Mercurial > hg > freeDiameter
comparison extensions/dict_nasreq/dict_nasreq.c @ 10:c5c99c73c2bf
Added some extensions and functions in the daemon
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Fri, 25 Sep 2009 16:12:08 +0900 |
parents | |
children | 50aaa4028967 |
comparison
equal
deleted
inserted
replaced
9:fc7c18867cf7 | 10:c5c99c73c2bf |
---|---|
1 /********************************************************************************************************* | |
2 * Software License Agreement (BSD License) * | |
3 * Author: Sebastien Decugis <sdecugis@nict.go.jp> * | |
4 * * | |
5 * Copyright (c) 2009, WIDE Project and NICT * | |
6 * All rights reserved. * | |
7 * * | |
8 * Redistribution and use of this software in source and binary forms, with or without modification, are * | |
9 * permitted provided that the following conditions are met: * | |
10 * * | |
11 * * Redistributions of source code must retain the above * | |
12 * copyright notice, this list of conditions and the * | |
13 * following disclaimer. * | |
14 * * | |
15 * * Redistributions in binary form must reproduce the above * | |
16 * copyright notice, this list of conditions and the * | |
17 * following disclaimer in the documentation and/or other * | |
18 * materials provided with the distribution. * | |
19 * * | |
20 * * Neither the name of the WIDE Project or NICT nor the * | |
21 * names of its contributors may be used to endorse or * | |
22 * promote products derived from this software without * | |
23 * specific prior written permission of WIDE Project and * | |
24 * NICT. * | |
25 * * | |
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * | |
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * | |
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * | |
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * | |
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * | |
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * | |
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * | |
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * | |
34 *********************************************************************************************************/ | |
35 | |
36 /* | |
37 * Dictionary definitions of objects specified in Diameter NASREQ (RFC4005). | |
38 */ | |
39 #include <freeDiameter/extension.h> | |
40 | |
41 /* The content of this file follows the same structure as dict_base_proto.c */ | |
42 | |
43 #define CHECK_dict_new( _type, _data, _parent, _ref ) \ | |
44 CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) ); | |
45 | |
46 #define CHECK_dict_search( _type, _criteria, _what, _result ) \ | |
47 CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) ); | |
48 | |
49 struct local_rules_definition { | |
50 char *avp_name; | |
51 enum rule_position position; | |
52 int min; | |
53 int max; | |
54 }; | |
55 | |
56 #define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 ) | |
57 | |
58 #define PARSE_loc_rules( _rulearray, _parent) { \ | |
59 int __ar; \ | |
60 for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \ | |
61 struct dict_rule_data __data = { NULL, \ | |
62 (_rulearray)[__ar].position, \ | |
63 0, \ | |
64 (_rulearray)[__ar].min, \ | |
65 (_rulearray)[__ar].max}; \ | |
66 __data.rule_order = RULE_ORDER(__data.rule_position); \ | |
67 CHECK_FCT( fd_dict_search( \ | |
68 fd_g_config->cnf_dict, \ | |
69 DICT_AVP, \ | |
70 AVP_BY_NAME, \ | |
71 (_rulearray)[__ar].avp_name, \ | |
72 &__data.rule_avp, 0 ) ); \ | |
73 if ( !__data.rule_avp ) { \ | |
74 TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \ | |
75 return ENOENT; \ | |
76 } \ | |
77 CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \ | |
78 { \ | |
79 TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \ | |
80 (_rulearray)[__ar].avp_name ); \ | |
81 return EINVAL; \ | |
82 } ); \ | |
83 } \ | |
84 } | |
85 | |
86 #define enumval_def_u32( _val_, _str_ ) \ | |
87 { _str_, { .u32 = _val_ }} | |
88 | |
89 #define enumval_def_os( _len_, _val_, _str_ ) \ | |
90 { _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}} | |
91 | |
92 | |
93 static int dnr_entry(char * conffile) | |
94 { | |
95 struct dict_object * nasreq; | |
96 TRACE_ENTRY("%p", conffile); | |
97 | |
98 /* No Vendors definitions */ | |
99 | |
100 /* Applications section */ | |
101 { | |
102 /* NASREQ (RFC 4005) */ | |
103 { | |
104 struct dict_application_data data = { 1, "Diameter Network Access Server Application" }; | |
105 CHECK_dict_new( DICT_APPLICATION, &data, NULL, &nasreq); | |
106 } | |
107 } | |
108 | |
109 /* Derived AVP types section */ | |
110 { | |
111 /* QoSFilterRule */ | |
112 { | |
113 /* | |
114 The QosFilterRule format is derived from the OctetString AVP Base | |
115 Format. It uses the ASCII charset. Packets may be marked or | |
116 metered based on the following information: | |
117 | |
118 Direction (in or out) | |
119 Source and destination IP address (possibly masked) | |
120 Protocol | |
121 Source and destination port (lists or ranges) | |
122 DSCP values (no mask or range) | |
123 | |
124 Rules for the appropriate direction are evaluated in order; the | |
125 first matched rule terminates the evaluation. Each packet is | |
126 evaluated once. If no rule matches, the packet is treated as best | |
127 effort. An access device unable to interpret or apply a QoS rule | |
128 SHOULD NOT terminate the session. | |
129 | |
130 QoSFilterRule filters MUST follow the following format: | |
131 | |
132 action dir proto from src to dst [options] | |
133 | |
134 tag - Mark packet with a specific DSCP | |
135 [DIFFSERV]. The DSCP option MUST be | |
136 included. | |
137 meter - Meter traffic. The metering options | |
138 MUST be included. | |
139 | |
140 dir The format is as described under IPFilterRule. | |
141 | |
142 proto The format is as described under IPFilterRule. | |
143 | |
144 src and dst The format is as described under IPFilterRule. | |
145 | |
146 options: | |
147 | |
148 DSCP <color> | |
149 Color values as defined in [DIFFSERV]. Exact | |
150 matching of DSCP values is required (no masks or | |
151 ranges). | |
152 | |
153 metering <rate> <color_under> <color_over> | |
154 The metering option provides Assured Forwarding, | |
155 as defined in [DIFFSERVAF], and MUST be present | |
156 if the action is set to meter. The rate option is | |
157 the throughput, in bits per second, used | |
158 by the access device to mark packets. Traffic | |
159 over the rate is marked with the color_over | |
160 codepoint, and traffic under the rate is marked | |
161 with the color_under codepoint. The color_under | |
162 and color_over options contain the drop | |
163 preferences and MUST conform to the recommended | |
164 codepoint keywords described in [DIFFSERVAF] | |
165 (e.g., AF13). | |
166 | |
167 The metering option also supports the strict | |
168 limit on traffic required by Expedited | |
169 Forwarding, as defined in [DIFFSERVEF]. The | |
170 color_over option may contain the keyword "drop" | |
171 to prevent forwarding of traffic that exceeds the | |
172 rate parameter. | |
173 | |
174 The rule syntax is a modified subset of ipfw(8) from FreeBSD, | |
175 and the ipfw.c code may provide a useful base for | |
176 implementations. | |
177 */ | |
178 struct dict_type_data data = { AVP_TYPE_OCTETSTRING, "QoSFilterRule" , NULL , NULL }; | |
179 CHECK_dict_new( DICT_TYPE, &data , NULL, NULL); | |
180 } | |
181 | |
182 } | |
183 | |
184 /* AVP section */ | |
185 { | |
186 struct dict_object * UTF8String_type; | |
187 struct dict_object * IPFilterRule_type; | |
188 struct dict_object * QoSFilterRule_type; | |
189 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type); | |
190 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "IPFilterRule", &IPFilterRule_type); | |
191 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "QoSFilterRule", &QoSFilterRule_type); | |
192 | |
193 /******************************** | |
194 * NAS Session AVPs * | |
195 ********************************/ | |
196 /* NAS-Port */ | |
197 { | |
198 /* | |
199 The NAS-Port AVP (AVP Code 5) is of type Unsigned32 and contains the | |
200 physical or virtual port number of the NAS which is authenticating | |
201 the user. Note that "port" is meant in its sense as a service | |
202 connection on the NAS, not as an IP protocol identifier. | |
203 | |
204 Either NAS-Port or NAS-Port-Id (AVP Code 87) SHOULD be present in | |
205 AA-Request (AAR) commands if the NAS differentiates among its ports. | |
206 */ | |
207 struct dict_avp_data data = { | |
208 5, /* Code */ | |
209 0, /* Vendor */ | |
210 "NAS-Port", /* Name */ | |
211 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
212 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
213 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
214 }; | |
215 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
216 } | |
217 | |
218 /* NAS-Port-Id */ | |
219 { | |
220 /* | |
221 The NAS-Port-Id AVP (AVP Code 87) is of type UTF8String and consists | |
222 of ASCII text identifying the port of the NAS authenticating the | |
223 user. Note that "port" is meant in its sense as a service connection | |
224 on the NAS, not as an IP protocol identifier. | |
225 | |
226 Either NAS-Port or NAS-Port-Id SHOULD be present in AA-Request (AAR) | |
227 commands if the NAS differentiates among its ports. NAS-Port-Id is | |
228 intended for use by NASes that cannot conveniently number their | |
229 ports. | |
230 */ | |
231 struct dict_avp_data data = { | |
232 87, /* Code */ | |
233 0, /* Vendor */ | |
234 "NAS-Port-Id", /* Name */ | |
235 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
236 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
237 AVP_TYPE_OCTETSTRING /* base type of data */ | |
238 }; | |
239 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
240 } | |
241 | |
242 /* NAS-Port-Type */ | |
243 { | |
244 /* | |
245 The NAS-Port-Type AVP (AVP Code 61) is of type Enumerated and | |
246 contains the type of the port on which the NAS is authenticating the | |
247 user. This AVP SHOULD be present if the NAS uses the same NAS-Port | |
248 number ranges for different service types concurrently. | |
249 | |
250 The supported values are defined in [RADIUSTypes]. The following | |
251 list is informational and subject to change by the IANA. | |
252 | |
253 http://www.iana.org/assignments/radius-types | |
254 Sub-registry: Values for RADIUS Attribute 61, NAS-Port-Type | |
255 Reference: [RFC2865] | |
256 | |
257 Extract on 2009.06.01: | |
258 0 Async [RFC2865] | |
259 1 Sync [RFC2865] | |
260 2 ISDN Sync [RFC2865] | |
261 3 ISDN Async V.120 [RFC2865] | |
262 4 ISDN Async V.110 [RFC2865] | |
263 5 Virtual [RFC2865] | |
264 6 PIAFS [RFC2865] | |
265 7 HDLC Clear Channel [RFC2865] | |
266 8 X.25 [RFC2865] | |
267 9 X.75 [RFC2865] | |
268 10 G.3 Fax [RFC2865] | |
269 11 SDSL - Symmetric DSL [RFC2865] | |
270 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865] | |
271 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865] | |
272 14 IDSL - ISDN Digital Subscriber Line [RFC2865] | |
273 15 Ethernet [RFC2865] | |
274 16 xDSL - Digital Subscriber Line of unknown type [RFC2865] | |
275 17 Cable [RFC2865] | |
276 18 Wireless - Other [RFC2865] | |
277 19 Wireless - IEEE 802.11 [RFC2865] | |
278 20 Token-Ring [RFC3580] | |
279 21 FDDI [RFC3580] | |
280 22 Wireless - CDMA2000 [McCann] | |
281 23 Wireless - UMTS [McCann] | |
282 24 Wireless - 1X-EV [McCann] | |
283 25 IAPP [IEEE 802.11F][Kerry] | |
284 26 FTTP - Fiber to the Premises [Nyce] | |
285 27 Wireless - IEEE 802.16 [IEEE 802.16] 12 December 2006 | |
286 28 Wireless - IEEE 802.20 [IEEE 802.20] 12 December 2006 | |
287 29 Wireless - IEEE 802.22 [IEEE 802.22] 12 December 2006 | |
288 30 PPPoA - PPP over ATM [RFC4603] | |
289 31 PPPoEoA - PPP over Ethernet over ATM [RFC4603] | |
290 32 PPPoEoE - PPP over Ethernet over Ethernet [RFC4603] | |
291 33 PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603] | |
292 34 PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603] | |
293 35 xPON - Passive Optical Network [Hublet][Yan] 19 June 2007 | |
294 */ | |
295 | |
296 struct dict_object *type; | |
297 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(NAS-Port-Type)" , NULL, NULL}; | |
298 struct dict_enumval_data tvals[] = { | |
299 enumval_def_u32( 0, "Async [RFC2865]"), | |
300 enumval_def_u32( 1, "Sync [RFC2865]"), | |
301 enumval_def_u32( 2, "ISDN Sync [RFC2865]"), | |
302 enumval_def_u32( 3, "ISDN Async V.120 [RFC2865]"), | |
303 enumval_def_u32( 4, "ISDN Async V.110 [RFC2865]"), | |
304 enumval_def_u32( 5, "Virtual [RFC2865]"), | |
305 enumval_def_u32( 6, "PIAFS [RFC2865]"), | |
306 enumval_def_u32( 7, "HDLC Clear Channel [RFC2865]"), | |
307 enumval_def_u32( 8, "X.25 [RFC2865]"), | |
308 enumval_def_u32( 9, "X.75 [RFC2865]"), | |
309 enumval_def_u32(10, "G.3 Fax [RFC2865]"), | |
310 enumval_def_u32(11, "SDSL - Symmetric DSL [RFC2865]"), | |
311 enumval_def_u32(12, "ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865]"), | |
312 enumval_def_u32(13, "ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865]"), | |
313 enumval_def_u32(14, "IDSL - ISDN Digital Subscriber Line [RFC2865]"), | |
314 enumval_def_u32(15, "Ethernet [RFC2865]"), | |
315 enumval_def_u32(16, "xDSL - Digital Subscriber Line of unknown type [RFC2865]"), | |
316 enumval_def_u32(17, "Cable [RFC2865]"), | |
317 enumval_def_u32(18, "Wireless - Other [RFC2865]"), | |
318 enumval_def_u32(19, "Wireless - IEEE 802.11 [RFC2865]"), | |
319 enumval_def_u32(20, "Token-Ring [RFC3580]"), | |
320 enumval_def_u32(21, "FDDI [RFC3580]"), | |
321 enumval_def_u32(22, "Wireless - CDMA2000 [McCann]"), | |
322 enumval_def_u32(23, "Wireless - UMTS [McCann]"), | |
323 enumval_def_u32(24, "Wireless - 1X-EV [McCann]"), | |
324 enumval_def_u32(25, "IAPP [IEEE 802.11F][Kerry]"), | |
325 enumval_def_u32(26, "FTTP - Fiber to the Premises [Nyce]"), | |
326 enumval_def_u32(27, "Wireless - IEEE 802.16 [IEEE 802.16]"), | |
327 enumval_def_u32(28, "Wireless - IEEE 802.20 [IEEE 802.20]"), | |
328 enumval_def_u32(29, "Wireless - IEEE 802.22 [IEEE 802.22]"), | |
329 enumval_def_u32(30, "PPPoA - PPP over ATM [RFC4603]"), | |
330 enumval_def_u32(31, "PPPoEoA - PPP over Ethernet over ATM [RFC4603]"), | |
331 enumval_def_u32(32, "PPPoEoE - PPP over Ethernet over Ethernet [RFC4603]"), | |
332 enumval_def_u32(33, "PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603]"), | |
333 enumval_def_u32(34, "PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603]"), | |
334 enumval_def_u32(35, "xPON - Passive Optical Network [Hublet][Yan]") | |
335 }; | |
336 struct dict_avp_data data = { | |
337 61, /* Code */ | |
338 0, /* Vendor */ | |
339 "NAS-Port-Type", /* Name */ | |
340 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
341 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
342 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
343 }; | |
344 int i; | |
345 /* Create the Enumerated type, enumerated values, and the AVP */ | |
346 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
347 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
348 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
349 } | |
350 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
351 } | |
352 | |
353 /* Called-Station-Id */ | |
354 { | |
355 /* | |
356 The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and | |
357 allows the NAS to send the ASCII string describing the layer 2 | |
358 address the user contacted in the request. For dialup access, this | |
359 can be a phone number obtained by using Dialed Number Identification | |
360 (DNIS) or a similar technology. Note that this may be different from | |
361 the phone number the call comes in on. For use with IEEE 802 access, | |
362 the Called-Station-Id MAY contain a MAC address formatted as | |
363 described in [RAD802.1X]. It SHOULD only be present in | |
364 authentication and/or authorization requests. | |
365 | |
366 If the Auth-Request-Type AVP is set to authorization-only and the | |
367 User-Name AVP is absent, the Diameter Server MAY perform | |
368 authorization based on this field. This can be used by a NAS to | |
369 request whether a call should be answered based on the DNIS. | |
370 */ | |
371 struct dict_avp_data data = { | |
372 30, /* Code */ | |
373 0, /* Vendor */ | |
374 "Called-Station-Id", /* Name */ | |
375 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
376 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
377 AVP_TYPE_OCTETSTRING /* base type of data */ | |
378 }; | |
379 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
380 } | |
381 | |
382 /* Calling-Station-Id */ | |
383 { | |
384 /* | |
385 The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and | |
386 allows the NAS to send the ASCII string describing the layer 2 | |
387 address from which the user connected in the request. For dialup | |
388 access, this is the phone number the call came from, using Automatic | |
389 Number Identification (ANI) or a similar technology. For use with | |
390 IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC | |
391 address, formated as described in [RAD802.1X]. It SHOULD only be | |
392 present in authentication and/or authorization requests. | |
393 | |
394 If the Auth-Request-Type AVP is set to authorization-only and the | |
395 User-Name AVP is absent, the Diameter Server MAY perform | |
396 authorization based on this field. This can be used by a NAS to | |
397 request whether a call should be answered based on the layer 2 | |
398 address (ANI, MAC Address, etc.) | |
399 */ | |
400 struct dict_avp_data data = { | |
401 31, /* Code */ | |
402 0, /* Vendor */ | |
403 "Calling-Station-Id", /* Name */ | |
404 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
405 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
406 AVP_TYPE_OCTETSTRING /* base type of data */ | |
407 }; | |
408 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
409 } | |
410 | |
411 /* Connect-Info */ | |
412 { | |
413 /* | |
414 The Connect-Info AVP (AVP Code 77) is of type UTF8String and is sent | |
415 in the AA-Request message or ACR STOP message. When sent in the | |
416 Access-Request, it indicates the nature of the user's connection. | |
417 The connection speed SHOULD be included at the beginning of the first | |
418 Connect-Info AVP in the message. If the transmit and receive | |
419 connection speeds differ, both may be included in the first AVP with | |
420 the transmit speed listed first (the speed the NAS modem transmits | |
421 at), then a slash (/), then the receive speed, and then other | |
422 optional information. | |
423 | |
424 For example: "28800 V42BIS/LAPM" or "52000/31200 V90" | |
425 | |
426 More than one Connect-Info attribute may be present in an | |
427 Accounting-Request packet to accommodate expected efforts by the ITU | |
428 to have modems report more connection information in a standard | |
429 format that might exceed 252 octets. | |
430 | |
431 If sent in the ACR STOP, this attribute may summarize statistics | |
432 relating to session quality. For example, in IEEE 802.11, the | |
433 Connect-Info attribute may contain information on the number of link | |
434 layer retransmissions. The exact format of this attribute is | |
435 implementation specific. | |
436 */ | |
437 struct dict_avp_data data = { | |
438 77, /* Code */ | |
439 0, /* Vendor */ | |
440 "Connect-Info", /* Name */ | |
441 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
442 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
443 AVP_TYPE_OCTETSTRING /* base type of data */ | |
444 }; | |
445 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
446 } | |
447 | |
448 /* Originating-Line-Info */ | |
449 { | |
450 /* | |
451 The Originating-Line-Info AVP (AVP Code 94) is of type OctetString | |
452 and is sent by the NAS system to convey information about the origin | |
453 of the call from an SS7 system. | |
454 | |
455 The originating line information (OLI) element indicates the nature | |
456 and/or characteristics of the line from which a call originated | |
457 (e.g., pay phone, hotel, cellular). Telephone companies are starting | |
458 to offer OLI to their customers as an option over Primary Rate | |
