424 "2000:0:0:106::/64 2000::106:a00:20ff:fe99:a998 1".
1425
1426 Whenever the gateway address is the IPv6 unspecified address, the IP
1427 address of the user SHOULD be used as the gateway address, such as
1428 in:
1429
1430 "2000:0:0:106::/64 :: 1".
1431 */
1432 struct dict_avp_data data = {
1433 99, /* Code */
1434 0, /* Vendor */
1435 "Framed-IPv6-Route", /* Name */
1436 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1437 AVP_FLAG_MANDATORY, /* Fixed flag values */
1438 AVP_TYPE_OCTETSTRING /* base type of data */
1439 };
1440 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1441 }
1442
1443 /* Framed-IPv6-Pool */
1444 {
1445 /*
1446 The Framed-IPv6-Pool AVP (AVP Code 100) is of type OctetString and
1447 contains the name of an assigned pool that SHOULD be used to assign
1448 an IPv6 prefix for the user. If the access device does not support
1449 multiple prefix pools, it MUST ignore this AVP.
1450
1451 Although specified as type OctetString for compatibility with RADIUS
1452 [RADIUSIPv6], the encoding of the Data field SHOULD also conform to
1453 the rules for the UTF8String Data Format.
1454 */
1455 struct dict_avp_data data = {
1456 100, /* Code */
1457 0, /* Vendor */
1458 "Framed-IPv6-Pool", /* Name */
1459 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1460 AVP_FLAG_MANDATORY, /* Fixed flag values */
1461 AVP_TYPE_OCTETSTRING /* base type of data */
1462 };
1463 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1464 }
1465
1466 /*** IPX Access ***/
1467
1468 /* Framed-IPX-Network */
1469 {
1470 /*
1471 The Framed-IPX-Network AVP (AVP Code 23) is of type Unsigned32 and
1472 contains the IPX Network number to be configured for the user. It
1473 MAY be used in an authorization request as a hint to the server that
1474 a specific address is desired, but the server is not required to
1475 honor the hint in the corresponding response.
1476
1477 Two addresses have special significance: 0xFFFFFFFF and 0xFFFFFFFE.
1478 The value 0xFFFFFFFF indicates that the NAS should allow the user to
1479 select an address (i.e., Negotiated). The value 0xFFFFFFFE indicates
1480 that the NAS should select an address for the user (e.g., assign it
1481 from a pool of one or more IPX networks kept by the NAS).
1482 */
1483 struct dict_avp_data data = {
1484 23, /* Code */
1485 0, /* Vendor */
1486 "Framed-IPX-Network", /* Name */
1487 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1488 AVP_FLAG_MANDATORY, /* Fixed flag values */
1489 AVP_TYPE_UNSIGNED32 /* base type of data */
1490 };
1491 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1492 }
1493
1494 /*** AppleTalk Network Access ***/
1495
1496 /* Framed-AppleTalk-Link */
1497 {
1498 /*
1499 The Framed-AppleTalk-Link AVP (AVP Code 37) is of type Unsigned32 and
1500 contains the AppleTalk network number that should be used for the
1501 serial link to the user, which is another AppleTalk router. This AVP
1502 MUST only be present in an authorization response and is never used
1503 when the user is not another router.
1504
1505 Despite the size of the field, values range from 0 to 65,535. The
1506 special value of 0 indicates an unnumbered serial link. A value of 1
1507 to 65,535 means that the serial line between the NAS and the user
1508 should be assigned that value as an AppleTalk network number.
1509 */
1510 struct dict_avp_data data = {
1511 37, /* Code */
1512 0, /* Vendor */
1513 "Framed-AppleTalk-Link", /* Name */
1514 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1515 AVP_FLAG_MANDATORY, /* Fixed flag values */
1516 AVP_TYPE_UNSIGNED32 /* base type of data */
1517 };
1518 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1519 }
1520
1521 /* Framed-AppleTalk-Network */
1522 {
1523 /*
1524 The Framed-AppleTalk-Network AVP (AVP Code 38) is of type Unsigned32
1525 and contains the AppleTalk Network number that the NAS should probe
1526 to allocate an AppleTalk node for the user. This AVP MUST only be
1527 present in an authorization response and is never used when the user
1528 is not another router. Multiple instances of this AVP indicate that
1529 the NAS may probe, using any of the network numbers specified.
1530
1531 Despite the size of the field, values range from 0 to 65,535. The
1532 special value 0 indicates that the NAS should assign a network for
1533 the user, using its default cable range. A value between 1 and
1534 65,535 (inclusive) indicates to the AppleTalk Network that the NAS
1535 should probe to find an address for the user.
1536 */
1537 struct dict_avp_data data = {
1538 38, /* Code */
1539 0, /* Vendor */
1540 "Framed-AppleTalk-Network", /* Name */
1541 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1542 AVP_FLAG_MANDATORY, /* Fixed flag values */
1543 AVP_TYPE_UNSIGNED32 /* base type of data */
1544 };
1545 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1546 }
1547
1548 /* Framed-AppleTalk-Zone */
1549 {
1550 /*
1551 The Framed-AppleTalk-Zone AVP (AVP Code 39) is of type OctetString
1552 and contains the AppleTalk Default Zone to be used for this user.
1553 This AVP MUST only be present in an authorization response. Multiple
1554 instances of this AVP in the same message are not allowed.
1555
1556 The codification of this field's allowed range is outside the scope
1557 of this specification.
1558 */
1559 struct dict_avp_data data = {
1560 39, /* Code */
1561 0, /* Vendor */
1562 "Framed-AppleTalk-Zone", /* Name */
1563 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1564 AVP_FLAG_MANDATORY, /* Fixed flag values */
1565 AVP_TYPE_OCTETSTRING /* base type of data */
1566 };
1567 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1568 }
1569
1570 /*** AppleTalk Remote Access [RFC2869] ***/
1571
1572 /* ARAP-Features */
1573 {
1574 /*
1575 The ARAP-Features AVP (AVP Code 71) is of type OctetString and MAY be
1576 present in the AA-Accept message if the Framed-Protocol AVP is set to
1577 the value of ARAP. See [RADIUSExt] for more information about the
1578 format of this AVP.
1579 */
1580 struct dict_avp_data data = {
1581 71, /* Code */
1582 0, /* Vendor */
1583 "ARAP-Features", /* Name */
1584 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1585 AVP_FLAG_MANDATORY, /* Fixed flag values */
1586 AVP_TYPE_OCTETSTRING /* base type of data */
1587 };
1588 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1589 }
1590
1591 /* ARAP-Zone-Access */
1592 {
1593 /*
1594 The ARAP-Zone-Access AVP (AVP Code 72) is of type Enumerated and MAY
1595 be present in the AA-Accept message if the Framed-Protocol AVP is set
1596 to the value of ARAP.
1597
1598 The supported values are listed in [RADIUSTypes] and defined in
1599 [RADIUSExt].
1600 Sub-registry: Values for RADIUS Attribute 72, ARAP-Zone-Access
1601 Reference: [RFC2869]
1602 */
1603 struct dict_object *type;
1604 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(ARAP-Zone-Access)" , NULL, NULL};
1605 struct dict_enumval_data tvals[] = {
1606 enumval_def_u32( 1, "Only allow access to default zone [RFC2869]"),
1607 enumval_def_u32( 2, "Use zone filter inclusively [RFC2869]"),
1608 enumval_def_u32( 3, "Not used [RFC2869]"),
1609 enumval_def_u32( 4, "Use zone filter exclusively [RFC2869]")
1610 };
1611 struct dict_avp_data data = {
1612 72, /* Code */
1613 0, /* Vendor */
1614 "ARAP-Zone-Access", /* Name */
1615 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1616 AVP_FLAG_MANDATORY, /* Fixed flag values */
1617 AVP_TYPE_UNSIGNED32 /* base type of data */
1618 };
1619 int i;
1620 /* Create the Enumerated type, enumerated values, and the AVP */
1621 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1622 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1623 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1624 }
1625 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1626 }
1627
1628 /*** Non-Framed Access Authorization AVPs ***/
1629
1630 /* Login-IP-Host */
1631 {
1632 /*
1633 The Login-IP-Host AVP (AVP Code 14) [RADIUS] is of type OctetString
1634 and contains the IPv4 address of a host with which to connect the
1635 user when the Login-Service AVP is included. It MAY be used in an
1636 AA-Request command as a hint to the Diameter Server that a specific
1637 host is desired, but the Diameter Server is not required to honor the
1638 hint in the AA-Answer.
1639
1640 Two addresses have special significance: all ones and 0. The value
1641 of all ones indicates that the NAS SHOULD allow the user to select an
1642 address. The value 0 indicates that the NAS SHOULD select a host to
1643 connect the user to.
1644 */
1645 struct dict_object *type;
1646 uint32_t allzeros = 0;
1647 uint32_t allones = (uint32_t) -1;
1648 struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated(Login-IP-Host)" , NULL, NULL};
1649 struct dict_enumval_data tvals[] = {
1650 enumval_def_os( 4, &allzeros, "(0) NAS selects the host"),
1651 enumval_def_os( 4, &allones , "(1) User selects the address")
1652 };
1653 struct dict_avp_data data = {
1654 14, /* Code */
1655 0, /* Vendor */
1656 "Login-IP-Host", /* Name */
1657 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1658 AVP_FLAG_MANDATORY, /* Fixed flag values */
1659 AVP_TYPE_OCTETSTRING /* base type of data */
1660 };
1661 int i;
1662 /* Create the Enumerated type, enumerated values, and the AVP */
1663 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1664 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1665 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1666 }
1667 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1668 }
1669
1670 /* Login-IPv6-Host */
1671 {
1672 /*
1673 The Login-IPv6-Host AVP (AVP Code 98) [RADIUSIPv6] is of type
1674 OctetString and contains the IPv6 address of a host with which to
1675 connect the user when the Login-Service AVP is included. It MAY be
1676 used in an AA-Request command as a hint to the Diameter Server that a
1677 specific host is desired, but the Diameter Server is not required to
1678 honor the hint in the AA-Answer.
1679
1680 Two addresses have special significance:
1681
1682 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF and 0. The value
1683 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF indicates that the NAS SHOULD
1684 allow the user to select an address. The value 0 indicates that the
1685 NAS SHOULD select a host to connect the user to.
1686
1687 */
1688 struct dict_object *type;
1689 unsigned char allzeros[16];
1690 unsigned char allones[16];
1691 struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated(Login-IPv6-Host)" , NULL, NULL};
1692 struct dict_enumval_data tvals[] = {
1693 enumval_def_os( 16, &allzeros, "(0) NAS selects the host"),
1694 enumval_def_os( 16, &allones , "(1) User selects the address")
1695 };
1696 struct dict_avp_data data = {
1697 98, /* Code */
1698 0, /* Vendor */
1699 "Login-IPv6-Host", /* Name */
1700 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1701 AVP_FLAG_MANDATORY, /* Fixed flag values */
1702 AVP_TYPE_OCTETSTRING /* base type of data */
1703 };
1704 int i;
1705 memset(allzeros, 0, sizeof(allzeros));
1706 memset(allones, 0xff, sizeof(allones));
1707 /* Create the Enumerated type, enumerated values, and the AVP */
1708 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1709 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1710 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1711 }
1712 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1713 }
1714
1715 /* Login-Service */
1716 {
1717 /*
1718 The Login-Service AVP (AVP Code 15) is of type Enumerated and
1719 contains the service that should be used to connect the user to the
1720 login host. This AVP SHOULD only be present in authorization
1721 responses.
