Mercurial > hg > waaad

comparison extensions/dict_nasreq/dict_nasreq.c @ 398:11a5d67ee7d4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Split dictionary definitions by application, and added EAP definitions
author Sebastien Decugis <sdecugis@nict.go.jp>
date Tue, 02 Jun 2009 11:15:00 +0900
parents extensions/dict_nasreq_eap/dict_nasreq_eap.c@a84144eea96c
children 316bb3f38d04
comparison
equal deleted inserted replaced
397:a84144eea96c 398:11a5d67ee7d4
1 /*********************************************************************************************************
2 * Software License Agreement (BSD License) *
3 * Author: Sebastien Decugis <sdecugis@nict.go.jp> *
4 * *
5 * Copyright (c) 2008, WIDE Project and NICT *
6 * All rights reserved. *
7 * *
8 * Redistribution and use of this software in source and binary forms, with or without modification, are *
9 * permitted provided that the following conditions are met: *
10 * *
11 * * Redistributions of source code must retain the above *
12 * copyright notice, this list of conditions and the *
13 * following disclaimer. *
14 * *
15 * * Redistributions in binary form must reproduce the above *
16 * copyright notice, this list of conditions and the *
17 * following disclaimer in the documentation and/or other *
18 * materials provided with the distribution. *
19 * *
20 * * Neither the name of the WIDE Project or NICT nor the *
21 * names of its contributors may be used to endorse or *
22 * promote products derived from this software without *
23 * specific prior written permission of WIDE Project and *
24 * NICT. *
25 * *
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS *
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF *
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
34 *********************************************************************************************************/
35
36 /*
37 * Dictionary definitions of objects specified in Diameter NASREQ (RFC4005).
38 */
39
40 #define IN_EXTENSION
41 #define DECLARE_API_POINTERS
42 #define DEFINE_DEBUG_MACRO dict_nasreq
43 #include <waaad/waaad.h>
44
45 /* The content of this file follows the same structure as dict-base.c */
46
47 static int dict_nasreq_verbosity = INFO; /* Change to NONE to suppress output once the definitions are working */
48
49 #define TRACE_DEBUG_ALL( str ) \
50 TRACE_DEBUG(CALL, str );
51
52 /* Check the return value of an internal function, log and propagate */
53 #define CHECK_FCT_DO( __call__, __fallback__ ) { \
54 int __ret__; \
55 TRACE_DEBUG_ALL( "Check FCT: " #__call__ ); \
56 __ret__ = (__call__); \
57 if (__ret__ != 0) { \
58 TRACE_DEBUG(INFO, "Error in '" #__call__ "': %s", strerror(__ret__)); \
59 __fallback__; \
60 } \
61 }
62 /* Check the return value of a function call, return any error code */
63 #define CHECK_FCT( __call__ ) { \
64 int __v__; \
65 CHECK_FCT_DO( __v__ = (__call__), return __v__ ); \
66 }
67
68 #define CHECK_dict_new( _type, _data, _parent, _ref ) \
69 CHECK_FCT( dict_new( (_type), (_data), (_parent), (_ref)) );
70
71 #define CHECK_dict_search( _type, _criteria, _what, _result ) \
72 CHECK_FCT( dict_search( (_type), (_criteria), (_what), (_result)) ); \
73 if ( !*(_result) ) { \
74 TRACE_DEBUG(INFO, "Not found: "#_type ", "#_criteria", "#_what", "#_result ); \
75 return ENOENT; \
76 }
77
78
79 typedef struct {
80 char *avp_name;
81 rule_position_t position;
82 int min;
83 int max;
84 int template;
85 } loc_rules_def_t;
86
87 #define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 )
88
89 #define PARSE_loc_rules( _rulearray, _parent) { \
90 int __ar; \
91 for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \
92 dict_rule_data_t __data = { NULL, \
93 (_rulearray)[__ar].position, \
94 0, \
95 (_rulearray)[__ar].min, \
96 (_rulearray)[__ar].max, \
97 (_rulearray)[__ar].template}; \
98 __data.rule_order = RULE_ORDER(__data.rule_position); \
99 CHECK_FCT( dict_search( \
100 DICT_AVP, \
101 AVP_BY_NAME, \
102 (_rulearray)[__ar].avp_name, \
103 &__data.rule_avp ) ); \
104 if ( !__data.rule_avp ) { \
105 TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \
106 return ENOENT; \
107 } \
108 CHECK_FCT_DO( dict_new( DICT_RULE, &__data, _parent, NULL), \
109 { \
110 TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \
111 (_rulearray)[__ar].avp_name ); \
112 return EINVAL; \
113 } ); \
114 } \
115 }
116
117
118 static int entry(char * conffile)
119 {
120 dict_object_t * nasreq;
121 TRACE_ENTRY("%p", conffile);
122
123 /* No Vendors definitions */
124
125 /* Applications section */
126 {
127 /* NASREQ (RFC 4005) */
128 {
129 dict_application_data_t data = { 1, "Diameter Network Access Server Application" };
130 CHECK_dict_new( DICT_APPLICATION, &data, NULL, &nasreq);
131 }
132 }
133
134 /* Derived AVP types section */
135 {
136 /* QoSFilterRule */
137 {
138 /*
139 The QosFilterRule format is derived from the OctetString AVP Base
140 Format. It uses the ASCII charset. Packets may be marked or
141 metered based on the following information:
142
143 Direction (in or out)
144 Source and destination IP address (possibly masked)
145 Protocol
146 Source and destination port (lists or ranges)
147 DSCP values (no mask or range)
148
149 Rules for the appropriate direction are evaluated in order; the
150 first matched rule terminates the evaluation. Each packet is
151 evaluated once. If no rule matches, the packet is treated as best
152 effort. An access device unable to interpret or apply a QoS rule
153 SHOULD NOT terminate the session.
154
155 QoSFilterRule filters MUST follow the following format:
156
157 action dir proto from src to dst [options]
158
159 tag - Mark packet with a specific DSCP
160 [DIFFSERV]. The DSCP option MUST be
161 included.