459 Interface (PRI). Internet Service Providers (ISPs) can use OLI in | |
460 addition to Called-Station-Id and Calling-Station-Id attributes to | |
461 differentiate customer calls and to define different services. | |
462 | |
463 The Value field contains two octets (00 - 99). ANSI T1.113 and | |
464 BELLCORE 394 can be used for additional information about these | |
465 values and their use. For more information on current assignment | |
466 values, see [http://www.nanpa.com/number_resource_info/ani_ii_assignments.html]. | |
467 | |
468 */ | |
469 struct dict_object *type; | |
470 struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated*(Originating-Line-Info)" , NULL, NULL}; | |
471 struct dict_enumval_data tvals[] = { | |
472 enumval_def_os( 2, "00", "Plain Old Telephone Service (POTS)"), | |
473 enumval_def_os( 2, "01", "Multiparty Line (more than 2)"), | |
474 enumval_def_os( 2, "02", "ANI Failure"), | |
475 enumval_def_os( 2, "06", "Station Level Rating"), | |
476 enumval_def_os( 2, "07", "Special Operator Handling Required"), | |
477 enumval_def_os( 2, "20", "Automatic Identified Outward Dialing (AIOD)"), | |
478 enumval_def_os( 2, "23", "Coin or Non-Coin"), | |
479 enumval_def_os( 2, "24", "Toll Free Service (Non-Pay Origination)"), | |
480 enumval_def_os( 2, "25", "Toll Free Service (Pay Origination)"), | |
481 enumval_def_os( 2, "27", "Toll Free Service (Coin Control Origination)"), | |
482 enumval_def_os( 2, "29", "Prison/Inmate Service"), | |
483 enumval_def_os( 2, "30", "Intercept (Blank)"), | |
484 enumval_def_os( 2, "31", "Intercept (Trouble)"), | |
485 enumval_def_os( 2, "32", "Intercept (Regular)"), | |
486 enumval_def_os( 2, "34", "Telco Operator Handled Call"), | |
487 enumval_def_os( 2, "52", "Outward Wide Area Telecommunications Service (OUTWATS)"), | |
488 enumval_def_os( 2, "60", "Telecommunications Relay Service (TRS)(Unrestricted)"), | |
489 enumval_def_os( 2, "61", "Cellular/Wireless PCS (Type 1)"), | |
490 enumval_def_os( 2, "62", "Cellular/Wireless PCS (Type 2)"), | |
491 enumval_def_os( 2, "63", "Cellular/Wireless PCS (Roaming)"), | |
492 enumval_def_os( 2, "66", "TRS (Hotel)"), | |
493 enumval_def_os( 2, "67", "TRS (Restricted)"), | |
494 enumval_def_os( 2, "70", "Pay Station, No Coin Control"), | |
495 enumval_def_os( 2, "93", "Access for Private Virtual Network Service") | |
496 }; | |
497 struct dict_avp_data data = { | |
498 94, /* Code */ | |
499 0, /* Vendor */ | |
500 "Originating-Line-Info", /* Name */ | |
501 AVP_FLAG_VENDOR, /* Fixed flags */ | |
502 0, /* Fixed flag values */ | |
503 AVP_TYPE_OCTETSTRING /* base type of data */ | |
504 }; | |
505 int i; | |
506 /* Create the Enumerated type, enumerated values, and the AVP */ | |
507 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
508 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
509 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
510 } | |
511 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
512 } | |
513 | |
514 /* Reply-Message */ | |
515 { | |
516 /* | |
517 The Reply-Message AVP (AVP Code 18) is of type UTF8String and | |
518 contains text that MAY be displayed to the user. When used in an | |
519 AA-Answer message with a successful Result-Code AVP, it indicates | |
520 success. When found in an AAA message with a Result-Code other than | |
521 DIAMETER_SUCCESS, the AVP contains a failure message. | |
522 | |
523 The Reply-Message AVP MAY indicate dialog text to prompt the user | |
524 before another AA-Request attempt. When used in an AA-Answer with a | |
525 Result-Code of DIAMETER_MULTI_ROUND_AUTH or in an Re-Auth-Request | |
526 message, it MAY contain a dialog text to prompt the user for a | |
527 response. | |
528 | |
529 Multiple Reply-Messages MAY be included, and if any are displayed, | |
530 they MUST be displayed in the same order as they appear in the | |
531 Diameter message. | |
532 */ | |
533 struct dict_avp_data data = { | |
534 18, /* Code */ | |
535 0, /* Vendor */ | |
536 "Reply-Message", /* Name */ | |
537 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
538 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
539 AVP_TYPE_OCTETSTRING /* base type of data */ | |
540 }; | |
541 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
542 } | |
543 | |
544 /******************************** | |
545 * NAS Authentication AVPs * | |
546 ********************************/ | |
547 /* User-Password */ | |
548 { | |
549 /* | |
550 The User-Password AVP (AVP Code 2) is of type OctetString and | |
551 contains the password of the user to be authenticated, or the user's | |
552 input in a multi-round authentication exchange. | |
553 | |
554 The User-Password AVP contains a user password or one-time password | |
555 and therefore represents sensitive information. As required in | |
556 [BASE], Diameter messages are encrypted by using IPsec or TLS. | |
557 Unless this AVP is used for one-time passwords, the User-Password AVP | |
558 SHOULD NOT be used in untrusted proxy environments without encrypting | |
559 it by using end-to-end security techniques, such as the proposed CMS | |
560 Security [DiamCMS]. | |
561 | |
562 The clear-text password (prior to encryption) MUST NOT be longer than | |
563 128 bytes in length. | |
564 */ | |
565 struct dict_avp_data data = { | |
566 2, /* Code */ | |
567 0, /* Vendor */ | |
568 "User-Password", /* Name */ | |
569 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
570 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
571 AVP_TYPE_OCTETSTRING /* base type of data */ | |
572 }; | |
573 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
574 } | |
575 | |
576 /* Password-Retry */ | |
577 { | |
578 /* | |
579 The Password-Retry AVP (AVP Code 75) is of type Unsigned32 and MAY be | |
580 included in the AA-Answer if the Result-Code indicates an | |
581 authentication failure. The value of this AVP indicates how many | |
582 authentication attempts a user is permitted before being | |
583 disconnected. This AVP is primarily intended for use when the | |
584 Framed-Protocol AVP (see section 6.10.1) is set to ARAP. | |
585 */ | |
586 struct dict_avp_data data = { | |
587 75, /* Code */ | |
588 0, /* Vendor */ | |
589 "Password-Retry", /* Name */ | |
590 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
591 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
592 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
593 }; | |
594 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
595 } | |
596 | |
597 /* Prompt */ | |
598 { | |
599 /* | |
600 The Prompt AVP (AVP Code 76) is of type Enumerated and MAY be present | |
601 in the AA-Answer message. When present, it is used by the NAS to | |
602 determine whether the user's response, when entered, should be | |
603 echoed. | |
604 | |
605 The supported values are listed in http://www.iana.org/assignments/radius-types | |
606 Sub-registry: Values for RADIUS Attribute 76, Prompt | |
607 Reference: [RFC2869] | |
608 */ | |
609 struct dict_object *type; | |
610 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Prompt)" , NULL, NULL}; | |
611 struct dict_enumval_data tvals[] = { | |
612 enumval_def_u32( 0, "No Echo [RFC2869]"), | |
613 enumval_def_u32( 1, "Echo [RFC2869]") | |
614 }; | |
615 struct dict_avp_data data = { | |
616 76, /* Code */ | |
617 0, /* Vendor */ | |
618 "Prompt", /* Name */ | |
619 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
620 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
621 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
622 }; | |
623 int i; | |
624 /* Create the Enumerated type, enumerated values, and the AVP */ | |
625 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
626 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
627 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
628 } | |
629 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
630 } | |
631 | |
632 /* CHAP-Algorithm */ | |
633 { | |
634 /* | |
635 The CHAP-Algorithm AVP (AVP Code 403) is of type Enumerated and | |
636 contains the algorithm identifier used in the computation of the CHAP | |
637 response [PPPCHAP]. The following values are currently supported: | |
638 | |
639 CHAP with MD5 5 | |
640 The CHAP response is computed by using the procedure described | |
641 in [PPPCHAP]. This algorithm requires that the CHAP-Response | |
642 AVP MUST be present in the CHAP-Auth AVP. | |
643 */ | |
644 struct dict_object *type; | |
645 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(CHAP-Algorithm)" , NULL, NULL}; | |
646 struct dict_enumval_data tvals[] = { | |
647 enumval_def_u32( 5, "CHAP with MD5") | |
648 }; | |
649 struct dict_avp_data adata = { | |
650 403, /* Code */ | |
651 0, /* Vendor */ | |
652 "CHAP-Algorithm", /* Name */ | |
653 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
654 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
655 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
656 }; | |
657 int i; | |
658 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
659 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
660 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
661 } | |
662 CHECK_dict_new( DICT_AVP, &adata , type, NULL); | |
663 } | |
664 | |
665 /* CHAP-Ident */ | |
666 { | |
667 /* | |
668 The CHAP-Ident AVP (AVP Code 404) is of type OctetString and contains | |
669 the 1 octet CHAP Identifier used in the computation of the CHAP | |
670 response [PPPCHAP]. | |
671 */ | |
672 struct dict_avp_data adata = { | |
673 404, /* Code */ | |
674 0, /* Vendor */ | |
675 "CHAP-Ident", /* Name */ | |
676 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
677 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
678 AVP_TYPE_OCTETSTRING /* base type of data */ | |
679 }; | |
680 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); | |
681 } | |
682 | |
683 /* CHAP-Response */ | |
684 { | |
685 /* | |
686 The CHAP-Response AVP (AVP Code 405) is of type OctetString and | |
687 contains the 16 octet authentication data provided by the user in | |
688 response to the CHAP challenge [PPPCHAP]. | |
689 */ | |
690 struct dict_avp_data adata = { | |
691 405, /* Code */ | |
692 0, /* Vendor */ | |
693 "CHAP-Response", /* Name */ | |
694 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
695 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
696 AVP_TYPE_OCTETSTRING /* base type of data */ | |
697 }; | |
698 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); | |
699 } | |
700 | |
701 /* CHAP-Auth */ | |
702 { | |
703 /* | |
704 The CHAP-Auth AVP (AVP Code 402) is of type Grouped and contains the | |
705 information necessary to authenticate a user using the PPP | |
706 Challenge-Handshake Authentication Protocol (CHAP) [PPPCHAP]. If the | |
707 CHAP-Auth AVP is found in a message, the CHAP-Challenge AVP MUST be | |
708 present as well. The optional AVPs containing the CHAP response | |
709 depend upon the value of the CHAP-Algorithm AVP. The grouped AVP has | |
710 the following ABNF grammar: | |
711 | |
712 CHAP-Auth ::= < AVP Header: 402 > | |
713 { CHAP-Algorithm } | |
714 { CHAP-Ident } | |
715 [ CHAP-Response ] | |
716 * [ AVP ] | |
717 */ | |
718 struct dict_object * avp; | |
719 struct dict_avp_data data = { | |
720 402, /* Code */ | |
721 0, /* Vendor */ | |
722 "CHAP-Auth", /* Name */ | |
723 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
724 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
725 AVP_TYPE_GROUPED /* base type of data */ | |
726 }; | |
727 struct local_rules_definition rules[] = | |
728 { { "CHAP-Algorithm", RULE_REQUIRED, -1, 1 } | |
729 ,{ "CHAP-Ident", RULE_REQUIRED, -1, 1 } | |
730 ,{ "CHAP-Response", RULE_OPTIONAL, -1, 1 } | |
731 }; | |
732 | |
733 CHECK_dict_new( DICT_AVP, &data , NULL, &avp); | |
734 PARSE_loc_rules( rules, avp ); | |
735 } | |
736 | |
737 /* CHAP-Challenge */ | |
738 { | |
739 /* | |
740 The CHAP-Challenge AVP (AVP Code 60) is of type OctetString and | |
741 contains the CHAP Challenge sent by the NAS to the CHAP peer | |
742 [PPPCHAP]. | |
743 */ | |
744 struct dict_avp_data data = { | |
745 60, /* Code */ | |
746 0, /* Vendor */ | |
747 "CHAP-Challenge", /* Name */ | |
748 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
749 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
750 AVP_TYPE_OCTETSTRING /* base type of data */ | |
751 }; | |
752 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
753 } | |
754 | |
755 /* ARAP-Password */ | |
756 { | |
757 /* | |
758 The ARAP-Password AVP (AVP Code 70) is of type OctetString and is | |
759 only present when the Framed-Protocol AVP (see section 6.10.1) is | |
760 included in the message and is set to ARAP. This AVP MUST NOT be | |
761 present if either the User-Password or the CHAP-Auth AVP is present. | |
762 See [RADIUSExt] for more information on the contents of this AVP. | |
763 */ | |
764 struct dict_avp_data data = { | |
765 70, /* Code */ | |
766 0, /* Vendor */ | |
767 "ARAP-Password", /* Name */ | |
768 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
769 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
770 AVP_TYPE_OCTETSTRING /* base type of data */ | |
771 }; | |
772 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
773 } | |
774 | |
775 /* ARAP-Challenge-Response */ | |
776 { | |
777 /* | |
778 The ARAP-Challenge-Response AVP (AVP Code 84) is of type OctetString | |
779 and is only present when the Framed-Protocol AVP (see section 6.10.1) | |
780 is included in the message and is set to ARAP. This AVP contains an | |
781 8 octet response to the dial-in client's challenge. The RADIUS | |
782 server calculates this value by taking the dial-in client's challenge | |
783 from the high-order 8 octets of the ARAP-Password AVP and performing | |
784 DES encryption on this value with the authenticating user's password | |
785 as the key. If the user's password is fewer than 8 octets in length, | |
786 the password is padded at the end with NULL octets to a length of 8 | |
787 before it is used as a key. | |
788 */ | |
789 struct dict_avp_data data = { | |
790 84, /* Code */ | |
791 0, /* Vendor */ | |
792 "ARAP-Challenge-Response", /* Name */ | |
793 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
794 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
795 AVP_TYPE_OCTETSTRING /* base type of data */ | |
796 }; | |
797 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
798 } | |
799 | |
800 /* ARAP-Security */ | |
801 { | |
802 /* | |
803 The ARAP-Security AVP (AVP Code 73) is of type Unsigned32 and MAY be | |
804 present in the AA-Answer message if the Framed-Protocol AVP (see | |
805 section 6.10.1) is set to the value of ARAP, and the Result-Code AVP | |
806 is set to DIAMETER_MULTI_ROUND_AUTH. See [RADIUSExt] for more | |
807 information on the format of this AVP. | |
808 */ | |
809 struct dict_avp_data data = { | |
810 73, /* Code */ | |
811 0, /* Vendor */ | |
812 "ARAP-Security", /* Name */ | |
813 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
814 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
815 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
816 }; | |
817 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
818 } | |
819 | |
820 /* ARAP-Security-Data */ | |
821 { | |
822 /* | |
823 The ARAP-Security-Data AVP (AVP Code 74) is of type OctetString and MAY be | |
824 present in the AA-Request or AA-Answer message if the Framed-Protocol | |
825 AVP is set to the value of ARAP, and the Result-Code AVP is set to | |
826 DIAMETER_MULTI_ROUND_AUTH. This AVP contains the security module | |
827 challenge or response associated with the ARAP Security Module | |
828 specified in ARAP-Security. | |
829 */ | |
830 struct dict_avp_data data = { | |
831 74, /* Code */ | |
832 0, /* Vendor */ | |
833 "ARAP-Security-Data", /* Name */ | |
834 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
835 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
836 AVP_TYPE_OCTETSTRING /* base type of data */ | |
837 }; | |
838 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
839 } | |
840 | |
841 /******************************** | |
842 * NAS Authorization AVPs * | |
843 ********************************/ | |
844 /* Service-Type */ | |
845 { | |
846 /* | |
847 The Service-Type AVP (AVP Code 6) is of type Enumerated and contains | |
848 the type of service the user has requested or the type of service to | |
849 be provided. One such AVP MAY be present in an authentication and/or | |
850 authorization request or response. A NAS is not required to | |
851 implement all of these service types. It MUST treat unknown or | |
852 unsupported Service-Types received in a response as a failure and end | |
853 the session with a DIAMETER_INVALID_AVP_VALUE Result-Code. | |
854 | |
855 When used in a request, the Service-Type AVP SHOULD be considered a | |
856 hint to the server that the NAS believes the user would prefer the | |
857 kind of service indicated. The server is not required to honor the | |
858 hint. Furthermore, if the service specified by the server is | |
859 supported, but not compatible with the current mode of access, the | |
860 NAS MUST fail to start the session. The NAS MUST also generate the | |
861 appropriate error message(s). | |
862 | |
863 The following values have been defined for the Service-Type AVP. The | |
864 complete list of defined values can be found in [RADIUS] and | |
865 [RADIUSTypes]. | |
866 | |
867 Registry Name: Radius Attribute Values | |
868 Reference: [RFC2865][RFC3575] | |
869 | |
870 Sub-registry: Values for RADIUS Attribute 6, Service-Type | |
871 Reference: [RFC2865][RFC3575] | |
872 | |
873 1 Login | |
874 2 Framed | |
875 3 Callback Login | |
876 4 Callback Framed | |
877 5 Outbound | |
878 6 Administrative | |
879 7 NAS Prompt | |
880 8 Authenticate Only | |
881 9 Callback NAS Prompt | |
882 10 Call Check | |
883 11 Callback Administrative | |
884 12 Voice [Chiba] | |
885 13 Fax [Chiba] | |
886 14 Modem Relay [Chiba] | |
887 15 IAPP-Register [IEEE 802.11f][Kerry] | |
888 16 IAPP-AP-Check [IEEE 802.11f][Kerry] | |
889 17 Authorize Only [RFC3576] | |
890 | |
891 The following values are further qualified: | |
892 | |
893 Login 1 | |
894 The user should be connected to a host. The message MAY | |
895 include additional AVPs defined in sections 6.16 or 6.17. | |
896 | |
897 Framed 2 | |
898 A Framed Protocol, such as PPP or SLIP, should be started for | |
899 the User. The message MAY include additional AVPs defined in | |
900 section 6.10, or section 7 for tunneling services. | |
901 | |
902 Callback Login 3 | |
903 The user should be disconnected and called back, then connected | |
904 to a host. The message MAY include additional AVPs defined in | |
905 this section. | |
906 | |
907 Callback Framed 4 | |
908 The user should be disconnected and called back, and then a | |
909 Framed Protocol, such as PPP or SLIP, should be started for the | |
910 User. The message MAY include additional AVPs defined in | |
911 section 6.10, or in section 7 for tunneling services. | |
912 | |
913 */ | |
914 struct dict_object *type; | |
915 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Service-Type)" , NULL, NULL}; | |
916 struct dict_enumval_data tvals[] = { | |
917 enumval_def_u32( 1, "Login"), | |
918 enumval_def_u32( 2, "Framed"), | |
919 enumval_def_u32( 3, "Callback Login"), | |
920 enumval_def_u32( 4, "Callback Framed"), | |
921 enumval_def_u32( 5, "Outbound"), | |
922 enumval_def_u32( 6, "Administrative"), | |
923 enumval_def_u32( 7, "NAS Prompt"), | |
924 enumval_def_u32( 8, "Authenticate Only"), | |
925 enumval_def_u32( 9, "Callback NAS Prompt"), | |
926 enumval_def_u32(10, "Call Check"), | |
927 enumval_def_u32(11, "Callback Administrative"), | |
928 enumval_def_u32(12, "Voice [Chiba]"), | |
929 enumval_def_u32(13, "Fax [Chiba]"), | |
930 enumval_def_u32(14, "Modem Relay [Chiba]"), | |
931 enumval_def_u32(15, "IAPP-Register [IEEE 802.11f][Kerry]"), | |
932 enumval_def_u32(16, "IAPP-AP-Check [IEEE 802.11f][Kerry]"), | |
933 enumval_def_u32(17, "Authorize Only [RFC3576]") | |
934 }; | |
935 struct dict_avp_data data = { | |
936 6, /* Code */ | |
937 0, /* Vendor */ | |
938 "Service-Type", /* Name */ | |
939 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