1722
1723 The supported values are listed in [RADIUSTypes].
1724 Sub-registry: Values for RADIUS Attribute 15, Login-Service
1725 Reference: [RFC2865]
1726 */
1727 struct dict_object *type;
1728 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Login-Service)" , NULL, NULL};
1729 struct dict_enumval_data tvals[] = {
1730 enumval_def_u32( 0, "Telnet"),
1731 enumval_def_u32( 1, "Rlogin"),
1732 enumval_def_u32( 2, "TCP Clear"),
1733 enumval_def_u32( 3, "PortMaster (proprietary)"),
1734 enumval_def_u32( 4, "LAT"),
1735 enumval_def_u32( 5, "X25-PAD"),
1736 enumval_def_u32( 6, "X25-T3POS"),
1737 enumval_def_u32( 8, "TCP Clear Quiet (suppresses any NAS-generated connect string)")
1738 };
1739 struct dict_avp_data data = {
1740 15, /* Code */
1741 0, /* Vendor */
1742 "Login-Service", /* Name */
1743 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1744 AVP_FLAG_MANDATORY, /* Fixed flag values */
1745 AVP_TYPE_UNSIGNED32 /* base type of data */
1746 };
1747 int i;
1748 /* Create the Enumerated type, enumerated values, and the AVP */
1749 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1750 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1751 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1752 }
1753 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1754 }
1755
1756 /*** TCP Services ***/
1757
1758 /* Login-TCP-Port */
1759 {
1760 /*
1761 The Login-TCP-Port AVP (AVP Code 16) is of type Unsigned32 and
1762 contains the TCP port with which the user is to be connected when the
1763 Login-Service AVP is also present. This AVP SHOULD only be present
1764 in authorization responses. The value MUST NOT be greater than
1765 65,535.
1766 */
1767 struct dict_avp_data data = {
1768 16, /* Code */
1769 0, /* Vendor */
1770 "Login-TCP-Port", /* Name */
1771 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1772 AVP_FLAG_MANDATORY, /* Fixed flag values */
1773 AVP_TYPE_UNSIGNED32 /* base type of data */
1774 };
1775 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1776 }
1777
1778 /*** LAT Services ***/
1779
1780 /* Login-LAT-Service */
1781 {
1782 /*
1783 The Login-LAT-Service AVP (AVP Code 34) is of type OctetString and
1784 contains the system with which the user is to be connected by LAT.
1785 It MAY be used in an authorization request as a hint to the server
1786 that a specific service is desired, but the server is not required to
1787 honor the hint in the corresponding response. This AVP MUST only be
1788 present in the response if the Login-Service AVP states that LAT is
1789 desired.
1790
1791 Administrators use this service attribute when dealing with clustered
1792 systems, such as a VAX or Alpha cluster. In these environments,
1793 several different time-sharing hosts share the same resources (disks,
1794 printers, etc.), and administrators often configure each host to
1795 offer access (service) to each of the shared resources. In this
1796 case, each host in the cluster advertises its services through LAT
1797 broadcasts.
1798
1799 Sophisticated users often know which service providers (machines) are
1800 faster and tend to use a node name when initiating a LAT connection.
1801 Some administrators want particular users to use certain machines as
1802 a primitive form of load balancing (although LAT knows how to do load
1803 balancing itself).
1804
1805 The String field contains the identity of the LAT service to use.
1806 The LAT Architecture allows this string to contain $ (dollar), -
1807 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase
1808 alphabetics, and the ISO Latin-1 character set extension [ISOLatin].
1809 All LAT string comparisons are case insensitive.
1810 */
1811 struct dict_avp_data data = {
1812 34, /* Code */
1813 0, /* Vendor */
1814 "Login-LAT-Service", /* Name */
1815 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1816 AVP_FLAG_MANDATORY, /* Fixed flag values */
1817 AVP_TYPE_OCTETSTRING /* base type of data */
1818 };
1819 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1820 }
1821
1822 /* Login-LAT-Node */
1823 {
1824 /*
1825 The Login-LAT-Node AVP (AVP Code 35) is of type OctetString and
1826 contains the Node with which the user is to be automatically
1827 connected by LAT. It MAY be used in an authorization request as a
1828 hint to the server that a specific LAT node is desired, but the
1829 server is not required to honor the hint in the corresponding
1830 response. This AVP MUST only be present in a response if the Login-
1831 Service-Type AVP is set to LAT.
1832
1833 The String field contains the identity of the LAT service to use.
1834 The LAT Architecture allows this string to contain $ (dollar), -
1835 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase
1836 alphabetics, and the ISO Latin-1 character set extension [ISOLatin].
1837 All LAT string comparisons are case insensitive.
1838 */
1839 struct dict_avp_data data = {
1840 35, /* Code */
1841 0, /* Vendor */
1842 "Login-LAT-Node", /* Name */
1843 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1844 AVP_FLAG_MANDATORY, /* Fixed flag values */
1845 AVP_TYPE_OCTETSTRING /* base type of data */
1846 };
1847 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1848 }
1849
1850 /* Login-LAT-Group */
1851 {
1852 /*
1853 The Login-LAT-Group AVP (AVP Code 36) is of type OctetString and
1854 contains a string identifying the LAT group codes this user is
1855 authorized to use. It MAY be used in an authorization request as a
1856 hint to the server that a specific group is desired, but the server
1857 is not required to honor the hint in the corresponding response.
1858 This AVP MUST only be present in a response if the Login-Service-Type
1859 AVP is set to LAT.
1860
1861 LAT supports 256 different group codes, which LAT uses as a form of
1862 access rights. LAT encodes the group codes as a 256-bit bitmap.
1863
1864 Administrators can assign one or more of the group code bits at the
1865 LAT service provider; it will only accept LAT connections that have
1866 these group codes set in the bitmap. The administrators assign a
1867 bitmap of authorized group codes to each user. LAT gets these from
1868 the operating system and uses them in its requests to the service
1869 providers.
1870
1871 The codification of the range of allowed usage of this field is
1872 outside the scope of this specification.
1873 */
1874 struct dict_avp_data data = {
1875 36, /* Code */
1876 0, /* Vendor */
1877 "Login-LAT-Group", /* Name */
1878 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1879 AVP_FLAG_MANDATORY, /* Fixed flag values */
1880 AVP_TYPE_OCTETSTRING /* base type of data */
1881 };
1882 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1883 }
1884
1885 /* Login-LAT-Port */
1886 {
1887 /*
1888 The Login-LAT-Port AVP (AVP Code 63) is of type OctetString and
1889 contains the Port with which the user is to be connected by LAT. It
1890 MAY be used in an authorization request as a hint to the server that
1891 a specific port is desired, but the server is not required to honor
1892 the hint in the corresponding response. This AVP MUST only be
1893 present in a response if the Login-Service-Type AVP is set to LAT.
1894
1895 The String field contains the identity of the LAT service to use.
1896 The LAT Architecture allows this string to contain $ (dollar), -
1897 (hyphen), . (period), _ (underscore), numerics, upper- and lower-case
1898 alphabetics, and the ISO Latin-1 character set extension [ISOLatin].
1899 All LAT string comparisons are case insensitive.
1900 */
1901 struct dict_avp_data data = {
1902 63, /* Code */
1903 0, /* Vendor */
1904 "Login-LAT-Port", /* Name */
1905 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1906 AVP_FLAG_MANDATORY, /* Fixed flag values */
1907 AVP_TYPE_OCTETSTRING /* base type of data */
1908 };
1909 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1910 }
1911
1912 /********************************
1913 * NAS Tunneling AVPs *
1914 ********************************/
1915 /* Tunnel-Type */
1916 {
1917 /*
1918 The Tunnel-Type AVP (AVP Code 64) is of type Enumerated and contains
1919 the tunneling protocol(s) to be used (in the case of a tunnel
1920 initiator) or in use (in the case of a tunnel terminator). It MAY be
1921 used in an authorization request as a hint to the server that a
1922 specific tunnel type is desired, but the server is not required to
1923 honor the hint in the corresponding response.
1924
1925 The Tunnel-Type AVP SHOULD also be included in Accounting-Request
1926 messages.
1927
1928 A tunnel initiator is not required to implement any of these tunnel
1929 types. If a tunnel initiator receives a response that contains only
1930 unknown or unsupported Tunnel-Types, the tunnel initiator MUST behave
1931 as though a response were received with the Result-Code indicating a
1932 failure.
1933
1934 The supported values are listed in [RADIUSTypes].
1935 Sub-registry: Values for RADIUS Attribute 64, Tunnel-Type
1936 Reference: [RFC2868]
1937 */
1938 struct dict_object *type;
1939 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Type)" , NULL, NULL};
1940 struct dict_enumval_data tvals[] = {
1941 enumval_def_u32( 1, "Point-to-Point Tunneling Protocol (PPTP) [RFC2868]"),
1942 enumval_def_u32( 2, "Layer Two Forwarding (L2F) [RFC2868]"),
1943 enumval_def_u32( 3, "Layer Two Tunneling Protocol (L2TP) [RFC2868]"),
1944 enumval_def_u32( 4, "Ascend Tunnel Management Protocol (ATMP) [RFC2868]"),
1945 enumval_def_u32( 5, "Virtual Tunneling Protocol (VTP) [RFC2868]"),
1946 enumval_def_u32( 6, "IP Authentication Header in the Tunnel-mode (AH) [RFC2868]"),
1947 enumval_def_u32( 7, "IP-in-IP Encapsulation (IP-IP) [RFC2868]"),
1948 enumval_def_u32( 8, "Minimal IP-in-IP Encapsulation (MIN-IP-IP) [RFC2868]"),
1949 enumval_def_u32( 9, "IP Encapsulating Security Payload in the Tunnel-mode (ESP) [RFC2868]"),
1950 enumval_def_u32(10, "Generic Route Encapsulation (GRE) [RFC2868]"),
1951 enumval_def_u32(11, "Bay Dial Virtual Services (DVS) [RFC2868]"),
1952 enumval_def_u32(12, "IP-in-IP Tunneling [RFC2868]"),
1953 enumval_def_u32(13, "Virtual LANs (VLAN) [RFC3580]")
1954 };
1955 struct dict_avp_data adata = {
1956 64, /* Code */
1957 0, /* Vendor */
1958 "Tunnel-Type", /* Name */
1959 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1960 AVP_FLAG_MANDATORY, /* Fixed flag values */
1961 AVP_TYPE_UNSIGNED32 /* base type of data */
1962 };
1963 int i;
1964 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1965 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1966 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
1967 }
1968 CHECK_dict_new( DICT_AVP, &adata , type, NULL);
1969 }
1970
1971 /* Tunnel-Medium-Type */
1972 {
1973 /*
1974 The Tunnel-Medium-Type AVP (AVP Code 65) is of type Enumerated and
1975 contains the transport medium to use when creating a tunnel for
1976 protocols (such as L2TP) that can operate over multiple transports.
1977 It MAY be used in an authorization request as a hint to the server
1978 that a specific medium is desired, but the server is not required to
1979 honor the hint in the corresponding response.
