# HG changeset patch # User Francois Bard # Date 1289991395 -32400 # Node ID f051e3795daedd7f2c261d46578b43d5b37f0010 # Parent e141506deef84487e9d0e23aaef8015bf9eb3a39 Updates comments and a compiler dependent piece of code diff -r e141506deef8 -r f051e3795dae extensions/dict_mip6a/dict_mip6a.c --- a/extensions/dict_mip6a/dict_mip6a.c Mon Nov 15 16:49:22 2010 +0900 +++ b/extensions/dict_mip6a/dict_mip6a.c Wed Nov 17 19:56:35 2010 +0900 @@ -33,7 +33,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ -/********************************************************************************************************* +/* + The following table complete the one in RFC 5778, page 18. The AVPs are implemented below following the order of this table. We try to keep the structure of the grouped AVP by declaring the contained AVPs just before the grouped AVP they depend on. The number of '+' indicates the depth of the contained AVP. @@ -41,12 +42,12 @@ DEPTH NAME AVP RFC TYPE NOTES MIP6-Feature-Vector 124 5447 Unsigned64 - User-Name 1 3588 UTF8String implemented in base protocol + User-Name 1 3588 UTF8String Service-Selection 493 5778 UTF8String MIP-MN-AAA-SPI 341 5778 Unsigned32 + MIP-Home-Agent-Address 334 4004 Address -++ Destination-Host 293 3588 DiameterIdentity implemented in base protocol -++ Destination-Realm 283 3588 DiameterIdentity implemented in base protocol +++ Destination-Host 293 3588 DiameterIdentity +++ Destination-Realm 283 3588 DiameterIdentity + MIP-Home-Agent-Host 348 4004 Grouped + MIP6-Home-Link-Prefix 125 5447 OctetString MIP6-Agent-Info 486 5447 Grouped @@ -75,7 +76,7 @@ Accounting-Output-Octets 364 4004, 4005 Unsigned64 Accounting-Input-Packets 365 4004, 4005 Unsigned64 Accounting-Output-Packets 366 4004, 4005 Unsigned64 - Acct-Multi-Session-Id 50 3588 UTF8String implemented in base protocol + Acct-Multi-Session-Id 50 3588 UTF8String Acct-Session-Time 46 2866, 4004 Unsigned32 MIP6-Feature-Vector ---------------------------------- MIP-Mobile-Node-Address ---------------------------------- @@ -86,81 +87,23 @@ QoS-Capability ---------------------------------- MIP-Careof-Address ---------------------------------- -REST OF THE AVPs IN THE MIR & MIA EXCLUDING *[AVP] - -MIP6-Request - Only a few radius AVPs have to be implemented. +RADIUS AVPs (contained in the MIR/MIA) - Session-ID 263 3588 (diameter) - Auth-Application-Id 258 3588 - User-Name 1 3588 - Destination-Realm 283 3588 - Origin-Host 264 3588 - Origin-Realm 296 3588 - Auth-Request-Type 274 3588 - Destination-Host 293 3588 - Origin-State-Id 278 3588 - NAS-Identifier 32 2865 (radius) needed - NAS-IP-Address 4 2865 needed - NAS-IPv6-Address 95 3162 needed - NAS-Port-Type 61 2865 needed - Called-Station-Id 30 2865 needed - Calling-Station-Id 31 2865 needed - MIP6-Feature-Vector ------------ - MIP6-Auth-Mode ------------ - MIP-MN-AAA-SPI ------------ - MIP-MN-HA-SPI ------------ - MIP-Mobile-Node-Address ------------ - MIP6-Agent-Info ------------ - MIP-Careof-Address ------------ - MIP-Authenticator ------------ - MIP-MAC-Mobility-Data ------------ - MIP-Timestamp ------------ - QoS-Capability ------------ - QoS-Resources ------------ - Chargeable-User-Identity ------------ - Service-Selection ------------ - Authorization-Lifetime 291 3588 - Auth-Session-State 277 3588 - Proxy-Info 284 3588 - Route-Record 282 3588 + NAS-Identifier 32 2865 radius (see avp) + NAS-IP-Address 4 2865 radius (see avp) + NAS-IPv6-Address 95 3162 radius (see avp) + NAS-Port-Type 61 2865 radius (see avp) + Called-Station-Id 30 2865 radius (see avp) + Calling-Station-Id 31 2865 radius (see avp) -MIP6-Answer - All of them are already implemented as base protocol AVPs or implemented earlier. - Session-Id 263 3588 (diameter) - Auth-Application-Id 258 3588 - Result-Code 268 3588 - Origin-Host 264 3588 - Origin-Realm 296 3588 - Auth-Request-Type 274 3588 - User-Name 1 3588 - Authorization-Lifetime 291 3588 - Auth-Session-State 277 3588 - Error-Message 281 3588 - Error-Reporting-Host 294 3588 - Re-Auth-Request-Type 285 3588 - MIP6-Feature-Vector ------------------- - MIP-Agent-Info ------------------- - MIP-Mobile-Node-Address ------------------- - MIP-MN-HA-MSA ------------------- - QoS-Resources ------------------- - Chargeable-User-Identity ------------------- - Service-Selection ------------------- - Origin-State-Id 