940 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
941 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
942 }; | |
943 int i; | |
944 /* Create the Enumerated type, enumerated values, and the AVP */ | |
945 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
946 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
947 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
948 } | |
949 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
950 } | |
951 | |
952 /* Callback-Number */ | |
953 { | |
954 /* | |
955 The Callback-Number AVP (AVP Code 19) is of type UTF8String and | |
956 contains a dialing string to be used for callback. It MAY be used in | |
957 an authentication and/or authorization request as a hint to the | |
958 server that a Callback service is desired, but the server is not | |
959 required to honor the hint in the corresponding response. | |
960 */ | |
961 struct dict_avp_data data = { | |
962 19, /* Code */ | |
963 0, /* Vendor */ | |
964 "Callback-Number", /* Name */ | |
965 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
966 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
967 AVP_TYPE_OCTETSTRING /* base type of data */ | |
968 }; | |
969 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
970 } | |
971 | |
972 /* Callback-Id */ | |
973 { | |
974 /* | |
975 The Callback-Id AVP (AVP Code 20) is of type UTF8String and contains | |
976 the name of a place to be called, to be interpreted by the NAS. This | |
977 AVP MAY be present in an authentication and/or authorization | |
978 response. | |
979 | |
980 This AVP is not roaming-friendly as it assumes that the Callback-Id | |
981 is configured on the NAS. Using the Callback-Number AVP therefore | |
982 preferable. | |
983 */ | |
984 struct dict_avp_data data = { | |
985 20, /* Code */ | |
986 0, /* Vendor */ | |
987 "Callback-Id", /* Name */ | |
988 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
989 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
990 AVP_TYPE_OCTETSTRING /* base type of data */ | |
991 }; | |
992 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
993 } | |
994 | |
995 /* Idle-Timeout */ | |
996 { | |
997 /* | |
998 The Idle-Timeout AVP (AVP Code 28) is of type Unsigned32 and sets the | |
999 maximum number of consecutive seconds of idle connection allowable to | |
1000 the user before termination of the session or before a prompt is | |
1001 issued. The default is none, or system specific. | |
1002 */ | |
1003 struct dict_avp_data data = { | |
1004 28, /* Code */ | |
1005 0, /* Vendor */ | |
1006 "Idle-Timeout", /* Name */ | |
1007 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1008 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1009 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1010 }; | |
1011 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1012 } | |
1013 | |
1014 /* Port-Limit */ | |
1015 { | |
1016 /* | |
1017 The Port-Limit AVP (AVP Code 62) is of type Unsigned32 and sets the | |
1018 maximum number of ports the NAS provides to the user. It MAY be used | |
1019 in an authentication and/or authorization request as a hint to the | |
1020 server that multilink PPP [PPPMP] service is desired, but the server | |
1021 is not required to honor the hint in the corresponding response. | |
1022 */ | |
1023 struct dict_avp_data data = { | |
1024 62, /* Code */ | |
1025 0, /* Vendor */ | |
1026 "Port-Limit", /* Name */ | |
1027 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1028 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1029 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1030 }; | |
1031 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1032 } | |
1033 | |
1034 /* NAS-Filter-Rule */ | |
1035 { | |
1036 /* | |
1037 The NAS-Filter-Rule AVP (AVP Code 400) is of type IPFilterRule and | |
1038 provides filter rules that need to be configured on the NAS for the | |
1039 user. One or more of these AVPs MAY be present in an authorization | |
1040 response. | |
1041 */ | |
1042 struct dict_avp_data data = { | |
1043 400, /* Code */ | |
1044 0, /* Vendor */ | |
1045 "NAS-Filter-Rule", /* Name */ | |
1046 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1047 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1048 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1049 }; | |
1050 CHECK_dict_new( DICT_AVP, &data , IPFilterRule_type, NULL); | |
1051 } | |
1052 | |
1053 /* Filter-Id */ | |
1054 { | |
1055 /* | |
1056 The Filter-Id AVP (AVP Code 11) is of type UTF8String and contains | |
1057 the name of the filter list for this user. Zero or more Filter-Id | |
1058 AVPs MAY be sent in an authorization answer. | |
1059 | |
1060 Identifying a filter list by name allows the filter to be used on | |
1061 different NASes without regard to filter-list implementation details. | |
1062 However, this AVP is not roaming friendly, as filter naming differs | |
1063 from one service provider to another. | |
1064 | |
1065 In non-RADIUS environments, it is RECOMMENDED that the NAS-Filter- | |
1066 Rule AVP be used instead. | |
1067 */ | |
1068 struct dict_avp_data data = { | |
1069 11, /* Code */ | |
1070 0, /* Vendor */ | |
1071 "Filter-Id", /* Name */ | |
1072 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1073 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1074 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1075 }; | |
1076 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1077 } | |
1078 | |
1079 /* Configuration-Token */ | |
1080 { | |
1081 /* | |
1082 The Configuration-Token AVP (AVP Code 78) is of type OctetString and | |
1083 is sent by a Diameter Server to a Diameter Proxy Agent or Translation | |
1084 Agent in an AA-Answer command to indicate a type of user profile to | |
1085 be used. It should not be sent to a Diameter Client (NAS). | |
1086 | |
1087 The format of the Data field of this AVP is site specific. | |
1088 */ | |
1089 struct dict_avp_data data = { | |
1090 78, /* Code */ | |
1091 0, /* Vendor */ | |
1092 "Configuration-Token", /* Name */ | |
1093 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1094 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1095 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1096 }; | |
1097 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1098 } | |
1099 | |
1100 /* QoS-Filter-Rule */ | |
1101 { | |
1102 /* | |
1103 The QoS-Filter-Rule AVP (AVP Code 407) is of type QoSFilterRule and | |
1104 provides QoS filter rules that need to be configured on the NAS for | |
1105 the user. One or more such AVPs MAY be present in an authorization | |
1106 response. | |
1107 */ | |
1108 struct dict_avp_data data = { | |
1109 407, /* Code */ | |
1110 0, /* Vendor */ | |
1111 "QoS-Filter-Rule", /* Name */ | |
1112 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1113 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1114 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1115 }; | |
1116 CHECK_dict_new( DICT_AVP, &data , QoSFilterRule_type, NULL); | |
1117 } | |
1118 | |
1119 /*** Framed Access Authorization AVPs ***/ | |
1120 | |
1121 /* Framed-Protocol */ | |
1122 { | |
1123 /* | |
1124 The Framed-Protocol AVP (AVP Code 7) is of type Enumerated and | |
1125 contains the framing to be used for framed access. This AVP MAY be | |
1126 present in both requests and responses. The supported values are | |
1127 listed in [RADIUSTypes]. | |
1128 | |
1129 Sub-registry: Values for RADIUS Attribute 7, Framed-Protocol | |
1130 Reference: [RFC2865] | |
1131 */ | |
1132 struct dict_object *type; | |
1133 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Protocol)" , NULL, NULL}; | |
1134 struct dict_enumval_data tvals[] = { | |
1135 enumval_def_u32( 1, "PPP"), | |
1136 enumval_def_u32( 2, "SLIP"), | |
1137 enumval_def_u32( 3, "AppleTalk Remote Access Protocol (ARAP)"), | |
1138 enumval_def_u32( 4, "Gandalf proprietary SingleLink/MultiLink protocol"), | |
1139 enumval_def_u32( 5, "Xylogics proprietary IPX/SLIP"), | |
1140 enumval_def_u32( 6, "X.75 Synchronous"), | |
1141 enumval_def_u32( 7, "GPRS PDP Context [Moore]") | |
1142 }; | |
1143 struct dict_avp_data data = { | |
1144 7, /* Code */ | |
1145 0, /* Vendor */ | |
1146 "Framed-Protocol", /* Name */ | |
1147 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1148 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1149 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1150 }; | |
1151 int i; | |
1152 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1153 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1154 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1155 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1156 } | |
1157 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1158 } | |
1159 | |
1160 /* Framed-Routing */ | |
1161 { | |
1162 /* | |
1163 The Framed-Routing AVP (AVP Code 10) is of type Enumerated and | |
1164 contains the routing method for the user when the user is a router to | |
1165 a network. This AVP SHOULD only be present in authorization | |
1166 responses. The supported values are listed in [RADIUSTypes]. | |
1167 | |
1168 Sub-registry: Values for RADIUS Attribute 10, Framed-Routing | |
1169 Reference: [RFC2865] | |
1170 */ | |
1171 struct dict_object *type; | |
1172 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Routing)" , NULL, NULL}; | |
1173 struct dict_enumval_data tvals[] = { | |
1174 enumval_def_u32( 0, "None"), | |
1175 enumval_def_u32( 1, "Send routing packets"), | |
1176 enumval_def_u32( 2, "Listen for routing packets"), | |
1177 enumval_def_u32( 3, "Send and Listen") | |
1178 }; | |
1179 struct dict_avp_data data = { | |
1180 10, /* Code */ | |
1181 0, /* Vendor */ | |
1182 "Framed-Routing", /* Name */ | |
1183 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1184 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1185 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1186 }; | |
1187 int i; | |
1188 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1189 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1190 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1191 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1192 } | |
1193 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1194 } | |
1195 | |
1196 /* Framed-MTU */ | |
1197 { | |
1198 /* | |
1199 The Framed-MTU AVP (AVP Code 12) is of type Unsigned32 and contains | |
1200 the Maximum Transmission Unit to be configured for the user, when it | |
1201 is not negotiated by some other means (such as PPP). This AVP SHOULD | |
1202 only be present in authorization responses. The MTU value MUST be in | |
1203 the range from 64 to 65535. | |
1204 */ | |
1205 struct dict_avp_data data = { | |
1206 12, /* Code */ | |
1207 0, /* Vendor */ | |
1208 "Framed-MTU", /* Name */ | |
1209 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1210 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1211 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1212 }; | |
1213 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1214 } | |
1215 | |
1216 /* Framed-Compression */ | |
1217 { | |
1218 /* | |
1219 The Framed-Compression AVP (AVP Code 13) is of type Enumerated and | |
1220 contains the compression protocol to be used for the link. It MAY be | |
1221 used in an authorization request as a hint to the server that a | |
1222 specific compression type is desired, but the server is not required | |
1223 to honor the hint in the corresponding response. | |
1224 | |
1225 More than one compression protocol AVP MAY be sent. The NAS is | |
1226 responsible for applying the proper compression protocol to the | |
1227 appropriate link traffic. | |
1228 | |
1229 The supported values are listed in [RADIUSTypes]. | |
1230 Sub-registry: Values for RADIUS Attribute 13, Framed-Compression | |
1231 Reference: [RFC2865] | |
1232 */ | |
1233 struct dict_object *type; | |
1234 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Compression)" , NULL, NULL}; | |
1235 struct dict_enumval_data tvals[] = { | |
1236 enumval_def_u32( 0, "None"), | |
1237 enumval_def_u32( 1, "VJ TCP/IP header compression"), | |
1238 enumval_def_u32( 2, "IPX header compression"), | |
1239 enumval_def_u32( 3, "Stac-LZS compression") | |
1240 }; | |
1241 struct dict_avp_data data = { | |
1242 13, /* Code */ | |
1243 0, /* Vendor */ | |
1244 "Framed-Compression", /* Name */ | |
1245 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1246 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1247 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1248 }; | |
1249 int i; | |
1250 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1251 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1252 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1253 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1254 } | |
1255 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1256 } | |
1257 | |
1258 /*** IP Access Authorization AVPs ***/ | |
1259 | |
1260 /* Framed-IP-Address */ | |
1261 { | |
1262 /* | |
1263 The Framed-IP-Address AVP (AVP Code 8) [RADIUS] is of type | |
1264 OctetString and contains an IPv4 address of the type specified in the | |
1265 attribute value to be configured for the user. It MAY be used in an | |
1266 authorization request as a hint to the server that a specific address | |
1267 is desired, but the server is not required to honor the hint in the | |
1268 corresponding response. | |
1269 | |
1270 Two values have special significance: 0xFFFFFFFF and 0xFFFFFFFE. The | |
1271 value 0xFFFFFFFF indicates that the NAS should allow the user to | |
1272 select an address (i.e., negotiated). The value 0xFFFFFFFE indicates | |
1273 that the NAS should select an address for the user (e.g., assigned | |
1274 from a pool of addresses kept by the NAS). | |
1275 */ | |
1276 struct dict_avp_data data = { | |
1277 8, /* Code */ | |
1278 0, /* Vendor */ | |
1279 "Framed-IP-Address", /* Name */ | |
1280 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1281 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1282 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1283 }; | |
1284 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1285 } | |
1286 | |
1287 /* Framed-IP-Netmask */ | |
1288 { | |
1289 /* | |
1290 The Framed-IP-Netmask AVP (AVP Code 9) is of type OctetString and | |
1291 contains the four octets of the IPv4 netmask to be configured for the | |
1292 user when the user is a router to a network. It MAY be used in an | |
1293 authorization request as a hint to the server that a specific netmask | |
1294 is desired, but the server is not required to honor the hint in the | |
1295 corresponding response. This AVP MUST be present in a response if | |
1296 the request included this AVP with a value of 0xFFFFFFFF. | |
1297 */ | |
1298 struct dict_avp_data data = { | |
1299 9, /* Code */ | |
1300 0, /* Vendor */ | |
1301 "Framed-IP-Netmask", /* Name */ | |
1302 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1303 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1304 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1305 }; | |
1306 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1307 } | |
1308 | |
1309 /* Framed-Route */ | |
1310 { | |
1311 /* | |
1312 The Framed-Route AVP (AVP Code 22) is of type UTF8String and contains | |
1313 the ASCII routing information to be configured for the user on the | |
1314 NAS. Zero or more of these AVPs MAY be present in an authorization | |
1315 response. | |
1316 | |
1317 The string MUST contain a destination prefix in dotted quad form | |
1318 optionally followed by a slash and a decimal length specifier stating | |
1319 how many high-order bits of the prefix should be used. This is | |
1320 followed by a space, a gateway address in dotted quad form, a space, | |
1321 and one or more metrics separated by spaces; for example, | |
1322 | |
1323 "192.168.1.0/24 192.168.1.1 1". | |
1324 | |
1325 The length specifier may be omitted, in which case it should default | |
1326 to 8 bits for class A prefixes, to 16 bits for class B prefixes, and | |
1327 to 24 bits for class C prefixes; for example, | |
1328 | |
1329 "192.168.1.0 192.168.1.1 1". | |
1330 | |
1331 Whenever the gateway address is specified as "0.0.0.0" the IP address | |
1332 of the user SHOULD be used as the gateway address. | |
1333 */ | |
1334 struct dict_avp_data data = { | |
1335 22, /* Code */ | |
1336 0, /* Vendor */ | |
1337 "Framed-Route", /* Name */ | |
1338 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1339 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1340 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1341 }; | |
1342 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1343 } | |
1344 | |
1345 /* Framed-Pool */ | |
1346 { | |
1347 /* | |
1348 The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains | |
1349 the name of an assigned address pool that SHOULD be used to assign an | |
1350 address for the user. If a NAS does not support multiple address | |
1351 pools, the NAS SHOULD ignore this AVP. Address pools are usually | |
1352 used for IP addresses but can be used for other protocols if the NAS | |
1353 supports pools for those protocols. | |
1354 | |
1355 Although specified as type OctetString for compatibility with RADIUS | |
1356 [RADIUSExt], the encoding of the Data field SHOULD also conform to | |
1357 the rules for the UTF8String Data Format. | |
1358 */ | |
1359 struct dict_avp_data data = { | |
1360 88, /* Code */ | |
1361 0, /* Vendor */ | |
1362 "Framed-Pool", /* Name */ | |
1363 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1364 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1365 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1366 }; | |
1367 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1368 } | |
1369 | |
1370 /* Framed-Interface-Id */ | |
1371 { | |
1372 /* | |
1373 The Framed-Interface-Id AVP (AVP Code 96) is of type Unsigned64 and | |
1374 contains the IPv6 interface identifier to be configured for the user. | |
1375 It MAY be used in authorization requests as a hint to the server that | |
1376 a specific interface id is desired, but the server is not required to | |
1377 honor the hint in the corresponding response. | |
1378 */ | |
1379 struct dict_avp_data data = { | |
1380 96, /* Code */ | |
1381 0, /* Vendor */ | |
1382 "Framed-Interface-Id", /* Name */ | |
1383 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1384 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1385 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
1386 }; | |
1387 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1388 } | |
1389 | |
1390 /* Framed-IPv6-Prefix */ | |
1391 { | |
1392 /* | |
1393 The Framed-IPv6-Prefix AVP (AVP Code 97) is of type OctetString and | |
1394 contains the IPv6 prefix to be configured for the user. One or more | |
1395 AVPs MAY be used in authorization requests as a hint to the server | |
1396 that specific IPv6 prefixes are desired, but the server is not | |
1397 required to honor the hint in the corresponding response. | |
1398 */ | |
1399 struct dict_avp_data data = { | |
1400 97, /* Code */ | |
1401 0, /* Vendor */ | |
1402 "Framed-IPv6-Prefix", /* Name */ | |
1403 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1404 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1405 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1406 }; | |
1407 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1408 } | |
1409 | |
1410 /* Framed-IPv6-Route */ | |
1411 { | |
1412 /* | |
1413 The Framed-IPv6-Route AVP (AVP Code 99) is of type UTF8String and | |
1414 contains the ASCII routing information to be configured for the user | |
1415 on the NAS. Zero or more of these AVPs MAY be present in an | |
1416 authorization response. | |
1417 | |
1418 The string MUST contain an IPv6 address prefix followed by a slash | |
1419 and a decimal length specifier stating how many high order bits of | |
1420 the prefix should be used. This is followed by a space, a gateway | |
1421 address in hexadecimal notation, a space, and one or more metrics | |
1422 separated by spaces; for example, | |
1423 | |
1424 "2000:0:0:106::/64 2000::106:a00:20ff:fe99:a998 1". | |
1425 | |
1426 Whenever the gateway address is the IPv6 unspecified address, the IP | |
