Mercurial > hg > freeDiameter
view doc/acl_wl.conf.sample @ 1479:c0aa1e66c12e
csv_to_fd: improve validation
* Validate flags:
- Ensure M and V can't occur more than once.
- Ensure absence of V for vendor 0.
- Ensure presence of V for vendor not 0.
* Ensure AVP name is unique per vendor.
* Add AVP name to most errors.
* Use csv.DictReader.line_num for more accurate line numbers.
TODO: enforce M and V must be present once and only once.
Some AVPs currently fail that rule, including:
- RFC 4005 / RFC 7155 QoS-Filter-Rule
- 3GPP TS 29.212 PDN-Connection-ID
- 3GPP TS 29.212 PS-to-CS-Session-Continuity
| author | Luke Mewburn <luke@mewburn.net> |
|---|---|
| date | Thu, 26 Mar 2020 10:28:16 +1100 |
| parents | 0dff6a604b0a |
| children |
line wrap: on
line source
# Configuration file for the peer whitelist extension. # # This extension is meant to allow connection from remote peers, without actively # maintaining this connection ourselves (as it would be the case by declaring the # peer in a ConnectPeer directive). # # This extension supports configuration reload at runtime. Send # signal SIGUSR1 to the process to cause the process to reload its # config. # # The format of this file is very simple. It contains a list of peer names # separated by spaces or newlines. # # The peer name must be a fqdn. We allow also a special "*" character as the # first label of the fqdn, to allow all fqdn with the same domain name. # Example: *.example.net will allow host1.example.net and host2.example.net # # At the beginning of a line, the following flags are allowed (case sensitive) -- either or both can appear: # ALLOW_OLD_TLS : we accept unprotected CER/CEA exchange with Inband-Security-Id = TLS # ALLOW_IPSEC : we accept implicitly protected connection with with peer (Inband-Security-Id = IPSec) # It is specified for example as: # ALLOW_IPSEC vpn.example.net vpn2.example.net *.vpn.example.net # These flag take effect from their position, until the end of the line.