278 3588 - Proxy-Info 284 3588 - Redirect-Host 292 3588 - Redirect-Host-Usage 261 3588 - Redirect-Max-Cache-Time 262 3588 - Failed-AVP 279 3588 - -Other AVPs? - -************************************************************************************************************/ +*/ /**************************************************************************************************************************************** * * * This table is a copy of the registry named "MIP6 Authentication Mode Registry" and managed by IANA. * * source : http://www.iana.org/assignments/aaa-parameters/aaa-parameters.txt * -* * +* up to date on october 2010 * * * * Value Token Reference * * 0 Reserved [RFC5778] * @@ -171,16 +114,10 @@ /* - NOTES TO SELF - - Reflechir au rangement des avps - - Verifier si dans les grouped avps il faut aussi implementer les sous avp - - verifier si les avps sont up-to-date, et ecrire la date a laquelle ils sont up-to-date +NOTES - - comment on fait pour les namespaces? (typiquement MIP6_AUTH_MN_AAA, RFC5778 page 30) - - (pour linstant jai fait un define) - - -RELIRE ! jai peu quil y ait des fautes. surtout celle la. +check for omissions ! */ @@ -239,9 +176,11 @@ /* Defines if there are any */ -/* New Result-Code for MIP (RFC5778, Section 7.*) */ +//New Result-Code for MIP (RFC5778, Section 7.*) #define DIAMETER_SUCCESS_RELOCATE_HA 2009 #define DIAMETER_ERROR_MIP6_AUTH_MODE 5041 + +//Others #define MIP6_AUTH_MN_AAA 1 /* Dictionary */ @@ -796,25 +735,359 @@ CHECK_dict_new( DICT_AVP, &data , NULL, NULL); } - } - ///////////////////////////////////// /* Radius AVPs - used in MIR & MIA */ ///////////////////////////////////// - /* - * - * voir MIP6I - * - NAS-Identifier 32 2865 (radius) - NAS-IP-Address 4 2865 - NAS-IPv6-Address 95 3162 - NAS-Port-Type 61 2865 - Called-Station-Id 30 2865 - Calling-Station-Id 31 2865 - */ + /* + We used the following correspondences for determining the type of the Radius AVPs + + Radius Diameter + + text UTF8Sting + string OctetString + address Address + integer Unsigned32 + time Time + */ + /* NAS-Identifier 32 3575 */ + { + /* + string -> OctetString + */ + + struct dict_avp_data data = { + 32, /* Code */ + 0, /* Vendor */ + "NAS-Identifier", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_OCTETSTRING /* base type of data */ + }; + + CHECK_dict_new( DICT_AVP, &data , NULL, NULL); + } + + /* NAS-IP-Address 4 3575 */ + { + /* + address -> Address + */ + + struct dict_avp_data data = { + 4, /* Code */ + 0, /* Vendor */ + "NAS-IP-Address", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_OCTETSTRING /* base type of data */ + }; + + CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); + } + + /* NAS-IPv6-Address 95 3162 */ + { + /* + address -> Address + */ + + struct dict_avp_data data = { + 95, /* Code */ + 0, /* Vendor */ + "NAS-IPv6-Address", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_OCTETSTRING /* base type of data */ + }; + + CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); + } + + /* NAS-Port-Type 61 2865 */ + { + /* + integer -> Unsigned32 + + Value + + The Value field is four octets. "Virtual" refers to a connection + to the NAS via some transport protocol, instead of through a + physical port. For example, if a user telnetted into a NAS to + authenticate himself as an Outbound-User, the Access-Request might + include NAS-Port-Type = Virtual as a hint to the RADIUS server + that the user was not on a physical port. + + 0 Async + 1 Sync + 2 ISDN Sync + 3 ISDN Async V.120 + 4 ISDN Async V.110 + 5 Virtual + 6 PIAFS + 7 HDLC Clear Channel + 8 X.25 + 9 X.75 + 10 G.3 Fax + 11 SDSL - Symmetric DSL + 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase + Modulation + 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone + 14 IDSL - ISDN Digital Subscriber Line + 15 Ethernet + 16 xDSL - Digital Subscriber Line of unknown type + 17 Cable + 18 Wireless - Other + 19 Wireless - IEEE 802.11 + + PIAFS is a form of wireless ISDN commonly used in Japan, and + stands for PHS (Personal Handyphone System) Internet Access Forum + Standard (PIAFS). + */ + + struct dict_avp_data data = { + 61, /* Code */ + 0, /* Vendor */ + "NAS-Port-Type", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_UNSIGNED32 /* base type of data */ + }; + + CHECK_dict_new( DICT_AVP, &data , NULL, NULL); + } + + /* Called-Station-Id 