1427 address of the user SHOULD be used as the gateway address, such as | |
1428 in: | |
1429 | |
1430 "2000:0:0:106::/64 :: 1". | |
1431 */ | |
1432 struct dict_avp_data data = { | |
1433 99, /* Code */ | |
1434 0, /* Vendor */ | |
1435 "Framed-IPv6-Route", /* Name */ | |
1436 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1437 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1438 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1439 }; | |
1440 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1441 } | |
1442 | |
1443 /* Framed-IPv6-Pool */ | |
1444 { | |
1445 /* | |
1446 The Framed-IPv6-Pool AVP (AVP Code 100) is of type OctetString and | |
1447 contains the name of an assigned pool that SHOULD be used to assign | |
1448 an IPv6 prefix for the user. If the access device does not support | |
1449 multiple prefix pools, it MUST ignore this AVP. | |
1450 | |
1451 Although specified as type OctetString for compatibility with RADIUS | |
1452 [RADIUSIPv6], the encoding of the Data field SHOULD also conform to | |
1453 the rules for the UTF8String Data Format. | |
1454 */ | |
1455 struct dict_avp_data data = { | |
1456 100, /* Code */ | |
1457 0, /* Vendor */ | |
1458 "Framed-IPv6-Pool", /* Name */ | |
1459 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1460 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1461 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1462 }; | |
1463 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1464 } | |
1465 | |
1466 /*** IPX Access ***/ | |
1467 | |
1468 /* Framed-IPX-Network */ | |
1469 { | |
1470 /* | |
1471 The Framed-IPX-Network AVP (AVP Code 23) is of type Unsigned32 and | |
1472 contains the IPX Network number to be configured for the user. It | |
1473 MAY be used in an authorization request as a hint to the server that | |
1474 a specific address is desired, but the server is not required to | |
1475 honor the hint in the corresponding response. | |
1476 | |
1477 Two addresses have special significance: 0xFFFFFFFF and 0xFFFFFFFE. | |
1478 The value 0xFFFFFFFF indicates that the NAS should allow the user to | |
1479 select an address (i.e., Negotiated). The value 0xFFFFFFFE indicates | |
1480 that the NAS should select an address for the user (e.g., assign it | |
1481 from a pool of one or more IPX networks kept by the NAS). | |
1482 */ | |
1483 struct dict_avp_data data = { | |
1484 23, /* Code */ | |
1485 0, /* Vendor */ | |
1486 "Framed-IPX-Network", /* Name */ | |
1487 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1488 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1489 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1490 }; | |
1491 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1492 } | |
1493 | |
1494 /*** AppleTalk Network Access ***/ | |
1495 | |
1496 /* Framed-AppleTalk-Link */ | |
1497 { | |
1498 /* | |
1499 The Framed-AppleTalk-Link AVP (AVP Code 37) is of type Unsigned32 and | |
1500 contains the AppleTalk network number that should be used for the | |
1501 serial link to the user, which is another AppleTalk router. This AVP | |
1502 MUST only be present in an authorization response and is never used | |
1503 when the user is not another router. | |
1504 | |
1505 Despite the size of the field, values range from 0 to 65,535. The | |
1506 special value of 0 indicates an unnumbered serial link. A value of 1 | |
1507 to 65,535 means that the serial line between the NAS and the user | |
1508 should be assigned that value as an AppleTalk network number. | |
1509 */ | |
1510 struct dict_avp_data data = { | |
1511 37, /* Code */ | |
1512 0, /* Vendor */ | |
1513 "Framed-AppleTalk-Link", /* Name */ | |
1514 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1515 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1516 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1517 }; | |
1518 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1519 } | |
1520 | |
1521 /* Framed-AppleTalk-Network */ | |
1522 { | |
1523 /* | |
1524 The Framed-AppleTalk-Network AVP (AVP Code 38) is of type Unsigned32 | |
1525 and contains the AppleTalk Network number that the NAS should probe | |
1526 to allocate an AppleTalk node for the user. This AVP MUST only be | |
1527 present in an authorization response and is never used when the user | |
1528 is not another router. Multiple instances of this AVP indicate that | |
1529 the NAS may probe, using any of the network numbers specified. | |
1530 | |
1531 Despite the size of the field, values range from 0 to 65,535. The | |
1532 special value 0 indicates that the NAS should assign a network for | |
1533 the user, using its default cable range. A value between 1 and | |
1534 65,535 (inclusive) indicates to the AppleTalk Network that the NAS | |
1535 should probe to find an address for the user. | |
1536 */ | |
1537 struct dict_avp_data data = { | |
1538 38, /* Code */ | |
1539 0, /* Vendor */ | |
1540 "Framed-AppleTalk-Network", /* Name */ | |
1541 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1542 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1543 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1544 }; | |
1545 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1546 } | |
1547 | |
1548 /* Framed-AppleTalk-Zone */ | |
1549 { | |
1550 /* | |
1551 The Framed-AppleTalk-Zone AVP (AVP Code 39) is of type OctetString | |
1552 and contains the AppleTalk Default Zone to be used for this user. | |
1553 This AVP MUST only be present in an authorization response. Multiple | |
1554 instances of this AVP in the same message are not allowed. | |
1555 | |
1556 The codification of this field's allowed range is outside the scope | |
1557 of this specification. | |
1558 */ | |
1559 struct dict_avp_data data = { | |
1560 39, /* Code */ | |
1561 0, /* Vendor */ | |
1562 "Framed-AppleTalk-Zone", /* Name */ | |
1563 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1564 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1565 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1566 }; | |
1567 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1568 } | |
1569 | |
1570 /*** AppleTalk Remote Access [RFC2869] ***/ | |
1571 | |
1572 /* ARAP-Features */ | |
1573 { | |
1574 /* | |
1575 The ARAP-Features AVP (AVP Code 71) is of type OctetString and MAY be | |
1576 present in the AA-Accept message if the Framed-Protocol AVP is set to | |
1577 the value of ARAP. See [RADIUSExt] for more information about the | |
1578 format of this AVP. | |
1579 */ | |
1580 struct dict_avp_data data = { | |
1581 71, /* Code */ | |
1582 0, /* Vendor */ | |
1583 "ARAP-Features", /* Name */ | |
1584 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1585 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1586 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1587 }; | |
1588 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1589 } | |
1590 | |
1591 /* ARAP-Zone-Access */ | |
1592 { | |
1593 /* | |
1594 The ARAP-Zone-Access AVP (AVP Code 72) is of type Enumerated and MAY | |
1595 be present in the AA-Accept message if the Framed-Protocol AVP is set | |
1596 to the value of ARAP. | |
1597 | |
1598 The supported values are listed in [RADIUSTypes] and defined in | |
1599 [RADIUSExt]. | |
1600 Sub-registry: Values for RADIUS Attribute 72, ARAP-Zone-Access | |
1601 Reference: [RFC2869] | |
1602 */ | |
1603 struct dict_object *type; | |
1604 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(ARAP-Zone-Access)" , NULL, NULL}; | |
1605 struct dict_enumval_data tvals[] = { | |
1606 enumval_def_u32( 1, "Only allow access to default zone [RFC2869]"), | |
1607 enumval_def_u32( 2, "Use zone filter inclusively [RFC2869]"), | |
1608 enumval_def_u32( 3, "Not used [RFC2869]"), | |
1609 enumval_def_u32( 4, "Use zone filter exclusively [RFC2869]") | |
1610 }; | |
1611 struct dict_avp_data data = { | |
1612 72, /* Code */ | |
1613 0, /* Vendor */ | |
1614 "ARAP-Zone-Access", /* Name */ | |
1615 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1616 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1617 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1618 }; | |
1619 int i; | |
1620 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1621 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1622 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1623 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1624 } | |
1625 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1626 } | |
1627 | |
1628 /*** Non-Framed Access Authorization AVPs ***/ | |
1629 | |
1630 /* Login-IP-Host */ | |
1631 { | |
1632 /* | |
1633 The Login-IP-Host AVP (AVP Code 14) [RADIUS] is of type OctetString | |
1634 and contains the IPv4 address of a host with which to connect the | |
1635 user when the Login-Service AVP is included. It MAY be used in an | |
1636 AA-Request command as a hint to the Diameter Server that a specific | |
1637 host is desired, but the Diameter Server is not required to honor the | |
1638 hint in the AA-Answer. | |
1639 | |
1640 Two addresses have special significance: all ones and 0. The value | |
1641 of all ones indicates that the NAS SHOULD allow the user to select an | |
1642 address. The value 0 indicates that the NAS SHOULD select a host to | |
1643 connect the user to. | |
1644 */ | |
1645 struct dict_object *type; | |
1646 uint32_t allzeros = 0; | |
1647 uint32_t allones = (uint32_t) -1; | |
1648 struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated(Login-IP-Host)" , NULL, NULL}; | |
1649 struct dict_enumval_data tvals[] = { | |
1650 enumval_def_os( 4, &allzeros, "(0) NAS selects the host"), | |
1651 enumval_def_os( 4, &allones , "(1) User selects the address") | |
1652 }; | |
1653 struct dict_avp_data data = { | |
1654 14, /* Code */ | |
1655 0, /* Vendor */ | |
1656 "Login-IP-Host", /* Name */ | |
1657 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1658 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1659 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1660 }; | |
1661 int i; | |
1662 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1663 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1664 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1665 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1666 } | |
1667 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1668 } | |
1669 | |
1670 /* Login-IPv6-Host */ | |
1671 { | |
1672 /* | |
1673 The Login-IPv6-Host AVP (AVP Code 98) [RADIUSIPv6] is of type | |
1674 OctetString and contains the IPv6 address of a host with which to | |
1675 connect the user when the Login-Service AVP is included. It MAY be | |
1676 used in an AA-Request command as a hint to the Diameter Server that a | |
1677 specific host is desired, but the Diameter Server is not required to | |
1678 honor the hint in the AA-Answer. | |
1679 | |
1680 Two addresses have special significance: | |
1681 | |
1682 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF and 0. The value | |
1683 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF indicates that the NAS SHOULD | |
1684 allow the user to select an address. The value 0 indicates that the | |
1685 NAS SHOULD select a host to connect the user to. | |
1686 | |
1687 */ | |
1688 struct dict_object *type; | |
1689 unsigned char allzeros[16]; | |
1690 unsigned char allones[16]; | |
1691 struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated(Login-IPv6-Host)" , NULL, NULL}; | |
1692 struct dict_enumval_data tvals[] = { | |
1693 enumval_def_os( 16, &allzeros, "(0) NAS selects the host"), | |
1694 enumval_def_os( 16, &allones , "(1) User selects the address") | |
1695 }; | |
1696 struct dict_avp_data data = { | |
1697 98, /* Code */ | |
1698 0, /* Vendor */ | |
1699 "Login-IPv6-Host", /* Name */ | |
1700 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1701 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1702 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1703 }; | |
1704 int i; | |
1705 memset(allzeros, 0, sizeof(allzeros)); | |
1706 memset(allones, 0xff, sizeof(allones)); | |
1707 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1708 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1709 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1710 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1711 } | |
1712 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1713 } | |
1714 | |
1715 /* Login-Service */ | |
1716 { | |
1717 /* | |
1718 The Login-Service AVP (AVP Code 15) is of type Enumerated and | |
1719 contains the service that should be used to connect the user to the | |
1720 login host. This AVP SHOULD only be present in authorization | |
1721 responses. | |
1722 | |
1723 The supported values are listed in [RADIUSTypes]. | |
1724 Sub-registry: Values for RADIUS Attribute 15, Login-Service | |
1725 Reference: [RFC2865] | |
1726 */ | |
1727 struct dict_object *type; | |
1728 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Login-Service)" , NULL, NULL}; | |
1729 struct dict_enumval_data tvals[] = { | |
1730 enumval_def_u32( 0, "Telnet"), | |
1731 enumval_def_u32( 1, "Rlogin"), | |
1732 enumval_def_u32( 2, "TCP Clear"), | |
1733 enumval_def_u32( 3, "PortMaster (proprietary)"), | |
1734 enumval_def_u32( 4, "LAT"), | |
1735 enumval_def_u32( 5, "X25-PAD"), | |
1736 enumval_def_u32( 6, "X25-T3POS"), | |
1737 enumval_def_u32( 8, "TCP Clear Quiet (suppresses any NAS-generated connect string)") | |
1738 }; | |
1739 struct dict_avp_data data = { | |
1740 15, /* Code */ | |
1741 0, /* Vendor */ | |
1742 "Login-Service", /* Name */ | |
1743 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1744 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1745 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1746 }; | |
1747 int i; | |
1748 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1749 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1750 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1751 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1752 } | |
1753 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1754 } | |
1755 | |
1756 /*** TCP Services ***/ | |
1757 | |
1758 /* Login-TCP-Port */ | |
1759 { | |
1760 /* | |
1761 The Login-TCP-Port AVP (AVP Code 16) is of type Unsigned32 and | |
1762 contains the TCP port with which the user is to be connected when the | |
1763 Login-Service AVP is also present. This AVP SHOULD only be present | |
1764 in authorization responses. The value MUST NOT be greater than | |
1765 65,535. | |
1766 */ | |
1767 struct dict_avp_data data = { | |
1768 16, /* Code */ | |
1769 0, /* Vendor */ | |
1770 "Login-TCP-Port", /* Name */ | |
1771 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1772 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1773 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1774 }; | |
1775 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1776 } | |
1777 | |
1778 /*** LAT Services ***/ | |
1779 | |
1780 /* Login-LAT-Service */ | |
1781 { | |
1782 /* | |
1783 The Login-LAT-Service AVP (AVP Code 34) is of type OctetString and | |
1784 contains the system with which the user is to be connected by LAT. | |
1785 It MAY be used in an authorization request as a hint to the server | |
1786 that a specific service is desired, but the server is not required to | |
1787 honor the hint in the corresponding response. This AVP MUST only be | |
1788 present in the response if the Login-Service AVP states that LAT is | |
1789 desired. | |
1790 | |
1791 Administrators use this service attribute when dealing with clustered | |
1792 systems, such as a VAX or Alpha cluster. In these environments, | |
1793 several different time-sharing hosts share the same resources (disks, | |
1794 printers, etc.), and administrators often configure each host to | |
1795 offer access (service) to each of the shared resources. In this | |
1796 case, each host in the cluster advertises its services through LAT | |
1797 broadcasts. | |
1798 | |
1799 Sophisticated users often know which service providers (machines) are | |
1800 faster and tend to use a node name when initiating a LAT connection. | |
1801 Some administrators want particular users to use certain machines as | |
1802 a primitive form of load balancing (although LAT knows how to do load | |
1803 balancing itself). | |
1804 | |
1805 The String field contains the identity of the LAT service to use. | |
1806 The LAT Architecture allows this string to contain $ (dollar), - | |
1807 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase | |
1808 alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. | |
1809 All LAT string comparisons are case insensitive. | |
1810 */ | |
1811 struct dict_avp_data data = { | |
1812 34, /* Code */ | |
1813 0, /* Vendor */ | |
1814 "Login-LAT-Service", /* Name */ | |
1815 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1816 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1817 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1818 }; | |
1819 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1820 } | |
1821 | |
1822 /* Login-LAT-Node */ | |
1823 { | |
1824 /* | |
1825 The Login-LAT-Node AVP (AVP Code 35) is of type OctetString and | |
1826 contains the Node with which the user is to be automatically | |
1827 connected by LAT. It MAY be used in an authorization request as a | |
1828 hint to the server that a specific LAT node is desired, but the | |
1829 server is not required to honor the hint in the corresponding | |
1830 response. This AVP MUST only be present in a response if the Login- | |
1831 Service-Type AVP is set to LAT. | |
1832 | |
1833 The String field contains the identity of the LAT service to use. | |
1834 The LAT Architecture allows this string to contain $ (dollar), - | |
1835 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase | |
1836 alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. | |
1837 All LAT string comparisons are case insensitive. | |
1838 */ | |
1839 struct dict_avp_data data = { | |
1840 35, /* Code */ | |
1841 0, /* Vendor */ | |
1842 "Login-LAT-Node", /* Name */ | |
1843 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1844 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1845 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1846 }; | |
1847 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1848 } | |
1849 | |
1850 /* Login-LAT-Group */ | |
1851 { | |
1852 /* | |
1853 The Login-LAT-Group AVP (AVP Code 36) is of type OctetString and | |
1854 contains a string identifying the LAT group codes this user is | |
1855 authorized to use. It MAY be used in an authorization request as a | |
1856 hint to the server that a specific group is desired, but the server | |
1857 is not required to honor the hint in the corresponding response. | |
1858 This AVP MUST only be present in a response if the Login-Service-Type | |
1859 AVP is set to LAT. | |
1860 | |
1861 LAT supports 256 different group codes, which LAT uses as a form of | |
1862 access rights. LAT encodes the group codes as a 256-bit bitmap. | |
1863 | |
1864 Administrators can assign one or more of the group code bits at the | |
1865 LAT service provider; it will only accept LAT connections that have | |
1866 these group codes set in the bitmap. The administrators assign a | |
1867 bitmap of authorized group codes to each user. LAT gets these from | |
1868 the operating system and uses them in its requests to the service | |
1869 providers. | |
1870 | |
1871 The codification of the range of allowed usage of this field is | |
1872 outside the scope of this specification. | |
1873 */ | |
1874 struct dict_avp_data data = { | |
1875 36, /* Code */ | |
1876 0, /* Vendor */ | |
1877 "Login-LAT-Group", /* Name */ | |
1878 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1879 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1880 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1881 }; | |
1882 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1883 } | |
1884 | |
1885 /* Login-LAT-Port */ | |
1886 { | |
1887 /* | |
1888 The Login-LAT-Port AVP (AVP Code 63) is of type OctetString and | |
1889 contains the Port with which the user is to be connected by LAT. It | |
1890 MAY be used in an authorization request as a hint to the server that | |