1980
1981 The supported values are listed in [RADIUSTypes].
1982 Sub-registry: Values for RADIUS Attribute 65, Tunnel-Medium-Type
1983 Reference: [RFC2868]
1984 */
1985 struct dict_object *type;
1986 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Medium-Type)" , NULL, NULL};
1987 struct dict_enumval_data tvals[] = {
1988 enumval_def_u32( 1, "IPv4 (IP version 4) [RFC2868]"),
1989 enumval_def_u32( 2, "IPv6 (IP version 6) [RFC2868]"),
1990 enumval_def_u32( 3, "NSAP [RFC2868]"),
1991 enumval_def_u32( 4, "HDLC (8-bit multidrop) [RFC2868]"),
1992 enumval_def_u32( 5, "BBN 1822 [RFC2868]"),
1993 enumval_def_u32( 6, "802 (includes all 802 media plus Ethernet \"canonical format\") [RFC2868]"),
1994 enumval_def_u32( 7, "E.163 (POTS) [RFC2868]"),
1995 enumval_def_u32( 8, "E.164 (SMDS, Frame Relay, ATM) [RFC2868]"),
1996 enumval_def_u32( 9, "F.69 (Telex) [RFC2868]"),
1997 enumval_def_u32(10, "X.121 (X.25, Frame Relay) [RFC2868]"),
1998 enumval_def_u32(11, "IPX [RFC2868]"),
1999 enumval_def_u32(12, "Appletalk [RFC2868]"),
2000 enumval_def_u32(13, "Decnet IV [RFC2868]"),
2001 enumval_def_u32(14, "Banyan Vines [RFC2868]"),
2002 enumval_def_u32(15, "E.164 with NSAP format subaddress [RFC2868]")
2003 };
2004 struct dict_avp_data adata = {
2005 65, /* Code */
2006 0, /* Vendor */
2007 "Tunnel-Medium-Type", /* Name */
2008 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2009 AVP_FLAG_MANDATORY, /* Fixed flag values */
2010 AVP_TYPE_UNSIGNED32 /* base type of data */
2011 };
2012 int i;
2013 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2014 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2015 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
2016 }
2017 CHECK_dict_new( DICT_AVP, &adata , type, NULL);
2018 }
2019
2020 /* Tunnel-Client-Endpoint */
2021 {
2022 /*
2023 The Tunnel-Client-Endpoint AVP (AVP Code 66) is of type UTF8String
2024 and contains the address of the initiator end of the tunnel. It MAY
2025 be used in an authorization request as a hint to the server that a
2026 specific endpoint is desired, but the server is not required to honor
2027 the hint in the corresponding response.
2028
2029 This AVP SHOULD be included in the corresponding Accounting-Request
2030 messages, in which case it indicates the address from which the
2031 tunnel was initiated. This AVP, along with the Tunnel-Server-
2032 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally
2033 unique means to identify a tunnel for accounting and auditing
2034 purposes.
2035
2036 If Tunnel-Medium-Type is IPv4 (1), then this string is either the
2037 fully qualified domain name (FQDN) of the tunnel client machine, or a
2038 "dotted-decimal" IP address. Implementations MUST support the
2039 dotted-decimal format and SHOULD support the FQDN format for IP
2040 addresses.
2041
2042 If Tunnel-Medium-Type is IPv6 (2), then this string is either the
2043 FQDN of the tunnel client machine, or a text representation of the
2044 address in either the preferred or alternate form [IPv6Addr].
2045 Conforming implementations MUST support the preferred form and SHOULD
2046 support both the alternate text form and the FQDN format for IPv6
2047 addresses.
2048
2049 If Tunnel-Medium-Type is neither IPv4 nor IPv6, then this string is a
2050 tag referring to configuration data local to the Diameter client that
2051 describes the interface or medium-specific client address to use.
2052 */
2053 struct dict_avp_data adata = {
2054 66, /* Code */
2055 0, /* Vendor */
2056 "Tunnel-Client-Endpoint", /* Name */
2057 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2058 AVP_FLAG_MANDATORY, /* Fixed flag values */
2059 AVP_TYPE_OCTETSTRING /* base type of data */
2060 };
2061 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL);
2062 }
2063
2064 /* Tunnel-Server-Endpoint */
2065 {
2066 /*
2067 The Tunnel-Server-Endpoint AVP (AVP Code 67) is of type UTF8String
2068 and contains the address of the server end of the tunnel. It MAY be
2069 used in an authorization request as a hint to the server that a
2070 specific endpoint is desired, but the server is not required to honor
2071 the hint in the corresponding response.
2072
2073 This AVP SHOULD be included in the corresponding Accounting-Request
2074 messages, in which case it indicates the address from which the
2075 tunnel was initiated. This AVP, along with the Tunnel-Client-
2076 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally
2077 unique means to identify a tunnel for accounting and auditing
2078 purposes.
2079
2080 If Tunnel-Medium-Type is IPv4 (1), then this string is either the
2081 fully qualified domain name (FQDN) of the tunnel server machine, or a
2082 "dotted-decimal" IP address. Implementations MUST support the
2083 dotted-decimal format and SHOULD support the FQDN format for IP
2084 addresses.
2085
2086 If Tunnel-Medium-Type is IPv6 (2), then this string is either the
2087 FQDN of the tunnel server machine, or a text representation of the
2088 address in either the preferred or alternate form [IPv6Addr].
2089 Implementations MUST support the preferred form and SHOULD support
2090 both the alternate text form and the FQDN format for IPv6 addresses.
2091
2092 If Tunnel-Medium-Type is not IPv4 or IPv6, this string is a tag
2093 referring to configuration data local to the Diameter client that
2094 describes the interface or medium-specific server address to use.
2095 */
2096 struct dict_avp_data adata = {
2097 67, /* Code */
2098 0, /* Vendor */
2099 "Tunnel-Server-Endpoint", /* Name */
2100 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2101 AVP_FLAG_MANDATORY, /* Fixed flag values */
2102 AVP_TYPE_OCTETSTRING /* base type of data */
2103 };
2104 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL);
2105 }
2106
2107 /* Tunnel-Password */
2108 {
2109 /*
2110 The Tunnel-Password AVP (AVP Code 69) is of type OctetString and may
2111 contain a password to be used to authenticate to a remote server.
2112 The Tunnel-Password AVP contains sensitive information. This value
2113 is not protected in the same manner as RADIUS [RADTunnels].
2114
2115 As required in [BASE], Diameter messages are encrypted by using IPsec
2116 or TLS. The Tunnel-Password AVP SHOULD NOT be used in untrusted
2117 proxy environments without encrypting it by using end-to-end security
2118 techniques, such as CMS Security [DiamCMS].
2119 */
2120 struct dict_avp_data adata = {
2121 69, /* Code */
2122 0, /* Vendor */
2123 "Tunnel-Password", /* Name */
2124 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2125 AVP_FLAG_MANDATORY, /* Fixed flag values */
2126 AVP_TYPE_OCTETSTRING /* base type of data */
2127 };
2128 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL);
2129 }
2130
2131 /* Tunnel-Private-Group-Id */
2132 {
2133 /*
2134 The Tunnel-Private-Group-Id AVP (AVP Code 81) is of type OctetString
2135 and contains the group Id for a particular tunneled session. The
2136 Tunnel-Private-Group-Id AVP MAY be included in an authorization
2137 request if the tunnel initiator can predetermine the group resulting
2138 from a particular connection. It SHOULD be included in the
2139 authorization response if this tunnel session is to be treated as
2140 belonging to a particular private group. Private groups may be used
2141 to associate a tunneled session with a particular group of users.
2142 For example, it MAY be used to facilitate routing of unregistered IP
2143 addresses through a particular interface. This AVP SHOULD be
2144 included in the Accounting-Request messages that pertain to the
2145 tunneled session.
2146 */
2147 struct dict_avp_data adata = {
2148 81, /* Code */
2149 0, /* Vendor */
2150 "Tunnel-Private-Group-Id", /* Name */
2151 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2152 AVP_FLAG_MANDATORY, /* Fixed flag values */
2153 AVP_TYPE_OCTETSTRING /* base type of data */
2154 };
2155 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL);
2156 }
2157
2158 /* Tunnel-Assignment-Id */
2159 {
2160 /*
2161 The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and
2162 is used to indicate to the tunnel initiator the particular tunnel to
2163 which a session is to be assigned. Some tunneling protocols, such as
2164 [PPTP] and [L2TP], allow for sessions between the same two tunnel
2165 endpoints to be multiplexed over the same tunnel and also for a given
2166 session to use its own dedicated tunnel. This attribute provides a
2167 mechanism for Diameter to inform the tunnel initiator (e.g., PAC,
2168 LAC) whether to assign the session to a multiplexed tunnel or to a
2169 separate tunnel. Furthermore, it allows for sessions sharing
2170 multiplexed tunnels to be assigned to different multiplexed tunnels.
2171
2172 A particular tunneling implementation may assign differing
2173 characteristics to particular tunnels. For example, different
2174 tunnels may be assigned different QoS parameters. Such tunnels may
2175 be used to carry either individual or multiple sessions. The
2176 Tunnel-Assignment-Id attribute thus allows the Diameter server to
2177 indicate that a particular session is to be assigned to a tunnel
2178 providing an appropriate level of service. It is expected that any
2179 QoS-related Diameter tunneling attributes defined in the future
2180 accompanying this one will be associated by the tunnel initiator with
2181 the Id given by this attribute. In the meantime, any semantic given
2182 to a particular Id string is a matter left to local configuration in
2183 the tunnel initiator.
2184
2185 The Tunnel-Assignment-Id AVP is of significance only to Diameter and
2186 the tunnel initiator. The Id it specifies is only intended to be of
2187 local use to Diameter and the tunnel initiator. The Id assigned by
2188 the tunnel initiator is not conveyed to the tunnel peer.
2189
2190 This attribute MAY be included in authorization responses. The
2191 tunnel initiator receiving this attribute MAY choose to ignore it and
2192 to assign the session to an arbitrary multiplexed or non-multiplexed
2193 tunnel between the desired endpoints. This AVP SHOULD also be
2194 included in the Accounting-Request messages pertaining to the
2195 tunneled session.
2196
2197 If a tunnel initiator supports the Tunnel-Assignment-Id AVP, then it
2198 should assign a session to a tunnel in the following manner:
2199
2200 - If this AVP is present and a tunnel exists between the
2201 specified endpoints with the specified Id, then the session
2202 should be assigned to that tunnel.
2203
2204 - If this AVP is present and no tunnel exists between the
2205 specified endpoints with the specified Id, then a new tunnel
2206 should be established for the session and the specified Id
2207 should be associated with the new tunnel.
2208
2209 - If this AVP is not present, then the session is assigned to an
2210 unnamed tunnel. If an unnamed tunnel does not yet exist
2211 between the specified endpoints, then it is established and
2212 used for this session and for subsequent ones established
2213 without the Tunnel-Assignment-Id attribute. A tunnel initiator
2214 MUST NOT assign a session for which a Tunnel-Assignment-Id AVP
2215 was not specified to a named tunnel (i.e., one that was
2216 initiated by a session specifying this AVP).
2217
2218 Note that the same Id may be used to name different tunnels if these
2219 tunnels are between different endpoints.
2220
2221 */
2222 struct dict_avp_data adata = {
2223 82, /* Code */
2224 0, /* Vendor */
2225 "Tunnel-Assignment-Id", /* Name */
2226 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2227 AVP_FLAG_MANDATORY, /* Fixed flag values */
2228 AVP_TYPE_OCTETSTRING /* base type of data */
2229 };
2230 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL);
2231 }
2232
2233 /* Tunnel-Preference */
2234 {
2235 /*
2236 The Tunnel-Preference AVP (AVP Code 83) is of type Unsigned32 and is
2237 used to identify the relative preference assigned to each tunnel when
2238 more than one set of tunneling AVPs is returned within separate
2239 Grouped-AVP AVPs. It MAY be used in an authorization request as a
2240 hint to the server that a specific preference is desired, but the
2241 server is not required to honor the hint in the corresponding
2242 response.
2243
2244 For example, suppose that AVPs describing two tunnels are returned by
2245 the server, one with a Tunnel-Type of PPTP and the other with a
2246 Tunnel-Type of L2TP. If the tunnel initiator supports only one of
2247 the Tunnel-Types returned, it will initiate a tunnel of that type.