30 2865 */ + { + /* + string -> OctetString + */ + + struct dict_avp_data data = { + 30, /* Code */ + 0, /* Vendor */ + "Called-Station-Id", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_OCTETSTRING /* base type of data */ + }; + + CHECK_dict_new( DICT_AVP, &data , NULL, NULL); + } + /* Calling-Station-Id 31 2865 */ + { + /* + string -> OctetString + */ + + struct dict_avp_data data = { + 31, /* Code */ + 0, /* Vendor */ + "Calling-Station-Id", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_OCTETSTRING /* base type of data */ + }; + + CHECK_dict_new( DICT_AVP, &data , NULL, NULL); + } + } + +/*******************/ +/* Command section */ +/*******************/ + + { + /* MIP6-Request (MIR) */ + { + /* + + The MIP6-Request (MIR), indicated by the Command-Code field set to + 325 and the 'R' bit set in the Command Flags field, is sent by the + HA, acting as a Diameter client, in order to request the + authentication and authorization of an MN. + + Although the HA provides the Diameter server with replay protection- + related information, the HA is responsible for the replay protection. + + The message format is shown below. + + ::= < Diameter Header: 325, REQ, PXY > + < Session-ID > + { Auth-Application-Id } + { User-Name } + { Destination-Realm } + { Origin-Host } + { Origin-Realm } + { Auth-Request-Type } + [ Destination-Host ] + [ Origin-State-Id ] + [ NAS-Identifier ] + [ NAS-IP-Address ] + [ NAS-IPv6-Address ] + [ NAS-Port-Type ] + [ Called-Station-Id ] + [ Calling-Station-Id ] + [ MIP6-Feature-Vector ] + { MIP6-Auth-Mode } + [ MIP-MN-AAA-SPI ] + [ MIP-MN-HA-SPI ] + 1*2{ MIP-Mobile-Node-Address } + { MIP6-Agent-Info } + { MIP-Careof-Address } + [ MIP-Authenticator ] + [ MIP-MAC-Mobility-Data ] + [ MIP-Timestamp ] + [ QoS-Capability ] + * [ QoS-Resources ] + [ Chargeable-User-Identity ] + [ Service-Selection ] + [ Authorization-Lifetime ] + [ Auth-Session-State ] + * [ Proxy-Info ] + * [ Route-Record ] + * [ AVP ] + + If the MN is both authenticated and authorized for the mobility + service, then the Auth-Request-Type AVP is set to the value + AUTHORIZE_AUTHENTICATE. This is the case when the MIP6-Auth-Mode is + set to the value MIP6_AUTH_MN_AAA. + + */ + struct dict_object * cmd; + struct dict_cmd_data data = { + 325, /* Code */ + "MIP6-Request", /* Name */ + CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */ + CMD_FLAG_PROXIABLE /* Fixed flag values */ + }; + struct local_rules_definition rules[] = + { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } + ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } + ,{ "User-Name", RULE_REQUIRED, -1, 1 } + ,{ "Destination-Realm", RULE_REQUIRED, -1, 1 } + ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } + ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } + ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } + ,{ "Destination-Host", RULE_OPTIONAL, -1, 1 } + ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } + ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } + ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } + ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } + ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } + ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } + ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } + ,{ "MIP6-Feature-Vector", RULE_OPTIONAL, -1, 1 } + ,{ "MIP6-Auth-Mode", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-MN-AAA-SPI", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-MN-HA-SPI", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-Mobile-Node-Address", RULE_OPTIONAL, 1, 2 } + ,{ "MIP6-Agent-Info", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-Careof-Address", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-Authenticator", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-MAC-Mobility-Data", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-Timestamp", RULE_OPTIONAL, -1, 1 } + ,{ "QoS-Capability", RULE_OPTIONAL, -1, 1 } + ,{ "QoS-Resources", RULE_OPTIONAL, -1, -1 } + ,{ "Chargeable-User-Identity", RULE_OPTIONAL, -1, 1 } + ,{ "Service-Selection", RULE_OPTIONAL, -1, 1 } + ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } + ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } + ,{ "Proxy-Info", RULE_OPTIONAL, -1, -1 } + ,{ "Route-Record", RULE_OPTIONAL, -1, -1 } + }; + + CHECK_dict_new( DICT_COMMAND, &data , mip6i, &cmd); + PARSE_loc_rules( rules, cmd ); + } + + /* MIP6-Answer (MIA) */ + { + /* + + The MIP6-Answer (MIA) message, indicated by the Command-Code field + set to 325 and the 'R' bit cleared in the Command Flags field, is + sent by the Diameter server in response to the MIP6-Request message. + + The User-Name AVP MAY be included in the MIA if it is present in the + MIR. The Result-Code AVP MAY contain one of the values defined in + Section 7, in addition to the values defined in [RFC3588]. + + An MIA message with the Result-Code AVP set to DIAMETER_SUCCESS MUST + include the MIP-Mobile-Node-Address AVP. + + The message format is shown below. + + ::= < Diameter Header: 325, PXY > + < Session-Id > + { Auth-Application-Id } + { Result-Code } + { Origin-Host } + { Origin-Realm } + { Auth-Request-Type } + [ User-Name ] + [ Authorization-Lifetime ] + [ Auth-Session-State ] + [ Error-Message ] + [ Error-Reporting-Host ] + [ Re-Auth-Request-Type ] + [ MIP6-Feature-Vector ] + [ MIP-Agent-Info ] + *2[ MIP-Mobile-Node-Address ] + [ MIP-MN-HA-MSA ] + * [ QoS-Resources ] + [ Chargeable-User-Identity ] + [ Service-Selection ] + [ Origin-State-Id ] + * [ Proxy-Info ] + * [ Redirect-Host ] + [ Redirect-Host-Usage ] + [ Redirect-Max-Cache-Time ] + * [ Failed-AVP ] + * [ AVP ] + + */ + struct dict_object * cmd; + struct dict_cmd_data data = { + 325, /* Code */ + "MIP6-Answer", /* Name */ + CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */ + CMD_FLAG_PROXIABLE /* Fixed flag values */ + }; + struct local_rules_definition rules[] = + { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } + ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } + ,{ "Result-Code", RULE_REQUIRED, -1, 1 } + ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } + ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } + ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } + ,{ "User-Name", RULE_OPTIONAL, -1, 1 } + ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } + ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } + ,{ "Error-Message", RULE_OPTIONAL, -1, 1 } + ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1 } + ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 } + ,{ "MIP6-Feature-Vector", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-Agent-Info", RULE_OPTIONAL, -1, 1 } + ,{ "MIP-Mobile-Node-Address", RULE_OPTIONAL, -1, 2 } + ,{ "MIP-MN-HA-MSA", RULE_OPTIONAL, -1, 1 } + ,{ "QoS-Resources", RULE_OPTIONAL, -1, -1 } + ,{ "Chargeable-User-Identity", RULE_OPTIONAL, -1, 1 } + ,{ "Service-Selection", RULE_OPTIONAL, -1, 1 } + ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } + ,{ "Proxy-Info", RULE_OPTIONAL, -1, -1 } + ,{ "Redirect-Host", RULE_OPTIONAL, -1, -1 } + ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1 } + ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1 } + ,{ "Failed-AVP", RULE_OPTIONAL, -1, -1 } + }; + + CHECK_dict_new( DICT_COMMAND, &data , mip6i, &cmd); + PARSE_loc_rules( rules, cmd ); + } + } TRACE_DEBUG(INFO, "Dictionary Extension 'Diameter Mobile IPv6 Auth (MIP6A)' initialized"); return 0; } diff -r e141506deef8 -r f051e3795dae extensions/dict_mip6i/dict_mip6i.c --- a/extensions/dict_mip6i/dict_mip6i.c Mon Nov 15 16:49:22 2010 +0900 +++ b/extensions/dict_mip6i/dict_mip6i.c Wed Nov 17 19:56:35 2010 +0900 @@ -33,7 +33,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ -/********************************************************************************************************* +/* + The following table complete the one in RFC 5778, page 18. The AVPs are implemented below following the order of this table. We try to keep the structure of the grouped AVP by declaring the contained AVPs just before the grouped AVP they depend on. The number of '+' indicates the depth of the contained AVP. @@ -43,12 +44,12 @@ MIP6-Feature-Vector 124 5447 Unsigned64 MIP-Mobile-Node-Address 333 4004 Address + MIP-Home-Agent-Address 334 4004 Address -++ Destination-Host 293 3588 DiameterIdentity implemented in base protocol -++ Destination-Realm 283 3588 DiameterIdentity implemented in base protocol +++ Destination-Host 293 3588 DiameterIdentity +++ Destination-Realm 283 3588 DiameterIdentity + MIP-Home-Agent-Host 348 4004 Grouped + MIP6-Home-Link-Prefix 125 5447 OctetString MIP6-Agent-Info 