1891 a specific port is desired, but the server is not required to honor | |
1892 the hint in the corresponding response. This AVP MUST only be | |
1893 present in a response if the Login-Service-Type AVP is set to LAT. | |
1894 | |
1895 The String field contains the identity of the LAT service to use. | |
1896 The LAT Architecture allows this string to contain $ (dollar), - | |
1897 (hyphen), . (period), _ (underscore), numerics, upper- and lower-case | |
1898 alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. | |
1899 All LAT string comparisons are case insensitive. | |
1900 */ | |
1901 struct dict_avp_data data = { | |
1902 63, /* Code */ | |
1903 0, /* Vendor */ | |
1904 "Login-LAT-Port", /* Name */ | |
1905 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1906 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1907 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1908 }; | |
1909 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1910 } | |
1911 | |
1912 /******************************** | |
1913 * NAS Tunneling AVPs * | |
1914 ********************************/ | |
1915 /* Tunnel-Type */ | |
1916 { | |
1917 /* | |
1918 The Tunnel-Type AVP (AVP Code 64) is of type Enumerated and contains | |
1919 the tunneling protocol(s) to be used (in the case of a tunnel | |
1920 initiator) or in use (in the case of a tunnel terminator). It MAY be | |
1921 used in an authorization request as a hint to the server that a | |
1922 specific tunnel type is desired, but the server is not required to | |
1923 honor the hint in the corresponding response. | |
1924 | |
1925 The Tunnel-Type AVP SHOULD also be included in Accounting-Request | |
1926 messages. | |
1927 | |
1928 A tunnel initiator is not required to implement any of these tunnel | |
1929 types. If a tunnel initiator receives a response that contains only | |
1930 unknown or unsupported Tunnel-Types, the tunnel initiator MUST behave | |
1931 as though a response were received with the Result-Code indicating a | |
1932 failure. | |
1933 | |
1934 The supported values are listed in [RADIUSTypes]. | |
1935 Sub-registry: Values for RADIUS Attribute 64, Tunnel-Type | |
1936 Reference: [RFC2868] | |
1937 */ | |
1938 struct dict_object *type; | |
1939 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Type)" , NULL, NULL}; | |
1940 struct dict_enumval_data tvals[] = { | |
1941 enumval_def_u32( 1, "Point-to-Point Tunneling Protocol (PPTP) [RFC2868]"), | |
1942 enumval_def_u32( 2, "Layer Two Forwarding (L2F) [RFC2868]"), | |
1943 enumval_def_u32( 3, "Layer Two Tunneling Protocol (L2TP) [RFC2868]"), | |
1944 enumval_def_u32( 4, "Ascend Tunnel Management Protocol (ATMP) [RFC2868]"), | |
1945 enumval_def_u32( 5, "Virtual Tunneling Protocol (VTP) [RFC2868]"), | |
1946 enumval_def_u32( 6, "IP Authentication Header in the Tunnel-mode (AH) [RFC2868]"), | |
1947 enumval_def_u32( 7, "IP-in-IP Encapsulation (IP-IP) [RFC2868]"), | |
1948 enumval_def_u32( 8, "Minimal IP-in-IP Encapsulation (MIN-IP-IP) [RFC2868]"), | |
1949 enumval_def_u32( 9, "IP Encapsulating Security Payload in the Tunnel-mode (ESP) [RFC2868]"), | |
1950 enumval_def_u32(10, "Generic Route Encapsulation (GRE) [RFC2868]"), | |
1951 enumval_def_u32(11, "Bay Dial Virtual Services (DVS) [RFC2868]"), | |
1952 enumval_def_u32(12, "IP-in-IP Tunneling [RFC2868]"), | |
1953 enumval_def_u32(13, "Virtual LANs (VLAN) [RFC3580]") | |
1954 }; | |
1955 struct dict_avp_data adata = { | |
1956 64, /* Code */ | |
1957 0, /* Vendor */ | |
1958 "Tunnel-Type", /* Name */ | |
1959 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1960 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1961 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1962 }; | |
1963 int i; | |
1964 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1965 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1966 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
1967 } | |
1968 CHECK_dict_new( DICT_AVP, &adata , type, NULL); | |
1969 } | |
1970 | |
1971 /* Tunnel-Medium-Type */ | |
1972 { | |
1973 /* | |
1974 The Tunnel-Medium-Type AVP (AVP Code 65) is of type Enumerated and | |
1975 contains the transport medium to use when creating a tunnel for | |
1976 protocols (such as L2TP) that can operate over multiple transports. | |
1977 It MAY be used in an authorization request as a hint to the server | |
1978 that a specific medium is desired, but the server is not required to | |
1979 honor the hint in the corresponding response. | |
1980 | |
1981 The supported values are listed in [RADIUSTypes]. | |
1982 Sub-registry: Values for RADIUS Attribute 65, Tunnel-Medium-Type | |
1983 Reference: [RFC2868] | |
1984 */ | |
1985 struct dict_object *type; | |
1986 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Medium-Type)" , NULL, NULL}; | |
1987 struct dict_enumval_data tvals[] = { | |
1988 enumval_def_u32( 1, "IPv4 (IP version 4) [RFC2868]"), | |
1989 enumval_def_u32( 2, "IPv6 (IP version 6) [RFC2868]"), | |
1990 enumval_def_u32( 3, "NSAP [RFC2868]"), | |
1991 enumval_def_u32( 4, "HDLC (8-bit multidrop) [RFC2868]"), | |
1992 enumval_def_u32( 5, "BBN 1822 [RFC2868]"), | |
1993 enumval_def_u32( 6, "802 (includes all 802 media plus Ethernet \"canonical format\") [RFC2868]"), | |
1994 enumval_def_u32( 7, "E.163 (POTS) [RFC2868]"), | |
1995 enumval_def_u32( 8, "E.164 (SMDS, Frame Relay, ATM) [RFC2868]"), | |
1996 enumval_def_u32( 9, "F.69 (Telex) [RFC2868]"), | |
1997 enumval_def_u32(10, "X.121 (X.25, Frame Relay) [RFC2868]"), | |
1998 enumval_def_u32(11, "IPX [RFC2868]"), | |
1999 enumval_def_u32(12, "Appletalk [RFC2868]"), | |
2000 enumval_def_u32(13, "Decnet IV [RFC2868]"), | |
2001 enumval_def_u32(14, "Banyan Vines [RFC2868]"), | |
2002 enumval_def_u32(15, "E.164 with NSAP format subaddress [RFC2868]") | |
2003 }; | |
2004 struct dict_avp_data adata = { | |
2005 65, /* Code */ | |
2006 0, /* Vendor */ | |
2007 "Tunnel-Medium-Type", /* Name */ | |
2008 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2009 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2010 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2011 }; | |
2012 int i; | |
2013 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2014 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2015 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
2016 } | |
2017 CHECK_dict_new( DICT_AVP, &adata , type, NULL); | |
2018 } | |
2019 | |
2020 /* Tunnel-Client-Endpoint */ | |
2021 { | |
2022 /* | |
2023 The Tunnel-Client-Endpoint AVP (AVP Code 66) is of type UTF8String | |
2024 and contains the address of the initiator end of the tunnel. It MAY | |
2025 be used in an authorization request as a hint to the server that a | |
2026 specific endpoint is desired, but the server is not required to honor | |
2027 the hint in the corresponding response. | |
2028 | |
2029 This AVP SHOULD be included in the corresponding Accounting-Request | |
2030 messages, in which case it indicates the address from which the | |
2031 tunnel was initiated. This AVP, along with the Tunnel-Server- | |
2032 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally | |
2033 unique means to identify a tunnel for accounting and auditing | |
2034 purposes. | |
2035 | |
2036 If Tunnel-Medium-Type is IPv4 (1), then this string is either the | |
2037 fully qualified domain name (FQDN) of the tunnel client machine, or a | |
2038 "dotted-decimal" IP address. Implementations MUST support the | |
2039 dotted-decimal format and SHOULD support the FQDN format for IP | |
2040 addresses. | |
2041 | |
2042 If Tunnel-Medium-Type is IPv6 (2), then this string is either the | |
2043 FQDN of the tunnel client machine, or a text representation of the | |
2044 address in either the preferred or alternate form [IPv6Addr]. | |
2045 Conforming implementations MUST support the preferred form and SHOULD | |
2046 support both the alternate text form and the FQDN format for IPv6 | |
2047 addresses. | |
2048 | |
2049 If Tunnel-Medium-Type is neither IPv4 nor IPv6, then this string is a | |
2050 tag referring to configuration data local to the Diameter client that | |
2051 describes the interface or medium-specific client address to use. | |
2052 */ | |
2053 struct dict_avp_data adata = { | |
2054 66, /* Code */ | |
2055 0, /* Vendor */ | |
2056 "Tunnel-Client-Endpoint", /* Name */ | |
2057 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2058 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2059 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2060 }; | |
2061 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); | |
2062 } | |
2063 | |
2064 /* Tunnel-Server-Endpoint */ | |
2065 { | |
2066 /* | |
2067 The Tunnel-Server-Endpoint AVP (AVP Code 67) is of type UTF8String | |
2068 and contains the address of the server end of the tunnel. It MAY be | |
2069 used in an authorization request as a hint to the server that a | |
2070 specific endpoint is desired, but the server is not required to honor | |
2071 the hint in the corresponding response. | |
2072 | |
2073 This AVP SHOULD be included in the corresponding Accounting-Request | |
2074 messages, in which case it indicates the address from which the | |
2075 tunnel was initiated. This AVP, along with the Tunnel-Client- | |
2076 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally | |
2077 unique means to identify a tunnel for accounting and auditing | |
2078 purposes. | |
2079 | |
2080 If Tunnel-Medium-Type is IPv4 (1), then this string is either the | |
2081 fully qualified domain name (FQDN) of the tunnel server machine, or a | |
2082 "dotted-decimal" IP address. Implementations MUST support the | |
2083 dotted-decimal format and SHOULD support the FQDN format for IP | |
2084 addresses. | |
2085 | |
2086 If Tunnel-Medium-Type is IPv6 (2), then this string is either the | |
2087 FQDN of the tunnel server machine, or a text representation of the | |
2088 address in either the preferred or alternate form [IPv6Addr]. | |
2089 Implementations MUST support the preferred form and SHOULD support | |
2090 both the alternate text form and the FQDN format for IPv6 addresses. | |
2091 | |
2092 If Tunnel-Medium-Type is not IPv4 or IPv6, this string is a tag | |
2093 referring to configuration data local to the Diameter client that | |
2094 describes the interface or medium-specific server address to use. | |
2095 */ | |
2096 struct dict_avp_data adata = { | |
2097 67, /* Code */ | |
2098 0, /* Vendor */ | |
2099 "Tunnel-Server-Endpoint", /* Name */ | |
2100 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2101 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2102 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2103 }; | |
2104 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); | |
2105 } | |
2106 | |
2107 /* Tunnel-Password */ | |
2108 { | |
2109 /* | |
2110 The Tunnel-Password AVP (AVP Code 69) is of type OctetString and may | |
2111 contain a password to be used to authenticate to a remote server. | |
2112 The Tunnel-Password AVP contains sensitive information. This value | |
2113 is not protected in the same manner as RADIUS [RADTunnels]. | |
2114 | |
2115 As required in [BASE], Diameter messages are encrypted by using IPsec | |
2116 or TLS. The Tunnel-Password AVP SHOULD NOT be used in untrusted | |
2117 proxy environments without encrypting it by using end-to-end security | |
2118 techniques, such as CMS Security [DiamCMS]. | |
2119 */ | |
2120 struct dict_avp_data adata = { | |
2121 69, /* Code */ | |
2122 0, /* Vendor */ | |
2123 "Tunnel-Password", /* Name */ | |
2124 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2125 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2126 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2127 }; | |
2128 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); | |
2129 } | |
2130 | |
2131 /* Tunnel-Private-Group-Id */ | |
2132 { | |
2133 /* | |
2134 The Tunnel-Private-Group-Id AVP (AVP Code 81) is of type OctetString | |
2135 and contains the group Id for a particular tunneled session. The | |
2136 Tunnel-Private-Group-Id AVP MAY be included in an authorization | |
2137 request if the tunnel initiator can predetermine the group resulting | |
2138 from a particular connection. It SHOULD be included in the | |
2139 authorization response if this tunnel session is to be treated as | |
2140 belonging to a particular private group. Private groups may be used | |
2141 to associate a tunneled session with a particular group of users. | |
2142 For example, it MAY be used to facilitate routing of unregistered IP | |
2143 addresses through a particular interface. This AVP SHOULD be | |
2144 included in the Accounting-Request messages that pertain to the | |
2145 tunneled session. | |
2146 */ | |
2147 struct dict_avp_data adata = { | |
2148 81, /* Code */ | |
2149 0, /* Vendor */ | |
2150 "Tunnel-Private-Group-Id", /* Name */ | |
2151 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2152 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2153 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2154 }; | |
2155 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); | |
2156 } | |
2157 | |
2158 /* Tunnel-Assignment-Id */ | |
2159 { | |
2160 /* | |
2161 The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and | |
2162 is used to indicate to the tunnel initiator the particular tunnel to | |
2163 which a session is to be assigned. Some tunneling protocols, such as | |
2164 [PPTP] and [L2TP], allow for sessions between the same two tunnel | |
2165 endpoints to be multiplexed over the same tunnel and also for a given | |
2166 session to use its own dedicated tunnel. This attribute provides a | |
2167 mechanism for Diameter to inform the tunnel initiator (e.g., PAC, | |
2168 LAC) whether to assign the session to a multiplexed tunnel or to a | |
2169 separate tunnel. Furthermore, it allows for sessions sharing | |
2170 multiplexed tunnels to be assigned to different multiplexed tunnels. | |
2171 | |
2172 A particular tunneling implementation may assign differing | |
2173 characteristics to particular tunnels. For example, different | |
2174 tunnels may be assigned different QoS parameters. Such tunnels may | |
2175 be used to carry either individual or multiple sessions. The | |
2176 Tunnel-Assignment-Id attribute thus allows the Diameter server to | |
2177 indicate that a particular session is to be assigned to a tunnel | |
2178 providing an appropriate level of service. It is expected that any | |
2179 QoS-related Diameter tunneling attributes defined in the future | |
2180 accompanying this one will be associated by the tunnel initiator with | |
2181 the Id given by this attribute. In the meantime, any semantic given | |
2182 to a particular Id string is a matter left to local configuration in | |
2183 the tunnel initiator. | |
2184 | |
2185 The Tunnel-Assignment-Id AVP is of significance only to Diameter and | |
2186 the tunnel initiator. The Id it specifies is only intended to be of | |
2187 local use to Diameter and the tunnel initiator. The Id assigned by | |
2188 the tunnel initiator is not conveyed to the tunnel peer. | |
2189 | |
2190 This attribute MAY be included in authorization responses. The | |
2191 tunnel initiator receiving this attribute MAY choose to ignore it and | |
2192 to assign the session to an arbitrary multiplexed or non-multiplexed | |
2193 tunnel between the desired endpoints. This AVP SHOULD also be | |
2194 included in the Accounting-Request messages pertaining to the | |
2195 tunneled session. | |
2196 | |
2197 If a tunnel initiator supports the Tunnel-Assignment-Id AVP, then it | |
2198 should assign a session to a tunnel in the following manner: | |
2199 | |
2200 - If this AVP is present and a tunnel exists between the | |
2201 specified endpoints with the specified Id, then the session | |
2202 should be assigned to that tunnel. | |
2203 | |
2204 - If this AVP is present and no tunnel exists between the | |
2205 specified endpoints with the specified Id, then a new tunnel | |
2206 should be established for the session and the specified Id | |
2207 should be associated with the new tunnel. | |
2208 | |
2209 - If this AVP is not present, then the session is assigned to an | |
2210 unnamed tunnel. If an unnamed tunnel does not yet exist | |
2211 between the specified endpoints, then it is established and | |
2212 used for this session and for subsequent ones established | |
2213 without the Tunnel-Assignment-Id attribute. A tunnel initiator | |
2214 MUST NOT assign a session for which a Tunnel-Assignment-Id AVP | |
2215 was not specified to a named tunnel (i.e., one that was | |
2216 initiated by a session specifying this AVP). | |
2217 | |
2218 Note that the same Id may be used to name different tunnels if these | |
2219 tunnels are between different endpoints. | |
2220 | |
2221 */ | |
2222 struct dict_avp_data adata = { | |
2223 82, /* Code */ | |
2224 0, /* Vendor */ | |
2225 "Tunnel-Assignment-Id", /* Name */ | |
2226 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2227 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2228 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2229 }; | |
2230 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); | |
2231 } | |
2232 | |
2233 /* Tunnel-Preference */ | |
2234 { | |
2235 /* | |
2236 The Tunnel-Preference AVP (AVP Code 83) is of type Unsigned32 and is | |
2237 used to identify the relative preference assigned to each tunnel when | |
2238 more than one set of tunneling AVPs is returned within separate | |
2239 Grouped-AVP AVPs. It MAY be used in an authorization request as a | |
2240 hint to the server that a specific preference is desired, but the | |
2241 server is not required to honor the hint in the corresponding | |
2242 response. | |
2243 | |
2244 For example, suppose that AVPs describing two tunnels are returned by | |
2245 the server, one with a Tunnel-Type of PPTP and the other with a | |
2246 Tunnel-Type of L2TP. If the tunnel initiator supports only one of | |
2247 the Tunnel-Types returned, it will initiate a tunnel of that type. | |
2248 If, however, it supports both tunnel protocols, it SHOULD use the | |
2249 value of the Tunnel-Preference AVP to decide which tunnel should be | |
2250 started. The tunnel with the lowest numerical value in the Value | |
2251 field of this AVP SHOULD be given the highest preference. The values | |
2252 assigned to two or more instances of the Tunnel-Preference AVP within | |
2253 a given authorization response MAY be identical. In this case, the | |
2254 tunnel initiator SHOULD use locally configured metrics to decide | |
2255 which set of AVPs to use. | |
2256 */ | |
2257 struct dict_avp_data adata = { | |
2258 83, /* Code */ | |
2259 0, /* Vendor */ | |
2260 "Tunnel-Preference", /* Name */ | |
2261 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2262 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2263 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2264 }; | |
2265 CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); | |
2266 } | |
2267 | |
2268 /* Tunnel-Client-Auth-Id */ | |
2269 { | |
2270 /* | |
2271 The Tunnel-Client-Auth-Id AVP (AVP Code 90) is of type UTF8String and | |
2272 specifies the name used by the tunnel initiator during the | |
2273 authentication phase of tunnel establishment. It MAY be used in an | |
2274 authorization request as a hint to the server that a specific | |
2275 preference is desired, but the server is not required to honor the | |
2276 hint in the corresponding response. This AVP MUST be present in the | |
2277 authorization response if an authentication name other than the | |
2278 default is desired. This AVP SHOULD be included in the Accounting- | |
2279 Request messages pertaining to the tunneled session. | |
2280 */ | |
2281 struct dict_avp_data adata = { | |
2282 90, /* Code */ | |
2283 0, /* Vendor */ | |
2284 "Tunnel-Client-Auth-Id", /* Name */ | |
2285 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2286 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2287 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2288 }; | |
2289 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); | |
2290 } | |
2291 | |
2292 /* Tunnel-Server-Auth-Id */ | |
2293 { | |