2248 If, however, it supports both tunnel protocols, it SHOULD use the
2249 value of the Tunnel-Preference AVP to decide which tunnel should be
2250 started. The tunnel with the lowest numerical value in the Value
2251 field of this AVP SHOULD be given the highest preference. The values
2252 assigned to two or more instances of the Tunnel-Preference AVP within
2253 a given authorization response MAY be identical. In this case, the
2254 tunnel initiator SHOULD use locally configured metrics to decide
2255 which set of AVPs to use.
2256 */
2257 struct dict_avp_data adata = {
2258 83, /* Code */
2259 0, /* Vendor */
2260 "Tunnel-Preference", /* Name */
2261 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2262 AVP_FLAG_MANDATORY, /* Fixed flag values */
2263 AVP_TYPE_UNSIGNED32 /* base type of data */
2264 };
2265 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL);
2266 }
2267
2268 /* Tunnel-Client-Auth-Id */
2269 {
2270 /*
2271 The Tunnel-Client-Auth-Id AVP (AVP Code 90) is of type UTF8String and
2272 specifies the name used by the tunnel initiator during the
2273 authentication phase of tunnel establishment. It MAY be used in an
2274 authorization request as a hint to the server that a specific
2275 preference is desired, but the server is not required to honor the
2276 hint in the corresponding response. This AVP MUST be present in the
2277 authorization response if an authentication name other than the
2278 default is desired. This AVP SHOULD be included in the Accounting-
2279 Request messages pertaining to the tunneled session.
2280 */
2281 struct dict_avp_data adata = {
2282 90, /* Code */
2283 0, /* Vendor */
2284 "Tunnel-Client-Auth-Id", /* Name */
2285 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2286 AVP_FLAG_MANDATORY, /* Fixed flag values */
2287 AVP_TYPE_OCTETSTRING /* base type of data */
2288 };
2289 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL);
2290 }
2291
2292 /* Tunnel-Server-Auth-Id */
2293 {
2294 /*
2295 The Tunnel-Server-Auth-Id AVP (AVP Code 91) is of type UTF8String and
2296 specifies the name used by the tunnel terminator during the
2297 authentication phase of tunnel establishment. It MAY be used in an
2298 authorization request as a hint to the server that a specific
2299 preference is desired, but the server is not required to honor the
2300 hint in the corresponding response. This AVP MUST be present in the
2301 authorization response if an authentication name other than the
2302 default is desired. This AVP SHOULD be included in the Accounting-
2303 Request messages pertaining to the tunneled session.
2304 */
2305 struct dict_avp_data adata = {
2306 91, /* Code */
2307 0, /* Vendor */
2308 "Tunnel-Server-Auth-Id", /* Name */
2309 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2310 AVP_FLAG_MANDATORY, /* Fixed flag values */
2311 AVP_TYPE_OCTETSTRING /* base type of data */
2312 };
2313 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL);
2314 }
2315
2316 /* Tunneling */
2317 {
2318 /*
2319 The Tunneling AVP (AVP Code 401) is of type Grouped and contains the
2320 following AVPs, used to describe a compulsory tunnel service:
2321 [RADTunnels], [RADTunlAcct]. Its data field has the following ABNF
2322 grammar:
2323
2324 Tunneling ::= < AVP Header: 401 >
2325 { Tunnel-Type }
2326 { Tunnel-Medium-Type }
2327 { Tunnel-Client-Endpoint }
2328 { Tunnel-Server-Endpoint }
2329 [ Tunnel-Preference ]
2330 [ Tunnel-Client-Auth-Id ]
2331 [ Tunnel-Server-Auth-Id ]
2332 [ Tunnel-Assignment-Id ]
2333 [ Tunnel-Password ]
2334 [ Tunnel-Private-Group-Id ]
2335 */
2336 struct dict_object * avp;
2337 struct dict_avp_data data = {
2338 401, /* Code */
2339 0, /* Vendor */
2340 "Tunneling", /* Name */
2341 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2342 AVP_FLAG_MANDATORY, /* Fixed flag values */
2343 AVP_TYPE_GROUPED /* base type of data */
2344 };
2345 struct local_rules_definition rules[] =
2346 { { "Tunnel-Type", RULE_REQUIRED, -1, 1 }
2347 ,{ "Tunnel-Medium-Type", RULE_REQUIRED, -1, 1 }
2348 ,{ "Tunnel-Client-Endpoint", RULE_REQUIRED, -1, 1 }
2349 ,{ "Tunnel-Server-Endpoint", RULE_REQUIRED, -1, 1 }
2350 ,{ "Tunnel-Preference", RULE_OPTIONAL, -1, 1 }
2351 ,{ "Tunnel-Client-Auth-Id", RULE_OPTIONAL, -1, 1 }
2352 ,{ "Tunnel-Server-Auth-Id", RULE_OPTIONAL, -1, 1 }
2353 ,{ "Tunnel-Assignment-Id", RULE_OPTIONAL, -1, 1 }
2354 ,{ "Tunnel-Password", RULE_OPTIONAL, -1, 1 }
2355 ,{ "Tunnel-Private-Group-Id", RULE_OPTIONAL, -1, 1 }
2356 };
2357
2358 CHECK_dict_new( DICT_AVP, &data , NULL, &avp);
2359 PARSE_loc_rules( rules, avp );
2360 }
2361
2362 /********************************
2363 * NAS Accounting AVPs *
2364 ********************************/
2365 /* Accounting-Input-Octets */
2366 {
2367 /*
2368 The Accounting-Input-Octets AVP (AVP Code 363) is of type Unsigned64
2369 and contains the number of octets received from the user.
2370
2371 For NAS usage, this AVP indicates how many octets have been received
2372 from the port in the course of this session. It can only be present
2373 in ACR messages with an Accounting-Record-Type of INTERIM_RECORD or
2374 STOP_RECORD.
2375 */
2376 struct dict_avp_data data = {
2377 363, /* Code */
2378 0, /* Vendor */
2379 "Accounting-Input-Octets", /* Name */
2380 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2381 AVP_FLAG_MANDATORY, /* Fixed flag values */
2382 AVP_TYPE_UNSIGNED64 /* base type of data */
2383 };
2384 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2385 }
2386
2387 /* Accounting-Output-Octets */
2388 {
2389 /*
2390 The Accounting-Output-Octets AVP (AVP Code 364) is of type Unsigned64
2391 and contains the number of octets sent to the user.
2392
2393 For NAS usage, this AVP indicates how many octets have been sent to
2394 the port in the course of this session. It can only be present in
2395 ACR messages with an Accounting-Record-Type of INTERIM_RECORD or
2396 STOP_RECORD.
2397 */
2398 struct dict_avp_data data = {
2399 364, /* Code */
2400 0, /* Vendor */
2401 "Accounting-Output-Octets", /* Name */
2402 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2403 AVP_FLAG_MANDATORY, /* Fixed flag values */
2404 AVP_TYPE_UNSIGNED64 /* base type of data */
2405 };
2406 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2407 }
2408
2409 /* Accounting-Input-Packets */
2410 {
2411 /*
2412 The Accounting-Input-Packets (AVP Code 365) is of type Unsigned64 and
2413 contains the number of packets received from the user.
2414
2415 For NAS usage, this AVP indicates how many packets have been received
2416 from the port over the course of a session being provided to a Framed
2417 User. It can only be present in ACR messages with an Accounting-
2418 Record-Type of INTERIM_RECORD or STOP_RECORD.
2419 */
2420 struct dict_avp_data data = {
2421 365, /* Code */
2422 0, /* Vendor */
2423 "Accounting-Input-Packets", /* Name */
2424 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2425 AVP_FLAG_MANDATORY, /* Fixed flag values */
2426 AVP_TYPE_UNSIGNED64 /* base type of data */
2427 };
2428 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2429 }
2430
2431 /* Accounting-Output-Packets */
2432 {
2433 /*
2434 The Accounting-Output-Packets (AVP Code 366) is of type Unsigned64
2435 and contains the number of IP packets sent to the user.
2436
2437 For NAS usage, this AVP indicates how many packets have been sent to
2438 the port over the course of a session being provided to a Framed
2439 User. It can only be present in ACR messages with an Accounting-
2440 Record-Type of INTERIM_RECORD or STOP_RECORD.
2441 */
2442 struct dict_avp_data data = {
2443 366, /* Code */
2444 0, /* Vendor */
2445 "Accounting-Output-Packets", /* Name */
2446 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2447 AVP_FLAG_MANDATORY, /* Fixed flag values */
2448 AVP_TYPE_UNSIGNED64 /* base type of data */
2449 };
2450 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2451 }
2452
2453 /* Acct-Session-Time */
2454 {
2455 /*
2456 The Acct-Session-Time AVP (AVP Code 46) is of type Unsigned32 and
2457 indicates the length of the current session in seconds. It can only
2458 be present in ACR messages with an Accounting-Record-Type of
2459 INTERIM_RECORD or STOP_RECORD.
2460 */
2461 struct dict_avp_data data = {
2462 46, /* Code */
2463 0, /* Vendor */
2464 "Acct-Session-Time", /* Name */
2465 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2466 AVP_FLAG_MANDATORY, /* Fixed flag values */
2467 AVP_TYPE_UNSIGNED32 /* base type of data */
2468 };
2469 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2470 }
2471
2472 /* Acct-Authentic */
2473 {
2474 /*
2475 The Acct-Authentic AVP (AVP Code 45) is of type Enumerated and
2476 specifies how the user was authenticated. The supported values are
2477 listed in [RADIUSTypes].
2478 Sub-registry: Values for RADIUS Attribute 45, Acct-Authentic
2479 Reference: [RFC2866]
2480 */
2481 struct dict_object *type;
2482 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Acct-Authentic)" , NULL, NULL};
2483 struct dict_enumval_data tvals[] = {
2484 enumval_def_u32( 1, "RADIUS"),
2485 enumval_def_u32( 2, "Local"),
2486 enumval_def_u32( 3, "Remote"),
2487 enumval_def_u32( 4, "Diameter")
2488 };
2489 struct dict_avp_data data = {
2490 45, /* Code */
2491 0, /* Vendor */
2492 "Acct-Authentic", /* Name */
2493 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2494 AVP_FLAG_MANDATORY, /* Fixed flag values */
2495 AVP_TYPE_UNSIGNED32 /* base type of data */
2496 };
2497 int i;
2498 /* Create the Enumerated type, enumerated values, and the AVP */
2499 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2500 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2501 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
2502 }
2503 CHECK_dict_new( DICT_AVP, &data , type, NULL);
2504 }
2505
2506 /* Accounting-Auth-Method */
2507 {
2508 /*
2509 The Accounting-Auth-Method AVP (AVP Code 406) is of type Enumerated.
2510 A NAS MAY include this AVP in an Accounting-Request message to
2511 indicate the method used to authenticate the user. (Note that this
2512 is equivalent to the RADIUS MS-Acct-Auth-Type VSA attribute).