486 5447 Grouped - User-Name 1 3588 UTF8String implemented in base protocol + User-Name 1 3588 UTF8String Service-Selection 493 5778 UTF8String + MIP-Replay-Mode 346 4004 Enumerated + MIP-Algorithm-Type 345 4004 Enumerated @@ -69,7 +70,7 @@ Accounting-Output-Octets 364 4004, 4005 Unsigned64 Accounting-Input-Packets 365 4004, 4005 Unsigned64 Accounting-Output-Packets 366 4004, 4005 Unsigned64 - Acct-Multi-Session-Id 50 3588 UTF8String implemented in base protocol + Acct-Multi-Session-Id 50 3588 UTF8String Acct-Session-Time 46 2866, 4004 Unsigned32 MIP6-Feature-Vector ---------------------------------- MIP-Mobile-Node-Address ---------------------------------- @@ -78,37 +79,36 @@ Service-Selection ---------------------------------- QoS-Resources ---------------------------------- QoS-Capability ---------------------------------- - MIP-Careof-Address 487 5778 Address needed in MIP6I at least for implementation reasons + MIP-Careof-Address 487 5778 Address needed (appears in MIR/MIA) -REST OF THE AVPs IN THE MIR & MIA EXCLUDING *[AVP] +REST OF THE AVPs IN THE MIR & MIA EXCLUDING *[AVP] (as written on page 19 of RFC 5778) MIP6-Request - Session-ID 263 3588 (diameter) + Session-ID 263 3588 Auth-Application-Id 258 3588 User-Name 1 3588 Destination-Realm 283 3588 Origin-Host 264 3588 Origin-Realm 296 3588 Auth-Request-Type 274 3588 - Destination-Host 293 3588 Origin-State-Id 278 3588 - NAS-Identifier 32 2865 (radius) string... needed - NAS-IP-Address 4 2865 ?? needed - NAS-IPv6-Address 95 3162 ?? needed - NAS-Port-Type 61 2865 ?? needed - Called-Station-Id 30 2865 ?? needed - Calling-Station-Id 31 2865 ?? needed + NAS-Identifier 32 2865 radius (see avp) needed (radius) + NAS-IP-Address 4 2865 radius (see avp) needed (radius) + NAS-IPv6-Address 95 3162 radius (see avp) needed (radius) + NAS-Port-Type 61 2865 radius (see avp) needed (radius) + Called-Station-Id 30 2865 radius (see avp) needed (radius) + Calling-Station-Id 31 2865 radius (see avp) needed (radius) MIP6-Feature-Vector ------------ - MIP6-Auth-Mode 494 5778 Enumerated needed in MIP6I at least for implementation reasons - MIP-MN-AAA-SPI 341 5778 Unsigned32 needed in MIP6I at least for implementation reasons + MIP6-Auth-Mode 494 5778 Enumerated needed (mip6a) + MIP-MN-AAA-SPI 341 5778 Unsigned32 needed (mip6a) MIP-MN-HA-SPI ------------ MIP-Mobile-Node-Address ------------ MIP6-Agent-Info ------------ MIP-Careof-Address ------------ - MIP-Authenticator 488 5778 OctetString needed in MIP6I at least for implementation reasons - MIP-MAC-Mobility-Data 489 5778 OctetString needed in MIP6I at least for implementation reasons - MIP-Timestamp 490 5778 OctetString needed in MIP6I at least for implementation reasons + MIP-Authenticator 488 5778 OctetString needed (mip6a) + MIP-MAC-Mobility-Data 489 5778 OctetString needed (mip6a) + MIP-Timestamp 490 5778 OctetString needed (mip6a) QoS-Capability ------------ QoS-Resources ------------ Chargeable-User-Identity ------------ @@ -120,41 +120,13 @@ MIP6-Answer - All of them are already implemented as base protocol AVPs or implemented earlier. - Session-Id 263 3588 (diameter) - Auth-Application-Id 258 3588 - Result-Code 268 3588 - Origin-Host 264 3588 - Origin-Realm 296 3588 - Auth-Request-Type 274 3588 - User-Name 1 3588 - Authorization-Lifetime 291 3588 - Auth-Session-State 277 3588 - Error-Message 281 3588 - Error-Reporting-Host 294 3588 - Re-Auth-Request-Type 285 3588 - MIP6-Feature-Vector ------------------- - MIP-Agent-Info ------------------- - MIP-Mobile-Node-Address ------------------- - MIP-MN-HA-MSA ------------------- - QoS-Resources ------------------- - Chargeable-User-Identity ------------------- - Service-Selection ------------------- - Origin-State-Id 278 3588 - Proxy-Info 284 3588 - Redirect-Host 292 3588 - Redirect-Host-Usage 261 3588 - Redirect-Max-Cache-Time 262 3588 - Failed-AVP 279 3588 - -Other AVPs? - -************************************************************************************************************/ +*/ /**************************************************************************************************************************************** * * * This table is a copy of the registry named "MIP6 Authentication Mode Registry" and managed by IANA. * * source : http://www.iana.org/assignments/aaa-parameters/aaa-parameters.txt * -* * +* up to date on october 2010 * * * * Value Token Reference * * 0 Reserved [RFC5778] * @@ -165,26 +137,10 @@ /* - NOTES TO SELF - - http://www.iana.org/assignments/aaa-parameters/aaa-parameters.txt - important, a suivre et verifier si il y a des evolutions - - - a quoi sert le int dict---init juste avant le debut du dico? - - -verifier si je ne fais pas des define pour rien - -dire de pas oublier d'inclure le dictionnaire eap - - inclure la rfc5777? ou le faire dans un autre fichier? - - la valeur MIP6_AUTH_MN_AAA est utilisee par quoi?? verifier. +NOTES - ne pas oublier de changer la clause bsd - - - - +check for omissions ! */ @@ -243,9 +199,11 @@ /* Defines if there are any */ -/* New Result-Code for MIP (RFC5778, Section 7.*) */ +//New Result-Code for MIP (RFC5778, Section 7.*) #define DIAMETER_SUCCESS_RELOCATE_HA 2009 #define DIAMETER_ERROR_MIP6_AUTH_MODE 5041 + +//others #define MIP6_AUTH_MN_AAA 1 /* Dictionary */ @@ -871,7 +829,7 @@ } /////////////////////////////////////////////////////////// - /* Other AVPs needed in MIP6I for implementation reasons */ + /* REST OF THE AVP IN THE MIR AND MIA EXCLUDING *[AVP] */ /////////////////////////////////////////////////////////// /* MIP6-Auth-Mode - RFC 5778 */ diff -r e141506deef8 -r f051e3795dae extensions/dict_nas_mipv6/dict_nas_mipv6.c --- a/extensions/dict_nas_mipv6/dict_nas_mipv6.c Mon Nov 15 16:49:22 2010 +0900 +++ b/extensions/dict_nas_mipv6/dict_nas_mipv6.c Wed Nov 17 19:56:35 2010 +0900 @@ -33,7 +33,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ -/********************************************************************************************************* +/* + The following table lists the AVPs needed for the NAS to HAAA server interaction. We try to keep the structure of the grouped AVP by declaring the contained AVPs just before the grouped AVP they depend on. The number of '+' indicates the depth of the contained AVP. @@ -48,21 +49,12 @@ + MIP6-Home-Link-Prefix 125 5447 OctetString yes MIP6-Agent-Info 486 5447 Grouped yes -************************************************************************************************************/ +*/ #include -/* - NOTES TO SELF - - - il faudra verifier les regles particulieres (page 6 de la rfc) 'au moins un des deux avps' - - - IMPLEMENTER LES AVPS QUI MANQUENT - -*/ - /* The content of this file follows the same structure as dict_base_proto.c */ #define CHECK_dict_new( _type, _data, _parent, _ref ) \ @@ -138,6 +130,11 @@ /* AVP section */ { + /* Loading the derived data formats */ + + struct dict_object * Address_type; + CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Address", &Address_type); + /* MIP6-Feature-Vector */ { /* @@ -157,12 +154,59 @@ } /* MIP-Home-Agent-Address - RFC 4004 */ + { + /* + + */ + + struct dict_avp_data data = { + 334, /* Code */ + 0, /* Vendor */ + "MIP-Home-Agent-Address", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_OCTETSTRING /* base type of data */ + }; + + CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); + } /* Destination-Host - Base Protocol */ /* Destination-Realm - Base Protocol */ /* MIP-Home-Agent-Host - RFC 4004 */ + { + /* + The MIP-Home-Agent-Host AVP (AVP Code 348) is of type Grouped and + contains the identity of the assigned Home Agent. If the MIP-Home- + Agent-Host AVP is present in the AMR, the AAAH MUST copy it into the + HAR. + + MIP-Home-Agent-Host ::= < AVP Header: 348 > + { Destination-Realm } + { Destination-Host } + * [ AVP ] + */ + + struct dict_object * avp; + struct dict_avp_data data = { + 348, /* Code */ + 0, /* Vendor */ + "MIP-Home-Agent-Host", /* Name */ + AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ + AVP_FLAG_MANDATORY, /* Fixed flag values */ + AVP_TYPE_GROUPED /* base type of data */ + }; + + struct local_rules_definition rules[] = + { { "Destination-Realm", RULE_REQUIRED, -1, 1 } + ,{ "Destination-Host", RULE_REQUIRED, -1, 1 } + }; + + CHECK_dict_new( DICT_AVP, &data , NULL, &avp); + PARSE_loc_rules( rules, avp ); + } /* MIP6-Home-Link-Prefix */ { diff -r e141506deef8 -r f051e3795dae extensions/dict_rfc5777/dict_rfc5777.c --- a/extensions/dict_rfc5777/dict_rfc5777.c Mon Nov 15 16:49:22 2010 +0900 +++ b/extensions/dict_rfc5777/dict_rfc5777.c Wed Nov 17 19:56:35 2010 +0900 @@ -33,7 +33,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ -/********************************************************************************************************* +/* + The following table complete the one in RFC 5777. The AVPs are implemented in the order of the table. We try to keep the structure of the grouped AVP by declaring the contained AVPs just before the grouped AVP they depend on. The number of '+' indicates the depth of the contained AVP. @@ -46,7 +47,7 @@ QoS-Capability 578 5777 Grouped +++ QoS-Parameters 576 5777 Grouped no specific AVPs? see RFC 5624 +++ QoS-Profile-Template -------------------------------- -+++ Treatment-Action 572 5777 Enumerated Unclear, grouped or enum? ++++ Treatment-Action 572 5777 Enumerated Type is Enumerated. See Errata 2334 for RFC5777 ++ Excess-Treatment 577 5777 Grouped ++ QoS-Parameters -------------------------------- ++ QoS-Profile-Template -------------------------------- @@ -63,7 +64,7 @@ +++ Day-Of-Week-Mask 563 5777 Unsigned32 +++ Time-Of-Day-End 562 5777 Unsigned32 +++ Time-Of-Day-Start 561 5777 Unsigned32 -++ Time-Of-Day-Condition 560 5777 Grouped +++ Time-Of-Day-Condition 560 5777 Grouped Some AVPs were omitted. See Errata 2333 for RFC5777 +++++ High-User-Priority 559 5777 Unsigned32 +++++ Low-User-Priority 558 5777 Unsigned32 ++++ User-Priority-Range 557 5777 Grouped @@ -77,7 +78,7 @@ ++++ ETH-Proto-Type 549 5777 Grouped +++ ETH-Option 548 5777 Grouped ++++ Negated 517 5777 Enumerated -++++ ICMP-Code 547 5777 Integer32 Changed from Enumerated. See AVP for details. +++++ ICMP-Code 547 5777 Integer32 Changed from Enumerated for implementation reason. See AVP for details. ++++ ICMP-Type-Number 546 5777 Enumerated +++ ICMP-Type 545 5777 Grouped ++++ Negated -------------------------------- @@ -98,7 +99,7 @@ +++++ IP-Address-End 521 5777 Address ++++ IP-Address-Range 519 5777 Grouped +++++ IP-Address -------------------------------- -+++++ IP-Mask-Bit-Mask-Width 523 5777 Unsigned32 ++++++ IP-Mask-Bit-Mask-Width 523 5777 Unsigned32 Name is IP-Mask-Bit-Mask-Width. See Errata 2335 for RFC5777 ++++ IP-Address-Mask 522 5777 Grouped ++++ MAC-Address 524 5777 OctetString +++++ MAC-Address -------------------------------- @@ -127,7 +128,7 @@ + Filter-Rule 509 5777 Grouped careful if we have to change vendor specifics or such. QoS-Resources 508 5777 Grouped -****************************/ +*/ @@ -150,13 +151,10 @@ /* - NOTES TO SELF - verifier si on a besoin de tout les defines - - Que faut il faire pour la section 10.2 et 10.3? - - La definition de Filter-Rule est chelou - - La definition de QoS-Parameters est chelou - - relire la rfc en entier +NOTES + +Sections 10.2 and 10.3 of the RFC5777 have been ignored */ @@ -1449,33 +1447,33 @@ The Values have been copied from the following page : http://www.iana.org/assignments/dscp-registry/dscp-registry.txt - Last updated : 2010-05-11 + Last updated in code : 2010-05-11 */ struct dict_object * type; struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(Diffserv-Code-Point)" , NULL, NULL, NULL }; - struct dict_enumval_data t_000000 = { "CS0", { .i32 = 0b000000 }}; - struct dict_enumval_data t_001000 = { "CS1", { .i32 = 0b001000 }}; - struct dict_enumval_data t_010000 = { "CS2", { .i32 = 0b010000 }}; - struct dict_enumval_data t_011000 = { "CS3", { .i32 = 0b011000 }}; - struct dict_enumval_data t_100000 = { "CS4", { .i32 = 0b100000 }}; - struct dict_enumval_data t_101000 = { "CS5", { .i32 = 0b101000 }}; - struct dict_enumval_data t_110000 = { "CS6", { .i32 = 0b110000 }}; - struct dict_enumval_data t_111000 = { "CS7", { .i32 = 0b111000 }}; - struct dict_enumval_data t_001010 = { "AF11", { .i32 = 0b001010 }}; - struct dict_enumval_data t_001100 = { "AF12", { .i32 = 0b001100 }}; - struct dict_enumval_data t_001110 = { "AF13", { .i32 = 0b001110 }}; - struct dict_enumval_data t_010010 = { "AF21", { .i32 = 0b010010 }}; - struct dict_enumval_data t_010100 = { "AF22", { .i32 = 0b010100 }}; - struct dict_enumval_data t_010110 = { "AF23", { .i32 = 0b010110 }}; - struct dict_enumval_data t_011010 = { "AF31", { .i32 = 0b011010 }}; - struct dict_enumval_data t_011100 = { "AF32", { .i32 = 0b011100 }}; - struct dict_enumval_data t_011110 = { "AF33", { .i32 = 0b011110 }}; - struct dict_enumval_data t_100010 = { "AF41", { .i32 = 0b100010 }}; - struct dict_enumval_data t_100100 = { "AF42", { .i32 = 0b100100 }}; - struct