2294 /* | |
2295 The Tunnel-Server-Auth-Id AVP (AVP Code 91) is of type UTF8String and | |
2296 specifies the name used by the tunnel terminator during the | |
2297 authentication phase of tunnel establishment. It MAY be used in an | |
2298 authorization request as a hint to the server that a specific | |
2299 preference is desired, but the server is not required to honor the | |
2300 hint in the corresponding response. This AVP MUST be present in the | |
2301 authorization response if an authentication name other than the | |
2302 default is desired. This AVP SHOULD be included in the Accounting- | |
2303 Request messages pertaining to the tunneled session. | |
2304 */ | |
2305 struct dict_avp_data adata = { | |
2306 91, /* Code */ | |
2307 0, /* Vendor */ | |
2308 "Tunnel-Server-Auth-Id", /* Name */ | |
2309 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2310 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2311 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2312 }; | |
2313 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); | |
2314 } | |
2315 | |
2316 /* Tunneling */ | |
2317 { | |
2318 /* | |
2319 The Tunneling AVP (AVP Code 401) is of type Grouped and contains the | |
2320 following AVPs, used to describe a compulsory tunnel service: | |
2321 [RADTunnels], [RADTunlAcct]. Its data field has the following ABNF | |
2322 grammar: | |
2323 | |
2324 Tunneling ::= < AVP Header: 401 > | |
2325 { Tunnel-Type } | |
2326 { Tunnel-Medium-Type } | |
2327 { Tunnel-Client-Endpoint } | |
2328 { Tunnel-Server-Endpoint } | |
2329 [ Tunnel-Preference ] | |
2330 [ Tunnel-Client-Auth-Id ] | |
2331 [ Tunnel-Server-Auth-Id ] | |
2332 [ Tunnel-Assignment-Id ] | |
2333 [ Tunnel-Password ] | |
2334 [ Tunnel-Private-Group-Id ] | |
2335 */ | |
2336 struct dict_object * avp; | |
2337 struct dict_avp_data data = { | |
2338 401, /* Code */ | |
2339 0, /* Vendor */ | |
2340 "Tunneling", /* Name */ | |
2341 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2342 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2343 AVP_TYPE_GROUPED /* base type of data */ | |
2344 }; | |
2345 struct local_rules_definition rules[] = | |
2346 { { "Tunnel-Type", RULE_REQUIRED, -1, 1 } | |
2347 ,{ "Tunnel-Medium-Type", RULE_REQUIRED, -1, 1 } | |
2348 ,{ "Tunnel-Client-Endpoint", RULE_REQUIRED, -1, 1 } | |
2349 ,{ "Tunnel-Server-Endpoint", RULE_REQUIRED, -1, 1 } | |
2350 ,{ "Tunnel-Preference", RULE_OPTIONAL, -1, 1 } | |
2351 ,{ "Tunnel-Client-Auth-Id", RULE_OPTIONAL, -1, 1 } | |
2352 ,{ "Tunnel-Server-Auth-Id", RULE_OPTIONAL, -1, 1 } | |
2353 ,{ "Tunnel-Assignment-Id", RULE_OPTIONAL, -1, 1 } | |
2354 ,{ "Tunnel-Password", RULE_OPTIONAL, -1, 1 } | |
2355 ,{ "Tunnel-Private-Group-Id", RULE_OPTIONAL, -1, 1 } | |
2356 }; | |
2357 | |
2358 CHECK_dict_new( DICT_AVP, &data , NULL, &avp); | |
2359 PARSE_loc_rules( rules, avp ); | |
2360 } | |
2361 | |
2362 /******************************** | |
2363 * NAS Accounting AVPs * | |
2364 ********************************/ | |
2365 /* Accounting-Input-Octets */ | |
2366 { | |
2367 /* | |
2368 The Accounting-Input-Octets AVP (AVP Code 363) is of type Unsigned64 | |
2369 and contains the number of octets received from the user. | |
2370 | |
2371 For NAS usage, this AVP indicates how many octets have been received | |
2372 from the port in the course of this session. It can only be present | |
2373 in ACR messages with an Accounting-Record-Type of INTERIM_RECORD or | |
2374 STOP_RECORD. | |
2375 */ | |
2376 struct dict_avp_data data = { | |
2377 363, /* Code */ | |
2378 0, /* Vendor */ | |
2379 "Accounting-Input-Octets", /* Name */ | |
2380 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2381 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2382 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2383 }; | |
2384 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2385 } | |
2386 | |
2387 /* Accounting-Output-Octets */ | |
2388 { | |
2389 /* | |
2390 The Accounting-Output-Octets AVP (AVP Code 364) is of type Unsigned64 | |
2391 and contains the number of octets sent to the user. | |
2392 | |
2393 For NAS usage, this AVP indicates how many octets have been sent to | |
2394 the port in the course of this session. It can only be present in | |
2395 ACR messages with an Accounting-Record-Type of INTERIM_RECORD or | |
2396 STOP_RECORD. | |
2397 */ | |
2398 struct dict_avp_data data = { | |
2399 364, /* Code */ | |
2400 0, /* Vendor */ | |
2401 "Accounting-Output-Octets", /* Name */ | |
2402 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2403 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2404 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2405 }; | |
2406 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2407 } | |
2408 | |
2409 /* Accounting-Input-Packets */ | |
2410 { | |
2411 /* | |
2412 The Accounting-Input-Packets (AVP Code 365) is of type Unsigned64 and | |
2413 contains the number of packets received from the user. | |
2414 | |
2415 For NAS usage, this AVP indicates how many packets have been received | |
2416 from the port over the course of a session being provided to a Framed | |
2417 User. It can only be present in ACR messages with an Accounting- | |
2418 Record-Type of INTERIM_RECORD or STOP_RECORD. | |
2419 */ | |
2420 struct dict_avp_data data = { | |
2421 365, /* Code */ | |
2422 0, /* Vendor */ | |
2423 "Accounting-Input-Packets", /* Name */ | |
2424 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2425 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2426 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2427 }; | |
2428 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2429 } | |
2430 | |
2431 /* Accounting-Output-Packets */ | |
2432 { | |
2433 /* | |
2434 The Accounting-Output-Packets (AVP Code 366) is of type Unsigned64 | |
2435 and contains the number of IP packets sent to the user. | |
2436 | |
2437 For NAS usage, this AVP indicates how many packets have been sent to | |
2438 the port over the course of a session being provided to a Framed | |
2439 User. It can only be present in ACR messages with an Accounting- | |
2440 Record-Type of INTERIM_RECORD or STOP_RECORD. | |
2441 */ | |
2442 struct dict_avp_data data = { | |
2443 366, /* Code */ | |
2444 0, /* Vendor */ | |
2445 "Accounting-Output-Packets", /* Name */ | |
2446 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2447 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2448 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2449 }; | |
2450 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2451 } | |
2452 | |
2453 /* Acct-Session-Time */ | |
2454 { | |
2455 /* | |
2456 The Acct-Session-Time AVP (AVP Code 46) is of type Unsigned32 and | |
2457 indicates the length of the current session in seconds. It can only | |
2458 be present in ACR messages with an Accounting-Record-Type of | |
2459 INTERIM_RECORD or STOP_RECORD. | |
2460 */ | |
2461 struct dict_avp_data data = { | |
2462 46, /* Code */ | |
2463 0, /* Vendor */ | |
2464 "Acct-Session-Time", /* Name */ | |
2465 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2466 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2467 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2468 }; | |
2469 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2470 } | |
2471 | |
2472 /* Acct-Authentic */ | |
2473 { | |
2474 /* | |
2475 The Acct-Authentic AVP (AVP Code 45) is of type Enumerated and | |
2476 specifies how the user was authenticated. The supported values are | |
2477 listed in [RADIUSTypes]. | |
2478 Sub-registry: Values for RADIUS Attribute 45, Acct-Authentic | |
2479 Reference: [RFC2866] | |
2480 */ | |
2481 struct dict_object *type; | |
2482 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Acct-Authentic)" , NULL, NULL}; | |
2483 struct dict_enumval_data tvals[] = { | |
2484 enumval_def_u32( 1, "RADIUS"), | |
2485 enumval_def_u32( 2, "Local"), | |
2486 enumval_def_u32( 3, "Remote"), | |
2487 enumval_def_u32( 4, "Diameter") | |
2488 }; | |
2489 struct dict_avp_data data = { | |
2490 45, /* Code */ | |
2491 0, /* Vendor */ | |
2492 "Acct-Authentic", /* Name */ | |
2493 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2494 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2495 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2496 }; | |
2497 int i; | |
2498 /* Create the Enumerated type, enumerated values, and the AVP */ | |
2499 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2500 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2501 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
2502 } | |
2503 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
2504 } | |
2505 | |
2506 /* Accounting-Auth-Method */ | |
2507 { | |
2508 /* | |
2509 The Accounting-Auth-Method AVP (AVP Code 406) is of type Enumerated. | |
2510 A NAS MAY include this AVP in an Accounting-Request message to | |
2511 indicate the method used to authenticate the user. (Note that this | |
2512 is equivalent to the RADIUS MS-Acct-Auth-Type VSA attribute). | |
2513 | |
2514 The following values are defined: | |
2515 | |
2516 1 PAP | |
2517 2 CHAP | |
2518 3 MS-CHAP-1 | |
2519 4 MS-CHAP-2 | |
2520 5 EAP | |
2521 7 None | |
2522 */ | |
2523 struct dict_object *type; | |
2524 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Accounting-Auth-Method)" , NULL, NULL}; | |
2525 struct dict_enumval_data tvals[] = { | |
2526 enumval_def_u32( 1, "PAP"), | |
2527 enumval_def_u32( 2, "CHAP"), | |
2528 enumval_def_u32( 3, "MS-CHAP-1"), | |
2529 enumval_def_u32( 4, "MS-CHAP-2"), | |
2530 enumval_def_u32( 5, "EAP"), | |
2531 enumval_def_u32( 7, "None") | |
2532 }; | |
2533 struct dict_avp_data data = { | |
2534 406, /* Code */ | |
2535 0, /* Vendor */ | |
2536 "Accounting-Auth-Method", /* Name */ | |
2537 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2538 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2539 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2540 }; | |
2541 int i; | |
2542 /* Create the Enumerated type, enumerated values, and the AVP */ | |
2543 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2544 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2545 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
2546 } | |
2547 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
2548 } | |
2549 | |
2550 /* Acct-Delay-Time */ | |
2551 { | |
2552 /* | |
2553 The Acct-Delay-Time AVP (AVP Code 41) is of type Unsigned32 and | |
2554 indicates the number of seconds the Diameter client has been trying | |
2555 to send the Accounting-Request (ACR). The accounting server may | |
2556 subtract this value from the time when the ACR arrives at the server | |
2557 to calculate the approximate time of the event that caused the ACR to | |
2558 be generated. | |
2559 | |
2560 This AVP is not used for retransmissions at the transport level (TCP | |
2561 or SCTP). Rather, it may be used when an ACR command cannot be | |
2562 transmitted because there is no appropriate peer to transmit it to or | |
2563 was rejected because it could not be delivered. In these cases, the | |
2564 command MAY be buffered and transmitted later, when an appropriate | |
2565 peer-connection is available or after sufficient time has passed that | |
2566 the destination-host may be reachable and operational. If the ACR is | |
2567 resent in this way, the Acct-Delay-Time AVP SHOULD be included. The | |
2568 value of this AVP indicates the number of seconds that elapsed | |
2569 between the time of the first attempt at transmission and the current | |
2570 attempt. | |
2571 */ | |
2572 struct dict_avp_data data = { | |
2573 41, /* Code */ | |
2574 0, /* Vendor */ | |
2575 "Acct-Delay-Time", /* Name */ | |
2576 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2577 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2578 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2579 }; | |
2580 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2581 } | |
2582 | |
2583 /* Acct-Link-Count */ | |
2584 { | |
2585 /* | |
2586 The Acct-Link-Count AVP (AVP Code 51) is of type Unsigned32 and | |
2587 indicates the total number of links that have been active (current or | |
2588 closed) in a given multilink session at the time the accounting | |
2589 record is generated. This AVP MAY be included in Accounting-Requests | |
2590 for any session that may be part of a multilink service. | |
2591 | |
2592 The Acct-Link-Count AVP may be used to make it easier for an | |
2593 accounting server to know when it has all the records for a given | |
2594 multilink service. When the number of Accounting-Requests received | |
2595 with Accounting-Record-Type = STOP_RECORD and with the same Acct- | |
2596 Multi-Session-Id and unique Session-Ids equals the largest value of | |
2597 Acct-Link-Count seen in those Accounting-Requests, all STOP_RECORD | |
2598 Accounting-Requests for that multilink service have been received. | |
2599 | |
2600 The following example, showing eight Accounting-Requests, illustrates | |
2601 how the Acct-Link-Count AVP is used. In the table below, only the | |
2602 relevant AVPs are shown, although additional AVPs containing | |
2603 accounting information will be present in the Accounting-Requests. | |
2604 | |
2605 Acct-Multi- Accounting- Acct- | |
2606 Session-Id Session-Id Record-Type Link-Count | |
2607 -------------------------------------------------------- | |
2608 "...10" "...10" START_RECORD 1 | |
2609 "...10" "...11" START_RECORD 2 | |
2610 "...10" "...11" STOP_RECORD 2 | |
2611 "...10" "...12" START_RECORD 3 | |
2612 "...10" "...13" START_RECORD 4 | |
2613 "...10" "...12" STOP_RECORD 4 | |
2614 "...10" "...13" STOP_RECORD 4 | |
2615 "...10" "...10" STOP_RECORD 4 | |
2616 | |
2617 */ | |
2618 struct dict_avp_data data = { | |
2619 51, /* Code */ | |
2620 0, /* Vendor */ | |
2621 "Acct-Link-Count", /* Name */ | |
2622 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2623 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2624 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2625 }; | |
2626 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2627 } | |
2628 | |
2629 /* Acct-Tunnel-Connection */ | |
2630 { | |
2631 /* | |
2632 The Acct-Tunnel-Connection AVP (AVP Code 68) is of type OctetString | |
2633 and contains the identifier assigned to the tunnel session. This | |
2634 AVP, along with the Tunnel-Client-Endpoint and Tunnel-Server-Endpoint | |
2635 AVPs, may be used to provide a means to uniquely identify a tunnel | |
2636 session for auditing purposes. | |
2637 | |
2638 The format of the identifier in this AVP depends upon the value of | |
2639 the Tunnel-Type AVP. For example, to identify an L2TP tunnel | |
2640 connection fully, the L2TP Tunnel Id and Call Id might be encoded in | |
2641 this field. The exact encoding of this field is implementation | |
2642 dependent. | |
2643 */ | |
2644 struct dict_avp_data data = { | |
2645 68, /* Code */ | |
2646 0, /* Vendor */ | |
2647 "Acct-Tunnel-Connection", /* Name */ | |
2648 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2649 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2650 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2651 }; | |
2652 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2653 } | |
2654 | |
2655 /* Acct-Tunnel-Packets-Lost */ | |
2656 { | |
2657 /* | |
2658 The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32 | |
2659 and contains the number of packets lost on a given link. | |
2660 */ | |
2661 struct dict_avp_data data = { | |
2662 86, /* Code */ | |
2663 0, /* Vendor */ | |
2664 "Acct-Tunnel-Packets-Lost", /* Name */ | |
2665 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2666 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2667 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2668 }; | |
2669 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2670 } | |
2671 | |
2672 /*********************************** | |
2673 * Compatibility with RADIUS AVPs * | |
2674 ***********************************/ | |
2675 /* NAS-Identifier */ | |
2676 { | |
2677 /* | |
2678 The NAS-Identifier AVP (AVP Code 32) [RADIUS] is of type UTF8String | |
2679 and contains the identity of the NAS providing service to the user. | |
2680 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent. | |
2681 When this AVP is present, the Origin-Host AVP identifies the NAS | |
2682 providing service to the user. | |
2683 | |
2684 In RADIUS it would be possible for a rogue NAS to forge the NAS- | |
2685 Identifier attribute. Diameter/RADIUS translation agents SHOULD | |
2686 attempt to check a received NAS-Identifier attribute against the | |
2687 source address of the RADIUS packet, by doing an A/AAAA RR query. If | |
2688 the NAS-Identifier attribute contains an FQDN, then such a query | |
2689 would resolve to an IP address matching the source address. However, | |
2690 the NAS-Identifier attribute is not required to contain an FQDN, so | |
2691 such a query could fail. If it fails, an error should be logged, but | |
2692 no action should be taken, other than a reverse lookup on the source | |
2693 address and insert the resulting FQDN into the Route-Record AVP. | |
2694 | |
2695 Diameter agents and servers SHOULD check whether a NAS-Identifier AVP | |
2696 corresponds to an entry in the Route-Record AVP. If no match is | |
2697 found, then an error is logged, but no other action is taken. | |
2698 */ | |
2699 struct dict_avp_data data = { | |
2700 32, /* Code */ | |
2701 0, /* Vendor */ | |
2702 "NAS-Identifier", /* Name */ | |
2703 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2704 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2705 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2706 }; | |
2707 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
2708 } | |
2709 | |
2710 /* NAS-IP-Address */ | |
2711 { | |
2712 /* | |
2713 The NAS-IP-Address AVP (AVP Code 4) [RADIUS] is of type OctetString | |
2714 and contains the IP Address of the NAS providing service to the user. | |
2715 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent. | |
2716 When this AVP is present, the Origin-Host AVP identifies the NAS | |
2717 providing service to the user. | |
2718 | |
2719 In RADIUS it would be possible for a rogue NAS to forge the NAS-IP- | |
2720 Address attribute value. Diameter/RADIUS translation agents MUST | |
2721 check a received NAS-IP-Address or NAS-IPv6-Address attribute against | |
2722 the source address of the RADIUS packet. If they do not match and | |
2723 the Diameter/RADIUS translation agent does not know whether the | |
2724 packet was sent by a RADIUS proxy or NAS (e.g., no Proxy-State | |
2725 attribute), then by default it is assumed that the source address | |
2726 corresponds to a RADIUS proxy, and that the NAS Address is behind | |
2727 that proxy, potentially with some additional RADIUS proxies in | |
2728 between. The Diameter/RADIUS translation agent MUST insert entries | |
2729 in the Route-Record AVP corresponding to the apparent route. This | |
2730 implies doing a reverse lookup on the source address and NAS-IP- | |
2731 Address or NAS-IPv6-Address attributes to determine the corresponding | |
2732 FQDNs. | |
2733 | |
2734 If the source address and the NAS-IP-Address or NAS-IPv6-Address do | |
2735 not match, and the Diameter/RADIUS translation agent knows that it is | |
2736 talking directly to the NAS (e.g., there are no RADIUS proxies | |
2737 between it and the NAS), then the error should be logged, and the | |
2738 packet MUST be discarded. | |
2739 | |
2740 Diameter agents and servers MUST check whether the NAS-IP-Address AVP | |
2741 corresponds to an entry in the Route-Record AVP. This is done by | |
2742 doing a reverse lookup (PTR RR) for the NAS-IP-Address to retrieve | |
2743 the corresponding FQDN, and by checking for a match with the Route- | |
2744 Record AVP. If no match is found, then an error is logged, but no | |
2745 other action is taken. | |
2746 */ | |
2747 struct dict_avp_data data = { | |
2748 4, /* Code */ | |
2749 0, /* Vendor */ | |
2750 "NAS-IP-Address", /* Name */ | |
2751 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2752 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2753 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2754 }; | |
