Mercurial > hg > freeDiameter
view doc/app_redirect.conf.sample @ 1515:8430dabbc637
Add 3GPP TS 29.109 V15.0.0 (2017-06)
Add AVPs:
- GBA-UserSecSettings, OctetString, code 400, section 6.3.1.1
- Transaction-Identifier, OctetString, code 401, section 6.3.1.2
- NAF-Id, OctetString, code 402, section 6.3.1.3
- GAA-Service-Identifier, OctetString, code 403, section 6.3.1.4
- Key-ExpiryTime, Time, code 404, section 6.3.1.5
- ME-Key-Material, OctetString, code 405, section 6.3.1.6
- UICC-Key-Material, OctetString, code 406, section 6.3.1.7
- GBA-U-Awareness-Indicator, Enumerated, code 407, section 6.3.1.8
- BootstrapInfoCreationTime, Time, code 408, section 6.3.1.9
- GUSS-Timestamp, Time, code 409, section 6.3.1.10
- GBA-Type, Enumerated, code 410, section 6.3.1.11
- UE-Id, OctetString, code 411, section 6.3.1.12
- UE-Id-Type, Enumerated, code 412, section 6.3.1.13
- UICC-App-Label, OctetString, code 413, section 6.3.1.14
- UICC-ME, Enumerated, code 414, section 6.3.1.15
- Requested-Key-Lifetime, Time, code 415, section 6.3.1.16
- Private-Identity-Request, Enumerated, code 416, section 6.3.1.17
- GBA-Push-Info, OctetString, code 417, section 6.3.1.18
- NAF-SA-Identifier, OctetString, code 418, section 6.3.1.19
- Security-Feature-Request, OctetString, code 419, section 6.3.1.20
- Security-Feature-Response, OctetString, code 420, section 6.3.1.21
Note: 3GPP TS 29.109 table 6.1 row GBA_U-Awareness-Indicator (407)
has an underscore in the name (contrary to RFC 6733 section 4.1).
Fix: GBA_U-Awareness-Indicator (407) renamed to GBA-U-Awareness-Indicator (407).
| author | Luke Mewburn <luke@mewburn.net> |
|---|---|
| date | Thu, 09 Apr 2020 00:34:15 +1000 |
| parents | 8d7201a747eb |
| children |
line wrap: on
line source
# This file contains the configuration for the app_redirect extension of freeDiameter. # # This extension provides configurable Redirect messages. # Lines starting with a # are comments and ignored. # Spaces and newlines are not meaningful, except inside quoted areas. ######################################################################################### # See Diameter RFC for a detailed explanation on Redirects semantics # ######################################################################################### ## default_redirect_cache_time # Specify the default value for Redirect-Max-Cache-Time. # This value can be overwritten for each rule as specified below. # If this value is not specified, the default is: #default_redirect_cache_time = 86400; ## => 1 day # The remaining of this file contains a list of RULE elements. # Each RULE consists in three parts: # - a CRITERIA that specifies which messages the RULE applies to. # - a REDIRECT_TYPE that specifies what type of redirect is to be sent, and its duration. # - a TARGET_HOSTS list that specifies the host(s) to send the message to. # # The rules are matched in the order they appear in this file. Once a rule has matched, the # remaining rules are not processed. # # The basic format of a rule is: # REDIRECT_TYPE : CRITERIA to TARGET_HOSTS ; # These are a few examples. The definition of each term follows. # # 1) REALM_AND_APPLICATION : app=3 "Destination-Realm"="myrealm.net" to "aaas://acct1.myrealm.net" "aaas://acct2.myrealm.net"; # will ask all peers sending a Base Accounting message for realm "myrealm.net" to send # this message directly to either 'acct1.myrealm.net' or 'acct2.myrealm.net'. # # 2) ALL_SESSION 3600 : "Origin-AAA-Protocol"=1 "Destination-Realm"="myrealm.net" to "aaas://raddiam.myrealm.net"; # Will ask any peer sending messages translated from RADIUS and targeted to this realm # to address all the messages from the same session to 'raddiam.myrealm.net'. The # redirect entry should be stored for 1 hour. # # 3) ALL_HOST : from.realm=[".*\.(fr|de|es)"] to "aaas://relay-EU.myrealm.net"; # ALL_HOST : from.realm=[".*\.(cn|jp|vn)"] to "aaas://relay-ASIA.myrealm.net"; # Redirect messages to different relays depending on where they come from. # # 4) ALL_HOST : to "aaas://newserv.myrealm.net"; # This server was relocated, tell all peers to go directly to the new one. # This rule should appear last because it matches all messages, so further rules will never be used. # # REDIRECT_TYPE # # The redirect_type is one of the following (see Redirect-Host-Usage AVP definition in RFC for semantics): # DONT_CACHE # ALL_SESSION # ALL_REALM # REALM_AND_APPLICATION # ALL_APPLICATION # ALL_HOST # ALL_USER # In addition, an integer can follow. If specified, it overwrites the default_redirect_cache_time # value for this rule. The value is always specified in seconds. # # CRITERIA # # Each RULE can contain 0 or more criteria. # If no criteria is specified, all messages are assumed to match (wildcard). # If more than one criteria is specified, an "AND" relationship is assumed. # If you need to specify "OR", just create separate rules. # # In the following definitions, "STR/REG" stands for: # - a quoted string "some.peer" that will match exactly this string (case-insensitive), or # - a bracket-quoted string ["some regex"] that will be interpreted as a POSIX extended regular expression (case-sensitive), and attempt to match the string. # # A criteria is one of the following: # from.id="STR/REG" -> matches messages received from peer with this Diameter Identity. # from.realm="STR/REG" -> matches messages received from peer with this Realm. # app=U32_VALUE -> matches messages with this Diameter Application-Id value in its header. # "AVP-name"=U32_VALUE -> matches messages that contain an avp "AVP-name" (replace with the realm name) with this value. # "AVP-name"="STR/REG" -> matches messages that contain an avp "AVP-name" (replace with the realm name) with this . # # TARGET_HOSTS # # This is a simple list of DiameterURI that must be sent back. # See the RFC for valid format of Diameter URI: # "aaa://" FQDN [ port ] [ transport ] [ protocol ] # "aaas://" FQDN [ port ] [ transport ] [ protocol ] ######################################################################################