2513
2514 The following values are defined:
2515
2516 1 PAP
2517 2 CHAP
2518 3 MS-CHAP-1
2519 4 MS-CHAP-2
2520 5 EAP
2521 7 None
2522 */
2523 struct dict_object *type;
2524 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Accounting-Auth-Method)" , NULL, NULL};
2525 struct dict_enumval_data tvals[] = {
2526 enumval_def_u32( 1, "PAP"),
2527 enumval_def_u32( 2, "CHAP"),
2528 enumval_def_u32( 3, "MS-CHAP-1"),
2529 enumval_def_u32( 4, "MS-CHAP-2"),
2530 enumval_def_u32( 5, "EAP"),
2531 enumval_def_u32( 7, "None")
2532 };
2533 struct dict_avp_data data = {
2534 406, /* Code */
2535 0, /* Vendor */
2536 "Accounting-Auth-Method", /* Name */
2537 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2538 AVP_FLAG_MANDATORY, /* Fixed flag values */
2539 AVP_TYPE_UNSIGNED32 /* base type of data */
2540 };
2541 int i;
2542 /* Create the Enumerated type, enumerated values, and the AVP */
2543 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2544 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2545 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
2546 }
2547 CHECK_dict_new( DICT_AVP, &data , type, NULL);
2548 }
2549
2550 /* Acct-Delay-Time */
2551 {
2552 /*
2553 The Acct-Delay-Time AVP (AVP Code 41) is of type Unsigned32 and
2554 indicates the number of seconds the Diameter client has been trying
2555 to send the Accounting-Request (ACR). The accounting server may
2556 subtract this value from the time when the ACR arrives at the server
2557 to calculate the approximate time of the event that caused the ACR to
2558 be generated.
2559
2560 This AVP is not used for retransmissions at the transport level (TCP
2561 or SCTP). Rather, it may be used when an ACR command cannot be
2562 transmitted because there is no appropriate peer to transmit it to or
2563 was rejected because it could not be delivered. In these cases, the
2564 command MAY be buffered and transmitted later, when an appropriate
2565 peer-connection is available or after sufficient time has passed that
2566 the destination-host may be reachable and operational. If the ACR is
2567 resent in this way, the Acct-Delay-Time AVP SHOULD be included. The
2568 value of this AVP indicates the number of seconds that elapsed
2569 between the time of the first attempt at transmission and the current
2570 attempt.
2571 */
2572 struct dict_avp_data data = {
2573 41, /* Code */
2574 0, /* Vendor */
2575 "Acct-Delay-Time", /* Name */
2576 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2577 AVP_FLAG_MANDATORY, /* Fixed flag values */
2578 AVP_TYPE_UNSIGNED32 /* base type of data */
2579 };
2580 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2581 }
2582
2583 /* Acct-Link-Count */
2584 {
2585 /*
2586 The Acct-Link-Count AVP (AVP Code 51) is of type Unsigned32 and
2587 indicates the total number of links that have been active (current or
2588 closed) in a given multilink session at the time the accounting
2589 record is generated. This AVP MAY be included in Accounting-Requests
2590 for any session that may be part of a multilink service.
2591
2592 The Acct-Link-Count AVP may be used to make it easier for an
2593 accounting server to know when it has all the records for a given
2594 multilink service. When the number of Accounting-Requests received
2595 with Accounting-Record-Type = STOP_RECORD and with the same Acct-
2596 Multi-Session-Id and unique Session-Ids equals the largest value of
2597 Acct-Link-Count seen in those Accounting-Requests, all STOP_RECORD
2598 Accounting-Requests for that multilink service have been received.
2599
2600 The following example, showing eight Accounting-Requests, illustrates
2601 how the Acct-Link-Count AVP is used. In the table below, only the
2602 relevant AVPs are shown, although additional AVPs containing
2603 accounting information will be present in the Accounting-Requests.
2604
2605 Acct-Multi- Accounting- Acct-
2606 Session-Id Session-Id Record-Type Link-Count
2607 --------------------------------------------------------
2608 "...10" "...10" START_RECORD 1
2609 "...10" "...11" START_RECORD 2
2610 "...10" "...11" STOP_RECORD 2
2611 "...10" "...12" START_RECORD 3
2612 "...10" "...13" START_RECORD 4
2613 "...10" "...12" STOP_RECORD 4
2614 "...10" "...13" STOP_RECORD 4
2615 "...10" "...10" STOP_RECORD 4
2616
2617 */
2618 struct dict_avp_data data = {
2619 51, /* Code */
2620 0, /* Vendor */
2621 "Acct-Link-Count", /* Name */
2622 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2623 AVP_FLAG_MANDATORY, /* Fixed flag values */
2624 AVP_TYPE_UNSIGNED32 /* base type of data */
2625 };
2626 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2627 }
2628
2629 /* Acct-Tunnel-Connection */
2630 {
2631 /*
2632 The Acct-Tunnel-Connection AVP (AVP Code 68) is of type OctetString
2633 and contains the identifier assigned to the tunnel session. This
2634 AVP, along with the Tunnel-Client-Endpoint and Tunnel-Server-Endpoint
2635 AVPs, may be used to provide a means to uniquely identify a tunnel
2636 session for auditing purposes.
2637
2638 The format of the identifier in this AVP depends upon the value of
2639 the Tunnel-Type AVP. For example, to identify an L2TP tunnel
2640 connection fully, the L2TP Tunnel Id and Call Id might be encoded in
2641 this field. The exact encoding of this field is implementation
2642 dependent.
2643 */
2644 struct dict_avp_data data = {
2645 68, /* Code */
2646 0, /* Vendor */
2647 "Acct-Tunnel-Connection", /* Name */
2648 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2649 AVP_FLAG_MANDATORY, /* Fixed flag values */
2650 AVP_TYPE_OCTETSTRING /* base type of data */
2651 };
2652 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2653 }
2654
2655 /* Acct-Tunnel-Packets-Lost */
2656 {
2657 /*
2658 The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32
2659 and contains the number of packets lost on a given link.
2660 */
2661 struct dict_avp_data data = {
2662 86, /* Code */
2663 0, /* Vendor */
2664 "Acct-Tunnel-Packets-Lost", /* Name */
2665 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2666 AVP_FLAG_MANDATORY, /* Fixed flag values */
2667 AVP_TYPE_UNSIGNED32 /* base type of data */
2668 };
2669 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2670 }
2671
2672 /***********************************
2673 * Compatibility with RADIUS AVPs *
2674 ***********************************/
2675 /* NAS-Identifier */
2676 {
2677 /*
2678 The NAS-Identifier AVP (AVP Code 32) [RADIUS] is of type UTF8String
2679 and contains the identity of the NAS providing service to the user.
2680 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent.
2681 When this AVP is present, the Origin-Host AVP identifies the NAS
2682 providing service to the user.
2683
2684 In RADIUS it would be possible for a rogue NAS to forge the NAS-
2685 Identifier attribute. Diameter/RADIUS translation agents SHOULD
2686 attempt to check a received NAS-Identifier attribute against the
2687 source address of the RADIUS packet, by doing an A/AAAA RR query. If
2688 the NAS-Identifier attribute contains an FQDN, then such a query
2689 would resolve to an IP address matching the source address. However,
2690 the NAS-Identifier attribute is not required to contain an FQDN, so
2691 such a query could fail. If it fails, an error should be logged, but
2692 no action should be taken, other than a reverse lookup on the source
2693 address and insert the resulting FQDN into the Route-Record AVP.
2694
2695 Diameter agents and servers SHOULD check whether a NAS-Identifier AVP
2696 corresponds to an entry in the Route-Record AVP. If no match is
2697 found, then an error is logged, but no other action is taken.
2698 */
2699 struct dict_avp_data data = {
2700 32, /* Code */
2701 0, /* Vendor */
2702 "NAS-Identifier", /* Name */
2703 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2704 AVP_FLAG_MANDATORY, /* Fixed flag values */
2705 AVP_TYPE_OCTETSTRING /* base type of data */
2706 };
2707 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
2708 }
2709
2710 /* NAS-IP-Address */
2711 {
2712 /*
2713 The NAS-IP-Address AVP (AVP Code 4) [RADIUS] is of type OctetString
2714 and contains the IP Address of the NAS providing service to the user.
2715 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent.
2716 When this AVP is present, the Origin-Host AVP identifies the NAS
2717 providing service to the user.
2718
2719 In RADIUS it would be possible for a rogue NAS to forge the NAS-IP-
2720 Address attribute value. Diameter/RADIUS translation agents MUST
2721 check a received NAS-IP-Address or NAS-IPv6-Address attribute against
2722 the source address of the RADIUS packet. If they do not match and
2723 the Diameter/RADIUS translation agent does not know whether the
2724 packet was sent by a RADIUS proxy or NAS (e.g., no Proxy-State
2725 attribute), then by default it is assumed that the source address
2726 corresponds to a RADIUS proxy, and that the NAS Address is behind
2727 that proxy, potentially with some additional RADIUS proxies in
2728 between. The Diameter/RADIUS translation agent MUST insert entries
2729 in the Route-Record AVP corresponding to the apparent route. This
2730 implies doing a reverse lookup on the source address and NAS-IP-
2731 Address or NAS-IPv6-Address attributes to determine the corresponding
2732 FQDNs.
2733
2734 If the source address and the NAS-IP-Address or NAS-IPv6-Address do
2735 not match, and the Diameter/RADIUS translation agent knows that it is
2736 talking directly to the NAS (e.g., there are no RADIUS proxies
2737 between it and the NAS), then the error should be logged, and the
2738 packet MUST be discarded.
2739
2740 Diameter agents and servers MUST check whether the NAS-IP-Address AVP
2741 corresponds to an entry in the Route-Record AVP. This is done by
2742 doing a reverse lookup (PTR RR) for the NAS-IP-Address to retrieve
2743 the corresponding FQDN, and by checking for a match with the Route-
2744 Record AVP. If no match is found, then an error is logged, but no
2745 other action is taken.
2746 */
2747 struct dict_avp_data data = {
2748 4, /* Code */
2749 0, /* Vendor */
2750 "NAS-IP-Address", /* Name */
2751 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2752 AVP_FLAG_MANDATORY, /* Fixed flag values */
2753 AVP_TYPE_OCTETSTRING /* base type of data */
2754 };
2755 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2756 }
2757
2758 /* NAS-IPv6-Address */
2759 {
2760 /*
2761 The NAS-IPv6-Address AVP (AVP Code 95) [RADIUSIPv6] is of type
2762 OctetString and contains the IPv6 Address of the NAS providing
2763 service to the user. This AVP SHOULD only be added by a
2764 RADIUS/Diameter Translation Agent. When this AVP is present, the
2765 Origin-Host AVP identifies the NAS providing service to the user.
2766
2767 In RADIUS it would be possible for a rogue NAS to forge the NAS-
2768 IPv6-Address attribute. Diameter/RADIUS translation agents MUST
2769 check a received NAS-IPv6-Address attribute against the source
2770 address of the RADIUS packet. If they do not match and the
2771 Diameter/RADIUS translation agent does not know whether the packet
2772 was sent by a RADIUS proxy or NAS (e.g., no Proxy-State attribute),
2773 then by default it is assumed that the source address corresponds to
2774 a RADIUS proxy, and that the NAS-IPv6-Address is behind that proxy,
2775 potentially with some additional RADIUS proxies in between. The
2776 Diameter/RADIUS translation agent MUST insert entries in the Route-
2777 Record AVP corresponding to the apparent route. This implies doing a
2778 reverse lookup on the source address and NAS-IPv6-Address attributes
2779 to determine the corresponding FQDNs.
2780
2781 If the source address and the NAS-IPv6-Address do not match, and the
2782 Diameter/RADIUS translation agent knows that it is talking directly
2783 to the NAS (e.g., there are no RADIUS proxies between it and the
2784 NAS), then the error should be logged, and the packet MUST be
2785 discarded.
2786
2787 Diameter agents and servers MUST check whether the NAS-IPv6-Address
2788 AVP corresponds to an entry in the Route-Record AVP. This is done by
2789 doing a reverse lookup (PTR RR) for the NAS-IPv6-Address to retrieve
2790 the corresponding FQDN, and by checking for a match with the Record-
2791 Route AVP. If no match is found, then an error is logged, but no
2792 other action is taken.