2755 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2756 } | |
2757 | |
2758 /* NAS-IPv6-Address */ | |
2759 { | |
2760 /* | |
2761 The NAS-IPv6-Address AVP (AVP Code 95) [RADIUSIPv6] is of type | |
2762 OctetString and contains the IPv6 Address of the NAS providing | |
2763 service to the user. This AVP SHOULD only be added by a | |
2764 RADIUS/Diameter Translation Agent. When this AVP is present, the | |
2765 Origin-Host AVP identifies the NAS providing service to the user. | |
2766 | |
2767 In RADIUS it would be possible for a rogue NAS to forge the NAS- | |
2768 IPv6-Address attribute. Diameter/RADIUS translation agents MUST | |
2769 check a received NAS-IPv6-Address attribute against the source | |
2770 address of the RADIUS packet. If they do not match and the | |
2771 Diameter/RADIUS translation agent does not know whether the packet | |
2772 was sent by a RADIUS proxy or NAS (e.g., no Proxy-State attribute), | |
2773 then by default it is assumed that the source address corresponds to | |
2774 a RADIUS proxy, and that the NAS-IPv6-Address is behind that proxy, | |
2775 potentially with some additional RADIUS proxies in between. The | |
2776 Diameter/RADIUS translation agent MUST insert entries in the Route- | |
2777 Record AVP corresponding to the apparent route. This implies doing a | |
2778 reverse lookup on the source address and NAS-IPv6-Address attributes | |
2779 to determine the corresponding FQDNs. | |
2780 | |
2781 If the source address and the NAS-IPv6-Address do not match, and the | |
2782 Diameter/RADIUS translation agent knows that it is talking directly | |
2783 to the NAS (e.g., there are no RADIUS proxies between it and the | |
2784 NAS), then the error should be logged, and the packet MUST be | |
2785 discarded. | |
2786 | |
2787 Diameter agents and servers MUST check whether the NAS-IPv6-Address | |
2788 AVP corresponds to an entry in the Route-Record AVP. This is done by | |
2789 doing a reverse lookup (PTR RR) for the NAS-IPv6-Address to retrieve | |
2790 the corresponding FQDN, and by checking for a match with the Record- | |
2791 Route AVP. If no match is found, then an error is logged, but no | |
2792 other action is taken. | |
2793 */ | |
2794 struct dict_avp_data data = { | |
2795 95, /* Code */ | |
2796 0, /* Vendor */ | |
2797 "NAS-IPv6-Address", /* Name */ | |
2798 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2799 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2800 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2801 }; | |
2802 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2803 } | |
2804 | |
2805 /* State */ | |
2806 { | |
2807 /* | |
2808 The State AVP (AVP Code 24) [RADIUS] is of type OctetString and has | |
2809 two uses in the Diameter NAS application. | |
2810 | |
2811 The State AVP MAY be sent by a Diameter Server to a NAS in an AA- | |
2812 Response command that contains a Result-Code of | |
2813 DIAMETER_MULTI_ROUND_AUTH. If so, the NAS MUST return it unmodified | |
2814 in the subsequent AA-Request command. | |
2815 | |
2816 The State AVP MAY also be sent by a Diameter Server to a NAS in an | |
2817 AA-Response command that also includes a Termination-Action AVP with | |
2818 the value of AA-REQUEST. If the NAS performs the Termination-Action | |
2819 by sending a new AA-Request command upon termination of the current | |
2820 service, it MUST return the State AVP unmodified in the new request | |
2821 command. | |
2822 | |
2823 In either usage, the NAS MUST NOT interpret the AVP locally. Usage | |
2824 of the State AVP is implementation dependent. | |
2825 */ | |
2826 struct dict_avp_data data = { | |
2827 24, /* Code */ | |
2828 0, /* Vendor */ | |
2829 "State", /* Name */ | |
2830 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2831 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2832 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2833 }; | |
2834 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2835 } | |
2836 | |
2837 /* Termination-Cause mapping */ | |
2838 { | |
2839 | |
2840 struct dict_object *type; | |
2841 struct dict_enumval_data tvals[] = { | |
2842 enumval_def_u32(11, "[RADIUS] User Request"), | |
2843 enumval_def_u32(12, "[RADIUS] Lost Carrier"), | |
2844 enumval_def_u32(13, "[RADIUS] Lost Service"), | |
2845 enumval_def_u32(14, "[RADIUS] Idle Timeout"), | |
2846 enumval_def_u32(15, "[RADIUS] Session Timeout"), | |
2847 enumval_def_u32(16, "[RADIUS] Admin Reset"), | |
2848 enumval_def_u32(17, "[RADIUS] Admin Reboot"), | |
2849 enumval_def_u32(18, "[RADIUS] Port Error"), | |
2850 enumval_def_u32(19, "[RADIUS] NAS Error"), | |
2851 enumval_def_u32(20, "[RADIUS] NAS Request"), | |
2852 enumval_def_u32(21, "[RADIUS] NAS Reboot"), | |
2853 enumval_def_u32(22, "[RADIUS] Port Unneeded"), | |
2854 enumval_def_u32(23, "[RADIUS] Port Preempted"), | |
2855 enumval_def_u32(24, "[RADIUS] Port Suspended"), | |
2856 enumval_def_u32(25, "[RADIUS] Service Unavailable"), | |
2857 enumval_def_u32(26, "[RADIUS] Callback"), | |
2858 enumval_def_u32(27, "[RADIUS] User Error"), | |
2859 enumval_def_u32(28, "[RADIUS] Host Request"), | |
2860 enumval_def_u32(29, "[RADIUS] Supplicant Restart"), | |
2861 enumval_def_u32(30, "[RADIUS] Reauthentication Failure"), | |
2862 enumval_def_u32(31, "[RADIUS] Port Reinit"), | |
2863 enumval_def_u32(32, "[RADIUS] Port Disabled") | |
2864 }; | |
2865 int i; | |
2866 | |
2867 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Enumerated(Termination-Cause)", &type); | |
2868 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2869 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
2870 } | |
2871 | |
2872 } | |
2873 | |
2874 /* Origin-AAA-Protocol */ | |
2875 { | |
2876 /* | |
2877 The Origin-AAA-Protocol AVP (AVP Code 408) is of the type Enumerated | |
2878 and should be inserted in a Diameter message translated by a gateway | |
2879 system from another AAA protocol, such as RADIUS. It identifies the | |
2880 source protocol of the message to the Diameter system receiving the | |
2881 message. | |
2882 | |
2883 The supported values are: | |
2884 | |
2885 1 RADIUS | |
2886 */ | |
2887 struct dict_object *type; | |
2888 struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Origin-AAA-Protocol)" , NULL, NULL}; | |
2889 struct dict_enumval_data tvals[] = { | |
2890 enumval_def_u32( 1, "RADIUS") | |
2891 }; | |
2892 struct dict_avp_data data = { | |
2893 408, /* Code */ | |
2894 0, /* Vendor */ | |
2895 "Origin-AAA-Protocol", /* Name */ | |
2896 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2897 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2898 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2899 }; | |
2900 int i; | |
2901 /* Create the Enumerated type, enumerated values, and the AVP */ | |
2902 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2903 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2904 CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); | |
2905 } | |
2906 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
2907 } | |
2908 | |
2909 } | |
2910 | |
2911 /********************/ | |
2912 /* Commands section */ | |
2913 /********************/ | |
2914 { | |
2915 /* To avoid defining global variables for all the AVP that we use here, we do search the dictionary in each sub-block. | |
2916 * This is far from optimal, but the code is clearer like this, and the time it requires at execution is not noticeable. | |
2917 */ | |
2918 | |
2919 /* AA-Request (AAR) Command */ | |
2920 { | |
2921 /* | |
2922 The AA-Request (AAR), which is indicated by setting the Command-Code | |
2923 field to 265 and the 'R' bit in the Command Flags field, is used to | |
2924 request authentication and/or authorization for a given NAS user. | |
2925 The type of request is identified through the Auth-Request-Type AVP | |
2926 [BASE]. The recommended value for most RADIUS interoperabily | |
2927 situations is AUTHORIZE_AUTHENTICATE. | |
2928 | |
2929 If Authentication is requested, the User-Name attribute SHOULD be | |
2930 present, as well as any additional authentication AVPs that would | |
2931 carry the password information. A request for authorization SHOULD | |
2932 only include the information from which the authorization will be | |
2933 performed, such as the User-Name, Called-Station-Id, or Calling- | |
2934 Station-Id AVPs. All requests SHOULD contain AVPs uniquely | |
2935 identifying the source of the call, such as Origin-Host and NAS-Port. | |
2936 Certain networks MAY use different AVPs for authorization purposes. | |
2937 A request for authorization will include some AVPs defined in section | |
2938 6. | |
2939 | |
2940 It is possible for a single session to be authorized first and then | |
2941 for an authentication request to follow. | |
2942 | |
2943 This AA-Request message MAY be the result of a multi-round | |
2944 authentication exchange, which occurs when the AA-Answer message is | |
2945 received with the Result-Code AVP set to DIAMETER_MULTI_ROUND_AUTH. | |
2946 A subsequent AAR message SHOULD be sent, with the User-Password AVP | |
2947 that includes the user's response to the prompt, and MUST include any | |
2948 State AVPs that were present in the AAA message. | |
2949 | |
2950 Message Format | |
2951 <AA-Request> ::= < Diameter Header: 265, REQ, PXY > | |
2952 < Session-Id > | |
2953 { Auth-Application-Id } | |
2954 { Origin-Host } | |
2955 { Origin-Realm } | |
2956 { Destination-Realm } | |
2957 { Auth-Request-Type } | |
2958 [ Destination-Host ] | |
2959 [ NAS-Identifier ] | |
2960 [ NAS-IP-Address ] | |
2961 [ NAS-IPv6-Address ] | |
2962 [ NAS-Port ] | |
2963 [ NAS-Port-Id ] | |
2964 [ NAS-Port-Type ] | |
2965 [ Origin-AAA-Protocol ] | |
2966 [ Origin-State-Id ] | |
2967 [ Port-Limit ] | |
2968 [ User-Name ] | |
2969 [ User-Password ] | |
2970 [ Service-Type ] | |
2971 [ State ] | |
2972 [ Authorization-Lifetime ] | |
2973 [ Auth-Grace-Period ] | |
2974 [ Auth-Session-State ] | |
2975 [ Callback-Number ] | |
2976 [ Called-Station-Id ] | |
2977 [ Calling-Station-Id ] | |
2978 [ Originating-Line-Info ] | |
2979 [ Connect-Info ] | |
2980 [ CHAP-Auth ] | |
2981 [ CHAP-Challenge ] | |
2982 * [ Framed-Compression ] | |
2983 [ Framed-Interface-Id ] | |
2984 [ Framed-IP-Address ] | |
2985 * [ Framed-IPv6-Prefix ] | |
2986 [ Framed-IP-Netmask ] | |
2987 [ Framed-MTU ] | |
2988 [ Framed-Protocol ] | |
2989 [ ARAP-Password ] | |
2990 [ ARAP-Security ] | |
2991 * [ ARAP-Security-Data ] | |
2992 * [ Login-IP-Host ] | |
2993 * [ Login-IPv6-Host ] | |
2994 [ Login-LAT-Group ] | |
2995 [ Login-LAT-Node ] | |
2996 [ Login-LAT-Port ] | |
2997 [ Login-LAT-Service ] | |
2998 * [ Tunneling ] | |
2999 * [ Proxy-Info ] | |
3000 * [ Route-Record ] | |
3001 * [ AVP ] | |
3002 */ | |
3003 struct dict_object * cmd; | |
3004 struct dict_cmd_data data = { | |
3005 265, /* Code */ | |
3006 "AA-Request", /* Name */ | |
3007 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_RETRANSMIT | CMD_FLAG_ERROR, /* Fixed flags */ | |
3008 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE /* Fixed flag values */ | |
3009 }; | |
3010 struct local_rules_definition rules[] = | |
3011 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } | |
3012 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } | |
3013 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } | |
3014 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } | |
3015 ,{ "Destination-Realm", RULE_REQUIRED, -1, 1 } | |
3016 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } | |
3017 ,{ "Destination-Host", RULE_OPTIONAL, -1, 1 } | |
3018 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } | |
3019 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3020 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } | |
3021 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } | |
3022 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } | |
3023 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } | |
3024 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3025 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } | |
3026 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 } | |
3027 ,{ "User-Name", RULE_OPTIONAL, -1, 1 } | |
3028 ,{ "User-Password", RULE_OPTIONAL, -1, 1 } | |
3029 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } | |
3030 ,{ "State", RULE_OPTIONAL, -1, 1 } | |
3031 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } | |
3032 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 } | |
3033 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } | |
3034 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 } | |
3035 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3036 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3037 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } | |
3038 ,{ "Connect-Info", RULE_OPTIONAL, -1, 1 } | |
3039 ,{ "CHAP-Auth", RULE_OPTIONAL, -1, 1 } | |
3040 ,{ "CHAP-Challenge", RULE_OPTIONAL, -1, 1 } | |
3041 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 } | |
3042 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } | |
3043 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3044 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 } | |
3045 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 } | |
3046 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 } | |
3047 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 } | |
3048 ,{ "ARAP-Password", RULE_OPTIONAL, -1, 1 } | |
3049 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1 } | |
3050 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1 } | |
3051 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 } | |
3052 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 } | |
3053 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 } | |
3054 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 } | |
3055 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 } | |
3056 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 } | |
3057 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 } | |
3058 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 } | |
3059 ,{ "Route-Record", RULE_OPTIONAL, -1,-1 } | |
3060 }; | |
3061 | |
3062 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd); | |
3063 PARSE_loc_rules( rules, cmd ); | |
3064 } | |
3065 | |
3066 /* AA-Answer (AAA) Command */ | |
3067 { | |
3068 /* | |
3069 The AA-Answer (AAA) message is indicated by setting the Command-Code | |
3070 field to 265 and clearing the 'R' bit in the Command Flags field. It | |
3071 is sent in response to the AA-Request (AAR) message. If | |
3072 authorization was requested, a successful response will include the | |
3073 authorization AVPs appropriate for the service being provided, as | |
3074 defined in section 6. | |
3075 | |
3076 For authentication exchanges requiring more than a single round trip, | |
3077 the server MUST set the Result-Code AVP to DIAMETER_MULTI_ROUND_AUTH. | |
3078 An AAA message with this result code MAY include one Reply-Message or | |
3079 more and MAY include zero or one State AVPs. | |
3080 | |
3081 If the Reply-Message AVP was present, the network access server | |
3082 SHOULD send the text to the user's client to display to the user, | |
3083 instructing the client to prompt the user for a response. For | |
3084 example, this capability can be achieved in PPP via PAP. If the | |
3085 access client is unable to prompt the user for a new response, it | |
3086 MUST treat the AA-Answer (AAA) with the Reply-Message AVP as an error | |
3087 and deny access. | |
3088 | |
3089 Message Format | |
3090 | |
3091 <AA-Answer> ::= < Diameter Header: 265, PXY > | |
3092 < Session-Id > | |
3093 { Auth-Application-Id } | |
3094 { Auth-Request-Type } | |
3095 { Result-Code } | |
3096 { Origin-Host } | |
3097 { Origin-Realm } | |
3098 [ User-Name ] | |
3099 [ Service-Type ] | |
3100 * [ Class ] | |
3101 * [ Configuration-Token ] | |
3102 [ Acct-Interim-Interval ] | |
3103 [ Error-Message ] | |
3104 [ Error-Reporting-Host ] | |
3105 * [ Failed-AVP ] | |
3106 [ Idle-Timeout ] | |
3107 [ Authorization-Lifetime ] | |
3108 [ Auth-Grace-Period ] | |
3109 [ Auth-Session-State ] | |
3110 [ Re-Auth-Request-Type ] | |
3111 [ Multi-Round-Time-Out ] | |
3112 [ Session-Timeout ] | |
3113 [ State ] | |
3114 * [ Reply-Message ] | |
3115 [ Origin-AAA-Protocol ] | |
3116 [ Origin-State-Id ] | |
3117 * [ Filter-Id ] | |
3118 [ Password-Retry ] | |
3119 [ Port-Limit ] | |
3120 [ Prompt ] | |
3121 [ ARAP-Challenge-Response ] | |
3122 [ ARAP-Features ] | |
3123 [ ARAP-Security ] | |
3124 * [ ARAP-Security-Data ] | |
3125 [ ARAP-Zone-Access ] | |
3126 [ Callback-Id ] | |
3127 [ Callback-Number ] | |
3128 [ Framed-Appletalk-Link ] | |
3129 * [ Framed-Appletalk-Network ] | |
3130 [ Framed-Appletalk-Zone ] | |
3131 * [ Framed-Compression ] | |
3132 [ Framed-Interface-Id ] | |
3133 [ Framed-IP-Address ] | |
3134 * [ Framed-IPv6-Prefix ] | |
3135 [ Framed-IPv6-Pool ] | |
3136 * [ Framed-IPv6-Route ] | |
3137 [ Framed-IP-Netmask ] | |
3138 * [ Framed-Route ] | |
3139 [ Framed-Pool ] | |
3140 [ Framed-IPX-Network ] | |
3141 [ Framed-MTU ] | |
3142 [ Framed-Protocol ] | |
3143 [ Framed-Routing ] | |
3144 * [ Login-IP-Host ] | |
3145 * [ Login-IPv6-Host ] | |
3146 [ Login-LAT-Group ] | |
3147 [ Login-LAT-Node ] | |
3148 [ Login-LAT-Port ] | |
3149 [ Login-LAT-Service ] | |
3150 [ Login-Service ] | |
3151 [ Login-TCP-Port ] | |
3152 * [ NAS-Filter-Rule ] | |
3153 * [ QoS-Filter-Rule ] | |
3154 * [ Tunneling ] | |
3155 * [ Redirect-Host ] | |
3156 [ Redirect-Host-Usage ] | |
3157 [ Redirect-Max-Cache-Time ] | |
3158 * [ Proxy-Info ] | |
3159 * [ AVP ] | |
3160 */ | |
3161 struct dict_object * cmd; | |
3162 struct dict_cmd_data data = { | |
3163 265, /* Code */ | |
3164 "AA-Answer", /* Name */ | |
3165 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE, /* Fixed flags */ | |
3166 CMD_FLAG_PROXIABLE /* Fixed flag values */ | |
3167 }; | |
3168 struct local_rules_definition rules[] = | |
3169 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } | |
3170 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } | |
3171 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } | |
3172 ,{ "Result-Code", RULE_REQUIRED, -1, 1 } | |
3173 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } | |
3174 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } | |
3175 ,{ "User-Name", RULE_OPTIONAL, -1, 1 } | |
3176 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } | |
3177 ,{ "Class", RULE_OPTIONAL, -1,-1 } | |
3178 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1 } | |
3179 ,{ "Acct-Interim-Interval", RULE_OPTIONAL, -1, 1 } | |
3180 ,{ "Error-Message", RULE_OPTIONAL, -1, 1 } | |
3181 ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1 } | |
3182 ,{ "Failed-AVP", RULE_OPTIONAL, -1,-1 } | |
3183 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 } | |
3184 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } | |
3185 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 } | |
3186 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } | |
3187 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 } | |
3188 ,{ "Multi-Round-Time-Out", RULE_OPTIONAL, -1, 1 } | |
3189 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1 } | |
3190 ,{ "State", RULE_OPTIONAL, -1, 1 } | |
3191 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } | |
3192 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3193 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } | |
3194 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1 } | |
3195 ,{ "Password-Retry", RULE_OPTIONAL, -1, 1 } | |
3196 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 } | |
3197 ,{ "Prompt", RULE_OPTIONAL, -1, 1 } | |
3198 ,{ "ARAP-Challenge-Response", RULE_OPTIONAL, -1, 1 } | |
3199 ,{ "ARAP-Features", RULE_OPTIONAL, -1, 1 } | |
3200 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1 } | |
3201 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1 } | |
3202 ,{ "ARAP-Zone-Access", RULE_OPTIONAL, -1, 1 } | |
3203 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1 } | |
3204 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 } | |
3205 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1 } | |
3206 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1,-1 } | |