dict_enumval_data t_100110 = { "AF43", { .i32 = 0b100110 }}; - struct dict_enumval_data t_101110 = { "EF PHB", { .i32 = 0b101110 }}; - struct dict_enumval_data t_101100 = { "VOICE-ADMIT", { .i32 = 0b101100 }}; + struct dict_enumval_data t_0 = { "CS0", { .i32 = 0 }}; + struct dict_enumval_data t_8 = { "CS1", { .i32 = 8 }}; + struct dict_enumval_data t_16 = { "CS2", { .i32 = 16 }}; + struct dict_enumval_data t_24 = { "CS3", { .i32 = 24 }}; + struct dict_enumval_data t_32 = { "CS4", { .i32 = 32 }}; + struct dict_enumval_data t_40 = { "CS5", { .i32 = 40 }}; + struct dict_enumval_data t_48 = { "CS6", { .i32 = 48 }}; + struct dict_enumval_data t_56 = { "CS7", { .i32 = 56 }}; + struct dict_enumval_data t_10 = { "AF11", { .i32 = 10 }}; + struct dict_enumval_data t_12 = { "AF12", { .i32 = 12 }}; + struct dict_enumval_data t_14 = { "AF13", { .i32 = 14 }}; + struct dict_enumval_data t_18 = { "AF21", { .i32 = 18 }}; + struct dict_enumval_data t_20 = { "AF22", { .i32 = 20 }}; + struct dict_enumval_data t_22 = { "AF23", { .i32 = 22 }}; + struct dict_enumval_data t_26 = { "AF31", { .i32 = 26 }}; + struct dict_enumval_data t_28 = { "AF32", { .i32 = 28 }}; + struct dict_enumval_data t_30 = { "AF33", { .i32 = 30 }}; + struct dict_enumval_data t_34 = { "AF41", { .i32 = 34 }}; + struct dict_enumval_data t_36 = { "AF42", { .i32 = 36 }}; + struct dict_enumval_data t_38 = { "AF43", { .i32 = 38 }}; + struct dict_enumval_data t_46 = { "EF PHB", { .i32 = 46 }}; + struct dict_enumval_data t_44 = { "VOICE-ADMIT", { .i32 = 44 }}; struct dict_avp_data data = { 535, /* Code */ @@ -1487,28 +1485,28 @@ }; /* Create the Enumerated type, and then the AVP */ CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); - CHECK_dict_new( DICT_ENUMVAL, &t_000000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_001000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_010000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_011000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_100000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_101000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_110000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_111000 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_001010 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_001100 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_001110 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_010010 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_010100 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_010110 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_011010 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_011100 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_011110 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_100010 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_100100 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_100110 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_101110 , type, NULL); - CHECK_dict_new( DICT_ENUMVAL, &t_101100 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_0 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_8 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_16 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_24 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_32 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_40 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_48 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_56 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_10 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_12 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_14 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_18 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_20 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_22 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_26 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_28 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_30 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_34 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_36 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_38 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_46 , type, NULL); + CHECK_dict_new( DICT_ENUMVAL, &t_44 , type, NULL); CHECK_dict_new( DICT_AVP, &data , type, NULL); }