2793 */
2794 struct dict_avp_data data = {
2795 95, /* Code */
2796 0, /* Vendor */
2797 "NAS-IPv6-Address", /* Name */
2798 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2799 AVP_FLAG_MANDATORY, /* Fixed flag values */
2800 AVP_TYPE_OCTETSTRING /* base type of data */
2801 };
2802 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2803 }
2804
2805 /* State */
2806 {
2807 /*
2808 The State AVP (AVP Code 24) [RADIUS] is of type OctetString and has
2809 two uses in the Diameter NAS application.
2810
2811 The State AVP MAY be sent by a Diameter Server to a NAS in an AA-
2812 Response command that contains a Result-Code of
2813 DIAMETER_MULTI_ROUND_AUTH. If so, the NAS MUST return it unmodified
2814 in the subsequent AA-Request command.
2815
2816 The State AVP MAY also be sent by a Diameter Server to a NAS in an
2817 AA-Response command that also includes a Termination-Action AVP with
2818 the value of AA-REQUEST. If the NAS performs the Termination-Action
2819 by sending a new AA-Request command upon termination of the current
2820 service, it MUST return the State AVP unmodified in the new request
2821 command.
2822
2823 In either usage, the NAS MUST NOT interpret the AVP locally. Usage
2824 of the State AVP is implementation dependent.
2825 */
2826 struct dict_avp_data data = {
2827 24, /* Code */
2828 0, /* Vendor */
2829 "State", /* Name */
2830 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2831 AVP_FLAG_MANDATORY, /* Fixed flag values */
2832 AVP_TYPE_OCTETSTRING /* base type of data */
2833 };
2834 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2835 }
2836
2837 /* Termination-Cause mapping */
2838 {
2839
2840 struct dict_object *type;
2841 struct dict_enumval_data tvals[] = {
2842 enumval_def_u32(11, "[RADIUS] User Request"),
2843 enumval_def_u32(12, "[RADIUS] Lost Carrier"),
2844 enumval_def_u32(13, "[RADIUS] Lost Service"),
2845 enumval_def_u32(14, "[RADIUS] Idle Timeout"),
2846 enumval_def_u32(15, "[RADIUS] Session Timeout"),
2847 enumval_def_u32(16, "[RADIUS] Admin Reset"),
2848 enumval_def_u32(17, "[RADIUS] Admin Reboot"),
2849 enumval_def_u32(18, "[RADIUS] Port Error"),
2850 enumval_def_u32(19, "[RADIUS] NAS Error"),
2851 enumval_def_u32(20, "[RADIUS] NAS Request"),
2852 enumval_def_u32(21, "[RADIUS] NAS Reboot"),
2853 enumval_def_u32(22, "[RADIUS] Port Unneeded"),
2854 enumval_def_u32(23, "[RADIUS] Port Preempted"),
2855 enumval_def_u32(24, "[RADIUS] Port Suspended"),
2856 enumval_def_u32(25, "[RADIUS] Service Unavailable"),
2857 enumval_def_u32(26, "[RADIUS] Callback"),
2858 enumval_def_u32(27, "[RADIUS] User Error"),
2859 enumval_def_u32(28, "[RADIUS] Host Request"),
2860 enumval_def_u32(29, "[RADIUS] Supplicant Restart"),
2861 enumval_def_u32(30, "[RADIUS] Reauthentication Failure"),
2862 enumval_def_u32(31, "[RADIUS] Port Reinit"),
2863 enumval_def_u32(32, "[RADIUS] Port Disabled")
2864 };
2865 int i;
2866
2867 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Enumerated(Termination-Cause)", &type);
2868 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2869 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
2870 }
2871
2872 }
2873
2874 /* Origin-AAA-Protocol */
2875 {
2876 /*
2877 The Origin-AAA-Protocol AVP (AVP Code 408) is of the type Enumerated
2878 and should be inserted in a Diameter message translated by a gateway
2879 system from another AAA protocol, such as RADIUS. It identifies the
2880 source protocol of the message to the Diameter system receiving the
2881 message.
2882
2883 The supported values are:
2884
2885 1 RADIUS
2886 */
2887 struct dict_object *type;
2888 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Origin-AAA-Protocol)" , NULL, NULL};
2889 struct dict_enumval_data tvals[] = {
2890 enumval_def_u32( 1, "RADIUS")
2891 };
2892 struct dict_avp_data data = {
2893 408, /* Code */
2894 0, /* Vendor */
2895 "Origin-AAA-Protocol", /* Name */
2896 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2897 AVP_FLAG_MANDATORY, /* Fixed flag values */
2898 AVP_TYPE_UNSIGNED32 /* base type of data */
2899 };
2900 int i;
2901 /* Create the Enumerated type, enumerated values, and the AVP */
2902 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2903 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2904 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL);
2905 }
2906 CHECK_dict_new( DICT_AVP, &data , type, NULL);
2907 }
2908
2909 }
2910
2911 /********************/
2912 /* Commands section */
2913 /********************/
2914 {
2915 /* To avoid defining global variables for all the AVP that we use here, we do search the dictionary in each sub-block.
2916 * This is far from optimal, but the code is clearer like this, and the time it requires at execution is not noticeable.
2917 */
2918
2919 /* AA-Request (AAR) Command */
2920 {
2921 /*
2922 The AA-Request (AAR), which is indicated by setting the Command-Code
2923 field to 265 and the 'R' bit in the Command Flags field, is used to
2924 request authentication and/or authorization for a given NAS user.
2925 The type of request is identified through the Auth-Request-Type AVP
2926 [BASE]. The recommended value for most RADIUS interoperabily
2927 situations is AUTHORIZE_AUTHENTICATE.
2928
2929 If Authentication is requested, the User-Name attribute SHOULD be
2930 present, as well as any additional authentication AVPs that would
2931 carry the password information. A request for authorization SHOULD
2932 only include the information from which the authorization will be
2933 performed, such as the User-Name, Called-Station-Id, or Calling-
2934 Station-Id AVPs. All requests SHOULD contain AVPs uniquely
2935 identifying the source of the call, such as Origin-Host and NAS-Port.
2936 Certain networks MAY use different AVPs for authorization purposes.
2937 A request for authorization will include some AVPs defined in section
2938 6.
2939
2940 It is possible for a single session to be authorized first and then
2941 for an authentication request to follow.
2942
2943 This AA-Request message MAY be the result of a multi-round
2944 authentication exchange, which occurs when the AA-Answer message is
2945 received with the Result-Code AVP set to DIAMETER_MULTI_ROUND_AUTH.
2946 A subsequent AAR message SHOULD be sent, with the User-Password AVP
2947 that includes the user's response to the prompt, and MUST include any
2948 State AVPs that were present in the AAA message.
2949
2950 Message Format
2951 <AA-Request> ::= < Diameter Header: 265, REQ, PXY >
2952 < Session-Id >
2953 { Auth-Application-Id }
2954 { Origin-Host }
2955 { Origin-Realm }
2956 { Destination-Realm }
2957 { Auth-Request-Type }
2958 [ Destination-Host ]
2959 [ NAS-Identifier ]
2960 [ NAS-IP-Address ]
2961 [ NAS-IPv6-Address ]
2962 [ NAS-Port ]
2963 [ NAS-Port-Id ]
2964 [ NAS-Port-Type ]
2965 [ Origin-AAA-Protocol ]
2966 [ Origin-State-Id ]
2967 [ Port-Limit ]
2968 [ User-Name ]
2969 [ User-Password ]
2970 [ Service-Type ]
2971 [ State ]
2972 [ Authorization-Lifetime ]
2973 [ Auth-Grace-Period ]
2974 [ Auth-Session-State ]
2975 [ Callback-Number ]
2976 [ Called-Station-Id ]
2977 [ Calling-Station-Id ]
2978 [ Originating-Line-Info ]
2979 [ Connect-Info ]
2980 [ CHAP-Auth ]
2981 [ CHAP-Challenge ]
2982 * [ Framed-Compression ]
2983 [ Framed-Interface-Id ]
2984 [ Framed-IP-Address ]
2985 * [ Framed-IPv6-Prefix ]
2986 [ Framed-IP-Netmask ]
2987 [ Framed-MTU ]
2988 [ Framed-Protocol ]
2989 [ ARAP-Password ]
2990 [ ARAP-Security ]
2991 * [ ARAP-Security-Data ]
2992 * [ Login-IP-Host ]
2993 * [ Login-IPv6-Host ]
2994 [ Login-LAT-Group ]
2995 [ Login-LAT-Node ]
2996 [ Login-LAT-Port ]
2997 [ Login-LAT-Service ]
2998 * [ Tunneling ]
2999 * [ Proxy-Info ]
3000 * [ Route-Record ]
3001 * [ AVP ]
3002 */
3003 struct dict_object * cmd;
3004 struct dict_cmd_data data = {
3005 265, /* Code */
3006 "AA-Request", /* Name */
3007 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_RETRANSMIT | CMD_FLAG_ERROR, /* Fixed flags */
3008 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE /* Fixed flag values */
3009 };
3010 struct local_rules_definition rules[] =
3011 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 }
3012 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 }
3013 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 }
3014 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 }
3015 ,{ "Destination-Realm", RULE_REQUIRED, -1, 1 }
3016 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 }
3017 ,{ "Destination-Host", RULE_OPTIONAL, -1, 1 }
3018 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 }
3019 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 }
3020 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 }
3021 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 }
3022 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 }
3023 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 }
3024 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3025 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 }
3026 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 }
3027 ,{ "User-Name", RULE_OPTIONAL, -1, 1 }
3028 ,{ "User-Password", RULE_OPTIONAL, -1, 1 }
3029 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
3030 ,{ "State", RULE_OPTIONAL, -1, 1 }
3031 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 }
3032 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 }
3033 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 }
3034 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 }
3035 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 }
3036 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 }
3037 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 }
3038 ,{ "Connect-Info", RULE_OPTIONAL, -1, 1 }
3039 ,{ "CHAP-Auth", RULE_OPTIONAL, -1, 1 }
3040 ,{ "CHAP-Challenge", RULE_OPTIONAL, -1, 1 }
3041 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 }
3042 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 }
3043 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 }
3044 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 }
3045 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 }
3046 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 }
3047 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 }
3048 ,{ "ARAP-Password", RULE_OPTIONAL, -1, 1 }
3049 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1 }
3050 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1 }
3051 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 }
3052 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 }
3053 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 }
3054 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 }
3055 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 }
3056 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 }
3057 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 }
3058 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 }
3059 ,{ "Route-Record", RULE_OPTIONAL, -1,-1 }
3060 };
3061
3062 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd);
3063 PARSE_loc_rules( rules, cmd );
3064 }
3065
3066 /* AA-Answer (AAA) Command */
3067 {
3068 /*
3069 The AA-Answer (AAA) message is indicated by setting the Command-Code
3070 field to 265 and clearing the 'R' bit in the Command Flags field. It
3071 is sent in response to the AA-Request (AAR) message. If
3072 authorization was requested, a successful response will include the
3073 authorization AVPs appropriate for the service being provided, as
3074 defined in section 6.
3075
3076 For authentication exchanges requiring more than a single round trip,
3077 the server MUST set the Result-Code AVP to DIAMETER_MULTI_ROUND_AUTH.
3078 An AAA message with this result code MAY include one Reply-Message or
3079 more and MAY include zero or one State AVPs.