3207 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1 } | |
3208 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 } | |
3209 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1,-1 } | |
3210 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3211 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 } | |
3212 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1 } | |
3213 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1 } | |
3214 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1,-1 } | |
3215 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1 } | |
3216 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1 } | |
3217 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1 } | |
3218 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 } | |
3219 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 } | |
3220 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1 } | |
3221 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 } | |
3222 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 } | |
3223 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 } | |
3224 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 } | |
3225 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 } | |
3226 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 } | |
3227 ,{ "Login-Service", RULE_OPTIONAL, -1, 1 } | |
3228 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1 } | |
3229 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1 } | |
3230 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1 } | |
3231 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 } | |
3232 ,{ "Redirect-Host", RULE_OPTIONAL, -1,-1 } | |
3233 ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1 } | |
3234 ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1 } | |
3235 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 } | |
3236 }; | |
3237 | |
3238 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd); | |
3239 PARSE_loc_rules( rules, cmd ); | |
3240 } | |
3241 | |
3242 /* Re-Auth-Request */ | |
3243 { | |
3244 /* | |
3245 Add additional rules of the ABNF (compared to Base definition): | |
3246 | |
3247 <RA-Request> ::= < Diameter Header: 258, REQ, PXY > | |
3248 < Session-Id > | |
3249 { Origin-Host } | |
3250 { Origin-Realm } | |
3251 { Destination-Realm } | |
3252 { Destination-Host } | |
3253 { Auth-Application-Id } | |
3254 { Re-Auth-Request-Type } | |
3255 [ User-Name ] | |
3256 [ Origin-AAA-Protocol ] | |
3257 [ Origin-State-Id ] | |
3258 [ NAS-Identifier ] | |
3259 [ NAS-IP-Address ] | |
3260 [ NAS-IPv6-Address ] | |
3261 [ NAS-Port ] | |
3262 [ NAS-Port-Id ] | |
3263 [ NAS-Port-Type ] | |
3264 [ Service-Type ] | |
3265 [ Framed-IP-Address ] | |
3266 [ Framed-IPv6-Prefix ] | |
3267 [ Framed-Interface-Id ] | |
3268 [ Called-Station-Id ] | |
3269 [ Calling-Station-Id ] | |
3270 [ Originating-Line-Info ] | |
3271 [ Acct-Session-Id ] | |
3272 [ Acct-Multi-Session-Id ] | |
3273 [ State ] | |
3274 * [ Class ] | |
3275 [ Reply-Message ] | |
3276 * [ Proxy-Info ] | |
3277 * [ Route-Record ] | |
3278 * [ AVP ] | |
3279 */ | |
3280 struct dict_object * cmd; | |
3281 struct local_rules_definition rules[] = | |
3282 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3283 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } | |
3284 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3285 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } | |
3286 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } | |
3287 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } | |
3288 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } | |
3289 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } | |
3290 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3291 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1 } | |
3292 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } | |
3293 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3294 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3295 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } | |
3296 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1 } | |
3297 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1 } | |
3298 ,{ "State", RULE_OPTIONAL, -1, 1 } | |
3299 ,{ "Class", RULE_OPTIONAL, -1,-1 } | |
3300 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } | |
3301 }; | |
3302 | |
3303 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Request", &cmd); | |
3304 PARSE_loc_rules( rules, cmd ); | |
3305 } | |
3306 | |
3307 /* Re-Auth-Answer */ | |
3308 { | |
3309 /* | |
3310 Add additional rules of the ABNF (compared to Base definition): | |
3311 | |
3312 | |
3313 <RA-Answer> ::= < Diameter Header: 258, PXY > | |
3314 < Session-Id > | |
3315 { Result-Code } | |
3316 { Origin-Host } | |
3317 { Origin-Realm } | |
3318 [ User-Name ] | |
3319 [ Origin-AAA-Protocol ] | |
3320 [ Origin-State-Id ] | |
3321 [ Error-Message ] | |
3322 [ Error-Reporting-Host ] | |
3323 * [ Failed-AVP ] | |
3324 * [ Redirected-Host ] | |
3325 [ Redirected-Host-Usage ] | |
3326 [ Redirected-Host-Cache-Time ] | |
3327 [ Service-Type ] | |
3328 * [ Configuration-Token ] | |
3329 [ Idle-Timeout ] | |
3330 [ Authorization-Lifetime ] | |
3331 [ Auth-Grace-Period ] | |
3332 [ Re-Auth-Request-Type ] | |
3333 [ State ] | |
3334 * [ Class ] | |
3335 * [ Reply-Message ] | |
3336 [ Prompt ] | |
3337 * [ Proxy-Info ] | |
3338 * [ AVP ] | |
3339 */ | |
3340 struct dict_object * cmd; | |
3341 struct local_rules_definition rules[] = | |
3342 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3343 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } | |
3344 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1 } | |
3345 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 } | |
3346 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } | |
3347 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 } | |
3348 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 } | |
3349 ,{ "State", RULE_OPTIONAL, -1, 1 } | |
3350 ,{ "Class", RULE_OPTIONAL, -1,-1 } | |
3351 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } | |
3352 ,{ "Prompt", RULE_OPTIONAL, -1, 1 } | |
3353 }; | |
3354 | |
3355 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Answer", &cmd); | |
3356 PARSE_loc_rules( rules, cmd ); | |
3357 } | |
3358 | |
3359 /* Session-Termination-Request */ | |
3360 { | |
3361 /* | |
3362 Add additional rules of the ABNF (compared to Base definition): | |
3363 | |
3364 | |
3365 <ST-Request> ::= < Diameter Header: 275, REQ, PXY > | |
3366 < Session-Id > | |
3367 { Origin-Host } | |
3368 { Origin-Realm } | |
3369 { Destination-Realm } | |
3370 { Auth-Application-Id } | |
3371 { Termination-Cause } | |
3372 [ User-Name ] | |
3373 [ Destination-Host ] | |
3374 * [ Class ] | |
3375 [ Origin-AAA-Protocol ] | |
3376 [ Origin-State-Id ] | |
3377 * [ Proxy-Info ] | |
3378 * [ Route-Record ] | |
3379 * [ AVP ] | |
3380 */ | |
3381 struct dict_object * cmd; | |
3382 struct local_rules_definition rules[] = | |
3383 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3384 }; | |
3385 | |
3386 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Request", &cmd); | |
3387 PARSE_loc_rules( rules, cmd ); | |
3388 } | |
3389 | |
3390 /* Session-Termination-Answer */ | |
3391 { | |
3392 /* | |
3393 Add additional rules of the ABNF (compared to Base definition): | |
3394 | |
3395 <ST-Answer> ::= < Diameter Header: 275, PXY > | |
3396 < Session-Id > | |
3397 { Result-Code } | |
3398 { Origin-Host } | |
3399 { Origin-Realm } | |
3400 [ User-Name ] | |
3401 * [ Class ] | |
3402 [ Error-Message ] | |
3403 [ Error-Reporting-Host ] | |
3404 * [ Failed-AVP ] | |
3405 [ Origin-AAA-Protocol ] | |
3406 [ Origin-State-Id ] | |
3407 * [ Redirect-Host ] | |
3408 [ Redirect-Host-Usase ] | |
3409 [ Redirect-Max-Cache-Time ] | |
3410 * [ Proxy-Info ] | |
3411 * [ AVP ] | |
3412 */ | |
3413 struct dict_object * cmd; | |
3414 struct local_rules_definition rules[] = | |
3415 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3416 }; | |
3417 | |
3418 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Answer", &cmd); | |
3419 PARSE_loc_rules( rules, cmd ); | |
3420 } | |
3421 | |
3422 /* Abort-Session-Request */ | |
3423 { | |
3424 /* | |
3425 Add additional rules of the ABNF (compared to Base definition): | |
3426 | |
3427 <AS-Request> ::= < Diameter Header: 274, REQ, PXY > | |
3428 < Session-Id > | |
3429 { Origin-Host } | |
3430 { Origin-Realm } | |
3431 { Destination-Realm } | |
3432 { Destination-Host } | |
3433 { Auth-Application-Id } | |
3434 [ User-Name ] | |
3435 [ Origin-AAA-Protocol ] | |
3436 [ Origin-State-Id ] | |
3437 [ NAS-Identifier ] | |
3438 [ NAS-IP-Address ] | |
3439 [ NAS-IPv6-Address ] | |
3440 [ NAS-Port ] | |
3441 [ NAS-Port-Id ] | |
3442 [ NAS-Port-Type ] | |
3443 [ Service-Type ] | |
3444 [ Framed-IP-Address ] | |
3445 [ Framed-IPv6-Prefix ] | |
3446 [ Framed-Interface-Id ] | |
3447 [ Called-Station-Id ] | |
3448 [ Calling-Station-Id ] | |
3449 [ Originating-Line-Info ] | |
3450 [ Acct-Session-Id ] | |
3451 [ Acct-Multi-Session-Id ] | |
3452 [ State ] | |
3453 * [ Class ] | |
3454 * [ Reply-Message ] | |
3455 * [ Proxy-Info ] | |
3456 * [ Route-Record ] | |
3457 * [ AVP ] | |
3458 | |
3459 */ | |
3460 struct dict_object * cmd; | |
3461 struct local_rules_definition rules[] = | |
3462 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3463 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } | |
3464 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3465 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } | |
3466 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } | |
3467 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } | |
3468 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } | |
3469 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } | |
3470 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3471 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1 } | |
3472 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } | |
3473 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3474 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3475 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } | |
3476 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1 } | |
3477 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1 } | |
3478 ,{ "State", RULE_OPTIONAL, -1, 1 } | |
3479 ,{ "Class", RULE_OPTIONAL, -1,-1 } | |
3480 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } | |
3481 }; | |
3482 | |
3483 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Request", &cmd); | |
3484 PARSE_loc_rules( rules, cmd ); | |
3485 } | |
3486 | |
3487 /* Abort-Session-Answer */ | |
3488 { | |
3489 /* | |
3490 Add additional rules of the ABNF (compared to Base definition): | |
3491 | |
3492 <AS-Answer> ::= < Diameter Header: 274, PXY > | |
3493 < Session-Id > | |
3494 { Result-Code } | |
3495 { Origin-Host } | |
3496 { Origin-Realm } | |
3497 [ User-Name ] | |
3498 [ Origin-AAA-Protocol ] | |
3499 [ Origin-State-Id ] | |
3500 [ State] | |
3501 [ Error-Message ] | |
3502 [ Error-Reporting-Host ] | |
3503 * [ Failed-AVP ] | |
3504 * [ Redirected-Host ] | |
3505 [ Redirected-Host-Usage ] | |
3506 [ Redirected-Max-Cache-Time ] | |
3507 * [ Proxy-Info ] | |
3508 * [ AVP ] | |
3509 */ | |
3510 struct dict_object * cmd; | |
3511 struct local_rules_definition rules[] = | |
3512 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3513 ,{ "State", RULE_REQUIRED, -1, 1 } | |
3514 }; | |
3515 | |
3516 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Answer", &cmd); | |
3517 PARSE_loc_rules( rules, cmd ); | |
3518 } | |
3519 | |
3520 /* Accounting-Request */ | |
3521 { | |
3522 /* | |
3523 Add additional rules of the ABNF (compared to Base definition): | |
3524 | |
3525 <AC-Request> ::= < Diameter Header: 271, REQ, PXY > | |
3526 < Session-Id > | |
3527 { Origin-Host } | |
3528 { Origin-Realm } | |
3529 { Destination-Realm } | |
3530 { Accounting-Record-Type } | |
3531 { Accounting-Record-Number } | |
3532 [ Acct-Application-Id ] | |
3533 [ Vendor-Specific-Application-Id ] | |
3534 [ User-Name ] | |
3535 [ Accounting-Sub-Session-Id ] | |
3536 [ Acct-Session-Id ] | |
3537 [ Acct-Multi-Session-Id ] | |
3538 [ Origin-AAA-Protocol ] | |
3539 [ Origin-State-Id ] | |
3540 [ Destination-Host ] | |
3541 [ Event-Timestamp ] | |
3542 [ Acct-Delay-Time ] | |
3543 [ NAS-Identifier ] | |
3544 [ NAS-IP-Address ] | |
3545 [ NAS-IPv6-Address ] | |
3546 [ NAS-Port ] | |
3547 [ NAS-Port-Id ] | |
3548 [ NAS-Port-Type ] | |
3549 * [ Class ] | |
3550 [ Service-Type ] | |
3551 [ Termination-Cause ] | |
3552 [ Accounting-Input-Octets ] | |
3553 [ Accounting-Input-Packets ] | |
3554 [ Accounting-Output-Octets ] | |
3555 [ Accounting-Output-Packets ] | |
3556 [ Acct-Authentic ] | |
3557 [ Accounting-Auth-Method ] | |
3558 [ Acct-Link-Count ] | |
3559 [ Acct-Session-Time ] | |
3560 [ Acct-Tunnel-Connection ] | |
3561 [ Acct-Tunnel-Packets-Lost ] | |
3562 [ Callback-Id ] | |
3563 [ Callback-Number ] | |
3564 [ Called-Station-Id ] | |
3565 [ Calling-Station-Id ] | |
3566 * [ Connection-Info ] | |
3567 [ Originating-Line-Info ] | |
3568 [ Authorization-Lifetime ] | |
3569 [ Session-Timeout ] | |
3570 [ Idle-Timeout ] | |
3571 [ Port-Limit ] | |
3572 [ Accounting-Realtime-Required ] | |
3573 [ Acct-Interim-Interval ] | |
3574 * [ Filter-Id ] | |
3575 * [ NAS-Filter-Rule ] | |
3576 * [ Qos-Filter-Rule ] | |
3577 [ Framed-AppleTalk-Link ] | |
3578 [ Framed-AppleTalk-Network ] | |
3579 [ Framed-AppleTalk-Zone ] | |
3580 [ Framed-Compression ] | |
3581 [ Framed-Interface-Id ] | |
3582 [ Framed-IP-Address ] | |
3583 [ Framed-IP-Netmask ] | |
3584 * [ Framed-IPv6-Prefix ] | |
3585 [ Framed-IPv6-Pool ] | |
3586 * [ Framed-IPv6-Route ] | |
3587 [ Framed-IPX-Network ] | |
3588 [ Framed-MTU ] | |
3589 [ Framed-Pool ] | |
3590 [ Framed-Protocol ] | |
3591 * [ Framed-Route ] | |
3592 [ Framed-Routing ] | |
3593 * [ Login-IP-Host ] | |
3594 * [ Login-IPv6-Host ] | |
3595 [ Login-LAT-Group ] | |
3596 [ Login-LAT-Node ] | |
3597 [ Login-LAT-Port ] | |
3598 [ Login-LAT-Service ] | |
3599 [ Login-Service ] | |
3600 [ Login-TCP-Port ] | |
3601 * [ Tunneling ] | |
3602 * [ Proxy-Info ] | |
3603 * [ Route-Record ] | |
3604 * [ AVP ] | |
3605 */ | |
3606 struct dict_object * cmd; | |
3607 struct local_rules_definition rules[] = | |
3608 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3609 ,{ "Acct-Delay-Time", RULE_OPTIONAL, -1, 1 } | |
3610 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } | |
3611 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3612 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } | |
3613 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } | |
3614 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } | |
3615 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } | |
3616 ,{ "Class", RULE_OPTIONAL, -1,-1 } | |
3617 ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } | |
3618 ,{ "Termination-Cause", RULE_OPTIONAL, -1, 1 } | |
3619 ,{ "Accounting-Input-Octets", RULE_OPTIONAL, -1, 1 } | |
3620 ,{ "Accounting-Input-Packets", RULE_OPTIONAL, -1, 1 } | |
3621 ,{ "Accounting-Output-Octets", RULE_OPTIONAL, -1, 1 } | |
3622 ,{ "Accounting-Output-Packets", RULE_OPTIONAL, -1, 1 } | |
3623 ,{ "Acct-Authentic", RULE_OPTIONAL, -1, 1 } | |
3624 ,{ "Accounting-Auth-Method", RULE_OPTIONAL, -1, 1 } | |
3625 ,{ "Acct-Link-Count", RULE_OPTIONAL, -1, 1 } | |
3626 ,{ "Acct-Session-Time", RULE_OPTIONAL, -1, 1 } | |
3627 ,{ "Acct-Tunnel-Connection", RULE_OPTIONAL, -1, 1 } | |
3628 ,{ "Acct-Tunnel-Packets-Lost", RULE_OPTIONAL, -1, 1 } | |
3629 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1 } | |
3630 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 } | |
3631 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3632 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } | |
3633 ,{ "Connect-Info", RULE_OPTIONAL, -1,-1 } | |
3634 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } | |
3635 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } | |
3636 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1 } | |
3637 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 } | |
3638 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 } | |
3639 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1 } | |
3640 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1 } | |
3641 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1 } | |
3642 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1 } | |
3643 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1, 1 } | |
3644 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1 } | |
3645 ,{ "Framed-Compression", RULE_OPTIONAL, -1, 1 } | |
3646 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } | |
3647 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } | |
3648 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 } | |
3649 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1 } | |
3650 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1 } | |
3651 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 } | |
3652 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1 } | |
3653 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1 } | |
3654 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1 } | |
3655 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 } | |
3656 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 } | |
3657 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1 } | |
3658 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 } | |
3659 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 } | |
3660 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 } | |
3661 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 } | |
3662 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 } | |
3663 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 } | |
3664 ,{ "Login-Service", RULE_OPTIONAL, -1, 1 } | |
3665 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1 } | |
3666 ,{ "Tunneling", RULE_OPTIONAL, -1,-1 } | |
3667 }; | |
3668 | |
3669 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Request", &cmd); | |
3670 PARSE_loc_rules( rules, cmd ); | |
3671 } | |
3672 | |
3673 /* Accounting-Answer */ | |
3674 { | |
3675 /* | |
3676 Add additional rules of the ABNF (compared to Base definition): | |
3677 | |
3678 <AC-Answer> ::= < Diameter Header: 271, PXY > | |
3679 < Session-Id > | |
3680 { Result-Code } | |
3681 { Origin-Host } | |
3682 { Origin-Realm } | |
3683 { Accounting-Record-Type } | |
3684 { Accounting-Record-Number } | |
3685 [ Acct-Application-Id ] | |
3686 [ Vendor-Specific-Application-Id ] | |
3687 [ User-Name ] | |
3688 [ Accounting-Sub-Session-Id ] | |
3689 [ Acct-Session-Id ] | |
3690 [ Acct-Multi-Session-Id ] | |
3691 [ Event-Timestamp ] | |
3692 [ Error-Message ] | |
3693 [ Error-Reporting-Host ] | |
3694 * [ Failed-AVP ] | |
3695 [ Origin-AAA-Protocol ] | |
3696 [ Origin-State-Id ] | |
3697 [ NAS-Identifier ] | |
3698 [ NAS-IP-Address ] | |
3699 [ NAS-IPv6-Address ] | |
3700 [ NAS-Port ] | |
3701 [ NAS-Port-Id ] | |
3702 [ NAS-Port-Type ] | |
3703 [ Service-Type ] | |
3704 [ Termination-Cause ] | |
3705 [ Accounting-Realtime-Required ] | |
3706 [ Acct-Interim-Interval ] | |
3707 * [ Class ] | |
3708 * [ Proxy-Info ] | |
3709 * [ Route-Record ] | |
3710 * [ AVP ] | |
3711 | |
3712 */ | |
3713 struct dict_object * cmd; | |
3714 struct local_rules_definition rules[] = | |
3715 { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } | |
3716 ,{ "NAS-Identifier", RULE_REQUIRED, -1, 1 } | |
3717 ,{ "NAS-IP-Address", RULE_REQUIRED, -1, 1 } | |
3718 ,{ "NAS-IPv6-Address", RULE_REQUIRED, -1, 1 } | |
3719 ,{ "NAS-Port", RULE_REQUIRED, -1, 1 } | |
3720 ,{ "NAS-Port-Id", RULE_REQUIRED, -1, 1 } | |
3721 ,{ "NAS-Port-Type", RULE_REQUIRED, -1, 1 } | |
3722 ,{ "Service-Type", RULE_REQUIRED, -1, 1 } | |
3723 ,{ "Termination-Cause", RULE_REQUIRED, -1, 1 } | |
3724 }; | |
3725 | |
3726 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Answer", &cmd); | |
3727 PARSE_loc_rules( rules, cmd ); | |
3728 } | |
3729 } | |
3730 | |
3731 TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for NASREQ' initialized"); | |
3732 return 0; | |
3733 } | |
3734 | |
3735 EXTENSION_ENTRY("dict_nasreq", dnr_entry); |