3080
3081 If the Reply-Message AVP was present, the network access server
3082 SHOULD send the text to the user's client to display to the user,
3083 instructing the client to prompt the user for a response. For
3084 example, this capability can be achieved in PPP via PAP. If the
3085 access client is unable to prompt the user for a new response, it
3086 MUST treat the AA-Answer (AAA) with the Reply-Message AVP as an error
3087 and deny access.
3088
3089 Message Format
3090
3091 <AA-Answer> ::= < Diameter Header: 265, PXY >
3092 < Session-Id >
3093 { Auth-Application-Id }
3094 { Auth-Request-Type }
3095 { Result-Code }
3096 { Origin-Host }
3097 { Origin-Realm }
3098 [ User-Name ]
3099 [ Service-Type ]
3100 * [ Class ]
3101 * [ Configuration-Token ]
3102 [ Acct-Interim-Interval ]
3103 [ Error-Message ]
3104 [ Error-Reporting-Host ]
3105 * [ Failed-AVP ]
3106 [ Idle-Timeout ]
3107 [ Authorization-Lifetime ]
3108 [ Auth-Grace-Period ]
3109 [ Auth-Session-State ]
3110 [ Re-Auth-Request-Type ]
3111 [ Multi-Round-Time-Out ]
3112 [ Session-Timeout ]
3113 [ State ]
3114 * [ Reply-Message ]
3115 [ Origin-AAA-Protocol ]
3116 [ Origin-State-Id ]
3117 * [ Filter-Id ]
3118 [ Password-Retry ]
3119 [ Port-Limit ]
3120 [ Prompt ]
3121 [ ARAP-Challenge-Response ]
3122 [ ARAP-Features ]
3123 [ ARAP-Security ]
3124 * [ ARAP-Security-Data ]
3125 [ ARAP-Zone-Access ]
3126 [ Callback-Id ]
3127 [ Callback-Number ]
3128 [ Framed-Appletalk-Link ]
3129 * [ Framed-Appletalk-Network ]
3130 [ Framed-Appletalk-Zone ]
3131 * [ Framed-Compression ]
3132 [ Framed-Interface-Id ]
3133 [ Framed-IP-Address ]
3134 * [ Framed-IPv6-Prefix ]
3135 [ Framed-IPv6-Pool ]
3136 * [ Framed-IPv6-Route ]
3137 [ Framed-IP-Netmask ]
3138 * [ Framed-Route ]
3139 [ Framed-Pool ]
3140 [ Framed-IPX-Network ]
3141 [ Framed-MTU ]
3142 [ Framed-Protocol ]
3143 [ Framed-Routing ]
3144 * [ Login-IP-Host ]
3145 * [ Login-IPv6-Host ]
3146 [ Login-LAT-Group ]
3147 [ Login-LAT-Node ]
3148 [ Login-LAT-Port ]
3149 [ Login-LAT-Service ]
3150 [ Login-Service ]
3151 [ Login-TCP-Port ]
3152 * [ NAS-Filter-Rule ]
3153 * [ QoS-Filter-Rule ]
3154 * [ Tunneling ]
3155 * [ Redirect-Host ]
3156 [ Redirect-Host-Usage ]
3157 [ Redirect-Max-Cache-Time ]
3158 * [ Proxy-Info ]
3159 * [ AVP ]
3160 */
3161 struct dict_object * cmd;
3162 struct dict_cmd_data data = {
3163 265, /* Code */
3164 "AA-Answer", /* Name */
3165 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE, /* Fixed flags */
3166 CMD_FLAG_PROXIABLE /* Fixed flag values */
3167 };
3168 struct local_rules_definition rules[] =
3169 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 }
3170 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 }
3171 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 }
3172 ,{ "Result-Code", RULE_REQUIRED, -1, 1 }
3173 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 }
3174 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 }
3175 ,{ "User-Name", RULE_OPTIONAL, -1, 1 }
3176 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
3177 ,{ "Class", RULE_OPTIONAL, -1,-1 }
3178 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1 }
3179 ,{ "Acct-Interim-Interval", RULE_OPTIONAL, -1, 1 }
3180 ,{ "Error-Message", RULE_OPTIONAL, -1, 1 }
3181 ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1 }
3182 ,{ "Failed-AVP", RULE_OPTIONAL, -1,-1 }
3183 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 }
3184 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 }
3185 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 }
3186 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 }
3187 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 }
3188 ,{ "Multi-Round-Time-Out", RULE_OPTIONAL, -1, 1 }
3189 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1 }
3190 ,{ "State", RULE_OPTIONAL, -1, 1 }
3191 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 }
3192 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3193 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 }
3194 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1 }
3195 ,{ "Password-Retry", RULE_OPTIONAL, -1, 1 }
3196 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 }
3197 ,{ "Prompt", RULE_OPTIONAL, -1, 1 }
3198 ,{ "ARAP-Challenge-Response", RULE_OPTIONAL, -1, 1 }
3199 ,{ "ARAP-Features", RULE_OPTIONAL, -1, 1 }
3200 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1 }
3201 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1 }
3202 ,{ "ARAP-Zone-Access", RULE_OPTIONAL, -1, 1 }
3203 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1 }
3204 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 }
3205 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1 }
3206 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1,-1 }
3207 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1 }
3208 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 }
3209 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1,-1 }
3210 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 }
3211 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 }
3212 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1 }
3213 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1 }
3214 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1,-1 }
3215 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1 }
3216 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1 }
3217 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1 }
3218 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 }
3219 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 }
3220 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1 }
3221 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 }
3222 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 }
3223 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 }
3224 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 }
3225 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 }
3226 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 }
3227 ,{ "Login-Service", RULE_OPTIONAL, -1, 1 }
3228 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1 }
3229 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1 }
3230 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1 }
3231 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 }
3232 ,{ "Redirect-Host", RULE_OPTIONAL, -1,-1 }
3233 ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1 }
3234 ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1 }
3235 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 }
3236 };
3237
3238 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd);
3239 PARSE_loc_rules( rules, cmd );
3240 }
3241
3242 /* Re-Auth-Request */
3243 {
3244 /*
3245 Add additional rules of the ABNF (compared to Base definition):
3246
3247 <RA-Request> ::= < Diameter Header: 258, REQ, PXY >
3248 < Session-Id >
3249 { Origin-Host }
3250 { Origin-Realm }
3251 { Destination-Realm }
3252 { Destination-Host }
3253 { Auth-Application-Id }
3254 { Re-Auth-Request-Type }
3255 [ User-Name ]
3256 [ Origin-AAA-Protocol ]
3257 [ Origin-State-Id ]
3258 [ NAS-Identifier ]
3259 [ NAS-IP-Address ]
3260 [ NAS-IPv6-Address ]
3261 [ NAS-Port ]
3262 [ NAS-Port-Id ]
3263 [ NAS-Port-Type ]
3264 [ Service-Type ]
3265 [ Framed-IP-Address ]
3266 [ Framed-IPv6-Prefix ]
3267 [ Framed-Interface-Id ]
3268 [ Called-Station-Id ]
3269 [ Calling-Station-Id ]
3270 [ Originating-Line-Info ]
3271 [ Acct-Session-Id ]
3272 [ Acct-Multi-Session-Id ]
3273 [ State ]
3274 * [ Class ]
3275 [ Reply-Message ]
3276 * [ Proxy-Info ]
3277 * [ Route-Record ]
3278 * [ AVP ]
3279 */
3280 struct dict_object * cmd;
3281 struct local_rules_definition rules[] =
3282 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3283 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 }
3284 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 }
3285 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 }
3286 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 }
3287 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 }
3288 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 }
3289 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
3290 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 }
3291 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1 }
3292 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 }
3293 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 }
3294 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 }
3295 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 }
3296 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1 }
3297 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1 }
3298 ,{ "State", RULE_OPTIONAL, -1, 1 }
3299 ,{ "Class", RULE_OPTIONAL, -1,-1 }
3300 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 }
3301 };
3302
3303 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Request", &cmd);
3304 PARSE_loc_rules( rules, cmd );
3305 }
3306
3307 /* Re-Auth-Answer */
3308 {
3309 /*
3310 Add additional rules of the ABNF (compared to Base definition):
3311
3312
3313 <RA-Answer> ::= < Diameter Header: 258, PXY >
3314 < Session-Id >
3315 { Result-Code }
3316 { Origin-Host }
3317 { Origin-Realm }
3318 [ User-Name ]
3319 [ Origin-AAA-Protocol ]
3320 [ Origin-State-Id ]
3321 [ Error-Message ]
3322 [ Error-Reporting-Host ]
3323 * [ Failed-AVP ]
3324 * [ Redirected-Host ]
3325 [ Redirected-Host-Usage ]
3326 [ Redirected-Host-Cache-Time ]
3327 [ Service-Type ]
3328 * [ Configuration-Token ]
3329 [ Idle-Timeout ]
3330 [ Authorization-Lifetime ]
3331 [ Auth-Grace-Period ]
3332 [ Re-Auth-Request-Type ]
3333 [ State ]
3334 * [ Class ]
3335 * [ Reply-Message ]
3336 [ Prompt ]
3337 * [ Proxy-Info ]
3338 * [ AVP ]
3339 */
3340 struct dict_object * cmd;
3341 struct local_rules_definition rules[] =
3342 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3343 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
3344 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1 }
3345 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 }
3346 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 }
3347 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 }
3348 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 }
3349 ,{ "State", RULE_OPTIONAL, -1, 1 }
3350 ,{ "Class", RULE_OPTIONAL, -1,-1 }
3351 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 }
3352 ,{ "Prompt", RULE_OPTIONAL, -1, 1 }
3353 };
3354
3355 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Answer", &cmd);
3356 PARSE_loc_rules( rules, cmd );
3357 }
3358
3359 /* Session-Termination-Request */
3360 {
3361 /*
3362 Add additional rules of the ABNF (compared to Base definition):
3363
3364
3365 <ST-Request> ::= < Diameter Header: 275, REQ, PXY >
3366 < Session-Id >
3367 { Origin-Host }
3368 { Origin-Realm }
3369 { Destination-Realm }
3370 { Auth-Application-Id }
3371 { Termination-Cause }
3372 [ User-Name ]
3373 [ Destination-Host ]
3374 * [ Class ]
3375 [ Origin-AAA-Protocol ]
3376 [ Origin-State-Id ]
3377 * [ Proxy-Info ]
3378 * [ Route-Record ]
3379 * [ AVP ]
3380 */
3381 struct dict_object * cmd;
3382 struct local_rules_definition rules[] =
3383 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3384 };
3385
3386 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Request", &cmd);
3387 PARSE_loc_rules( rules, cmd );
3388 }
3389
3390 /* Session-Termination-Answer */
3391 {
3392 /*
3393 Add additional rules of the ABNF (compared to Base definition):
3394
3395 <ST-Answer> ::= < Diameter Header: 275, PXY >
3396 < Session-Id >
3397 { Result-Code }
3398 { Origin-Host }
3399 { Origin-Realm }
3400 [ User-Name ]
3401 * [ Class ]
3402 [ Error-Message ]
3403 [ Error-Reporting-Host ]
3404 * [ Failed-AVP ]
3405 [ Origin-AAA-Protocol ]
3406 [ Origin-State-Id ]
3407 * [ Redirect-Host ]
3408 [ Redirect-Host-Usase ]
3409 [ Redirect-Max-Cache-Time ]
3410 * [ Proxy-Info ]
3411 * [ AVP ]
3412 */
3413 struct dict_object * cmd;
3414 struct local_rules_definition rules[] =
3415 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3416 };
3417
3418 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Answer", &cmd);
3419 PARSE_loc_rules( rules, cmd );
3420 }
3421
3422 /* Abort-Session-Request */
3423 {
3424 /*
3425 Add additional rules of the ABNF (compared to Base definition):
3426
3427 <AS-Request> ::= < Diameter Header: 274, REQ, PXY >
3428 < Session-Id >
3429 { Origin-Host }
3430 { Origin-Realm }
3431 { Destination-Realm }
3432 { Destination-Host }
3433 { Auth-Application-Id }
3434 [ User-Name ]
3435 [ Origin-AAA-Protocol ]
3436 [ Origin-State-Id ]
3437 [ NAS-Identifier ]
3438 [ NAS-IP-Address ]
3439 [ NAS-IPv6-Address ]
3440 [ NAS-Port ]
3441 [ NAS-Port-Id ]
3442 [ NAS-Port-Type ]
3443 [ Service-Type ]
3444 [ Framed-IP-Address ]
3445 [ Framed-IPv6-Prefix ]
3446 [ Framed-Interface-Id ]
3447 [ Called-Station-Id ]
3448 [ Calling-Station-Id ]
3449 [ Originating-Line-Info ]
3450 [ Acct-Session-Id ]
3451 [ Acct-Multi-Session-Id ]
3452 [ State ]
3453 * [ Class ]
3454 * [ Reply-Message ]
3455 * [ Proxy-Info ]
3456 * [ Route-Record ]
3457 * [ AVP ]
3458
3459 */
3460 struct dict_object * cmd;
3461 struct local_rules_definition rules[] =
3462 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3463 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 }
3464 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 }
3465 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 }
3466 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 }
3467 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 }
3468 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 }
3469 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
3470 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 }
3471 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1 }
3472 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 }
3473 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 }
3474 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 }
3475 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 }
3476 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1 }
3477 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1 }
3478 ,{ "State", RULE_OPTIONAL, -1, 1 }
3479 ,{ "Class", RULE_OPTIONAL, -1,-1 }
3480 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 }
3481 };
3482
3483 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Request", &cmd);
3484 PARSE_loc_rules( rules, cmd );
3485 }
3486
3487 /* Abort-Session-Answer */
3488 {
3489 /*
3490 Add additional rules of the ABNF (compared to Base definition):
3491
3492 <AS-Answer> ::= < Diameter Header: 274, PXY >
3493 < Session-Id >
3494 { Result-Code }
3495 { Origin-Host }
3496 { Origin-Realm }
3497 [ User-Name ]
3498 [ Origin-AAA-Protocol ]
3499 [ Origin-State-Id ]
3500 [ State]
3501 [ Error-Message ]
3502 [ Error-Reporting-Host ]
3503 * [ Failed-AVP ]
3504 * [ Redirected-Host ]
3505 [ Redirected-Host-Usage ]
3506 [ Redirected-Max-Cache-Time ]
3507 * [ Proxy-Info ]
3508 * [ AVP ]
3509 */
3510 struct dict_object * cmd;
3511 struct local_rules_definition rules[] =
3512 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3513 ,{ "State", RULE_REQUIRED, -1, 1 }
3514 };
3515
3516 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Answer", &cmd);
3517 PARSE_loc_rules( rules, cmd );
3518 }
3519
3520 /* Accounting-Request */
3521 {
3522 /*
3523 Add additional rules of the ABNF (compared to Base definition):
3524
3525 <AC-Request> ::= < Diameter Header: 271, REQ, PXY >
3526 < Session-Id >
3527 { Origin-Host }
3528 { Origin-Realm }
3529 { Destination-Realm }
3530 { Accounting-Record-Type }
3531 { Accounting-Record-Number }
3532 [ Acct-Application-Id ]
3533 [ Vendor-Specific-Application-Id ]
3534 [ User-Name ]
3535 [ Accounting-Sub-Session-Id ]
3536 [ Acct-Session-Id ]
3537 [ Acct-Multi-Session-Id ]
3538 [ Origin-AAA-Protocol ]
3539 [ Origin-State-Id ]
3540 [ Destination-Host ]
3541 [ Event-Timestamp ]
3542 [ Acct-Delay-Time ]
3543 [ NAS-Identifier ]
3544 [ NAS-IP-Address ]
3545 [ NAS-IPv6-Address ]
3546 [ NAS-Port ]
3547 [ NAS-Port-Id ]
3548 [ NAS-Port-Type ]
3549 * [ Class ]
3550 [ Service-Type ]
3551 [ Termination-Cause ]
3552 [ Accounting-Input-Octets ]
3553 [ Accounting-Input-Packets ]
3554 [ Accounting-Output-Octets ]
3555 [ Accounting-Output-Packets ]
3556 [ Acct-Authentic ]
3557 [ Accounting-Auth-Method ]
3558 [ Acct-Link-Count ]
3559 [ Acct-Session-Time ]
3560 [ Acct-Tunnel-Connection ]
3561 [ Acct-Tunnel-Packets-Lost ]
3562 [ Callback-Id ]
3563 [ Callback-Number ]
3564 [ Called-Station-Id ]
3565 [ Calling-Station-Id ]
3566 * [ Connection-Info ]
3567 [ Originating-Line-Info ]
3568 [ Authorization-Lifetime ]
3569 [ Session-Timeout ]
3570 [ Idle-Timeout ]
3571 [ Port-Limit ]
3572 [ Accounting-Realtime-Required ]
3573 [ Acct-Interim-Interval ]
3574 * [ Filter-Id ]
3575 * [ NAS-Filter-Rule ]
3576 * [ Qos-Filter-Rule ]
3577 [ Framed-AppleTalk-Link ]
3578 [ Framed-AppleTalk-Network ]
3579 [ Framed-AppleTalk-Zone ]
3580 [ Framed-Compression ]
3581 [ Framed-Interface-Id ]
3582 [ Framed-IP-Address ]
3583 [ Framed-IP-Netmask ]
3584 * [ Framed-IPv6-Prefix ]
3585 [ Framed-IPv6-Pool ]
3586 * [ Framed-IPv6-Route ]
3587 [ Framed-IPX-Network ]
3588 [ Framed-MTU ]
3589 [ Framed-Pool ]
3590 [ Framed-Protocol ]
3591 * [ Framed-Route ]
3592 [ Framed-Routing ]
3593 * [ Login-IP-Host ]
3594 * [ Login-IPv6-Host ]
3595 [ Login-LAT-Group ]
3596 [ Login-LAT-Node ]
3597 [ Login-LAT-Port ]
3598 [ Login-LAT-Service ]
3599 [ Login-Service ]
3600 [ Login-TCP-Port ]
3601 * [ Tunneling ]
3602 * [ Proxy-Info ]
3603 * [ Route-Record ]
3604 * [ AVP ]
3605 */
3606 struct dict_object * cmd;
3607 struct local_rules_definition rules[] =
3608 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3609 ,{ "Acct-Delay-Time", RULE_OPTIONAL, -1, 1 }
3610 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 }
3611 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 }
3612 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 }
3613 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 }
3614 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 }
3615 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 }
3616 ,{ "Class", RULE_OPTIONAL, -1,-1 }
3617 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 }
3618 ,{ "Termination-Cause", RULE_OPTIONAL, -1, 1 }
3619 ,{ "Accounting-Input-Octets", RULE_OPTIONAL, -1, 1 }
3620 ,{ "Accounting-Input-Packets", RULE_OPTIONAL, -1, 1 }
3621 ,{ "Accounting-Output-Octets", RULE_OPTIONAL, -1, 1 }
3622 ,{ "Accounting-Output-Packets", RULE_OPTIONAL, -1, 1 }
3623 ,{ "Acct-Authentic", RULE_OPTIONAL, -1, 1 }
3624 ,{ "Accounting-Auth-Method", RULE_OPTIONAL, -1, 1 }
3625 ,{ "Acct-Link-Count", RULE_OPTIONAL, -1, 1 }
3626 ,{ "Acct-Session-Time", RULE_OPTIONAL, -1, 1 }
3627 ,{ "Acct-Tunnel-Connection", RULE_OPTIONAL, -1, 1 }
3628 ,{ "Acct-Tunnel-Packets-Lost", RULE_OPTIONAL, -1, 1 }
3629 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1 }
3630 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 }
3631 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 }
3632 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 }
3633 ,{ "Connect-Info", RULE_OPTIONAL, -1,-1 }
3634 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 }
3635 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 }
3636 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1 }
3637 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 }
3638 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 }
3639 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1 }
3640 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1 }
3641 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1 }
3642 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1 }
3643 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1, 1 }
3644 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1 }
3645 ,{ "Framed-Compression", RULE_OPTIONAL, -1, 1 }
3646 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 }
3647 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 }
3648 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 }
3649 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1 }
3650 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1 }
3651 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 }
3652 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1 }
3653 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1 }
3654 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1 }
3655 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 }
3656 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 }
3657 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1 }
3658 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 }
3659 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 }
3660 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 }
3661 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 }
3662 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 }
3663 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 }
3664 ,{ "Login-Service", RULE_OPTIONAL, -1, 1 }
3665 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1 }
3666 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 }
3667 };
3668
3669 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Request", &cmd);
3670 PARSE_loc_rules( rules, cmd );
3671 }
3672
3673 /* Accounting-Answer */
3674 {
3675 /*
3676 Add additional rules of the ABNF (compared to Base definition):
3677
3678 <AC-Answer> ::= < Diameter Header: 271, PXY >
3679 < Session-Id >
3680 { Result-Code }
3681 { Origin-Host }
3682 { Origin-Realm }
3683 { Accounting-Record-Type }
3684 { Accounting-Record-Number }
3685 [ Acct-Application-Id ]
3686 [ Vendor-Specific-Application-Id ]
3687 [ User-Name ]
3688 [ Accounting-Sub-Session-Id ]
3689 [ Acct-Session-Id ]
3690 [ Acct-Multi-Session-Id ]
3691 [ Event-Timestamp ]
3692 [ Error-Message ]
3693 [ Error-Reporting-Host ]
3694 * [ Failed-AVP ]
3695 [ Origin-AAA-Protocol ]
3696 [ Origin-State-Id ]
3697 [ NAS-Identifier ]
3698 [ NAS-IP-Address ]
3699 [ NAS-IPv6-Address ]
3700 [ NAS-Port ]
3701 [ NAS-Port-Id ]
3702 [ NAS-Port-Type ]
3703 [ Service-Type ]
3704 [ Termination-Cause ]
3705 [ Accounting-Realtime-Required ]
3706 [ Acct-Interim-Interval ]
3707 * [ Class ]
3708 * [ Proxy-Info ]
3709 * [ Route-Record ]
3710 * [ AVP ]
3711
3712 */
3713 struct dict_object * cmd;
3714 struct local_rules_definition rules[] =
3715 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 }
3716 ,{ "NAS-Identifier", RULE_REQUIRED, -1, 1 }
3717 ,{ "NAS-IP-Address", RULE_REQUIRED, -1, 1 }
3718 ,{ "NAS-IPv6-Address", RULE_REQUIRED, -1, 1 }
3719 ,{ "NAS-Port", RULE_REQUIRED, -1, 1 }
3720 ,{ "NAS-Port-Id", RULE_REQUIRED, -1, 1 }
3721 ,{ "NAS-Port-Type", RULE_REQUIRED, -1, 1 }
3722 ,{ "Service-Type", RULE_REQUIRED, -1, 1 }
3723 ,{ "Termination-Cause", RULE_REQUIRED, -1, 1 }
3724 };
3725
3726 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Answer", &cmd);
3727 PARSE_loc_rules( rules, cmd );
3728 }
3729 }
3730
3731 TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for NASREQ' initialized");
3732 return 0;
3733 }
3734
3735 EXTENSION_ENTRY("dict_nasreq", dnr_entry);
"Welcome to our mercurial repository"