162 meter - Meter traffic. The metering options
163 MUST be included.
164
165 dir The format is as described under IPFilterRule.
166
167 proto The format is as described under IPFilterRule.
168
169 src and dst The format is as described under IPFilterRule.
170
171 options:
172
173 DSCP <color>
174 Color values as defined in [DIFFSERV]. Exact
175 matching of DSCP values is required (no masks or
176 ranges).
177
178 metering <rate> <color_under> <color_over>
179 The metering option provides Assured Forwarding,
180 as defined in [DIFFSERVAF], and MUST be present
181 if the action is set to meter. The rate option is
182 the throughput, in bits per second, used
183 by the access device to mark packets. Traffic
184 over the rate is marked with the color_over
185 codepoint, and traffic under the rate is marked
186 with the color_under codepoint. The color_under
187 and color_over options contain the drop
188 preferences and MUST conform to the recommended
189 codepoint keywords described in [DIFFSERVAF]
190 (e.g., AF13).
191
192 The metering option also supports the strict
193 limit on traffic required by Expedited
194 Forwarding, as defined in [DIFFSERVEF]. The
195 color_over option may contain the keyword "drop"
196 to prevent forwarding of traffic that exceeds the
197 rate parameter.
198
199 The rule syntax is a modified subset of ipfw(8) from FreeBSD,
200 and the ipfw.c code may provide a useful base for
201 implementations.
202 */
203 dict_type_data_t data = { AVP_TYPE_OCTETSTRING, "QoSFilterRule" , NULL , NULL };
204 CHECK_dict_new( DICT_TYPE, &data , NULL, NULL);
205 }
206
207 }
208
209 /* AVP section */
210 {
211 dict_object_t * UTF8String_type;
212 dict_object_t * IPFilterRule_type;
213 dict_object_t * QoSFilterRule_type;
214 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type);
215 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "IPFilterRule", &IPFilterRule_type);
216 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "QoSFilterRule", &QoSFilterRule_type);
217
218 /********************************
219 * NAS Session AVPs *
220 ********************************/
221 /* NAS-Port */
222 {
223 /*
224 The NAS-Port AVP (AVP Code 5) is of type Unsigned32 and contains the
225 physical or virtual port number of the NAS which is authenticating
226 the user. Note that "port" is meant in its sense as a service
227 connection on the NAS, not as an IP protocol identifier.
228
229 Either NAS-Port or NAS-Port-Id (AVP Code 87) SHOULD be present in
230 AA-Request (AAR) commands if the NAS differentiates among its ports.
231 */
232 dict_avp_data_t data = {
233 5, /* Code */
234 0, /* Vendor */
235 "NAS-Port", /* Name */
236 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
237 AVP_FLAG_MANDATORY, /* Fixed flag values */
238 AVP_TYPE_UNSIGNED32 /* base type of data */
239 };
240 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
241 }
242
243 /* NAS-Port-Id */
244 {
245 /*
246 The NAS-Port-Id AVP (AVP Code 87) is of type UTF8String and consists
247 of ASCII text identifying the port of the NAS authenticating the
248 user. Note that "port" is meant in its sense as a service connection
249 on the NAS, not as an IP protocol identifier.
250
251 Either NAS-Port or NAS-Port-Id SHOULD be present in AA-Request (AAR)
252 commands if the NAS differentiates among its ports. NAS-Port-Id is
253 intended for use by NASes that cannot conveniently number their
254 ports.
255 */
256 dict_avp_data_t data = {
257 87, /* Code */
258 0, /* Vendor */
259 "NAS-Port-Id", /* Name */
260 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
261 AVP_FLAG_MANDATORY, /* Fixed flag values */
262 AVP_TYPE_OCTETSTRING /* base type of data */
263 };
264 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
265 }
266
267 /* NAS-Port-Type */
268 {
269 /*
270 The NAS-Port-Type AVP (AVP Code 61) is of type Enumerated and
271 contains the type of the port on which the NAS is authenticating the
272 user. This AVP SHOULD be present if the NAS uses the same NAS-Port
273 number ranges for different service types concurrently.
274
275 The supported values are defined in [RADIUSTypes]. The following
276 list is informational and subject to change by the IANA.
277
278 http://www.iana.org/assignments/radius-types
279 Sub-registry: Values for RADIUS Attribute 61, NAS-Port-Type
280 Reference: [RFC2865]
281
282 Extract on 2009.06.01:
283 0 Async [RFC2865]
284 1 Sync [RFC2865]
285 2 ISDN Sync [RFC2865]
286 3 ISDN Async V.120 [RFC2865]
287 4 ISDN Async V.110 [RFC2865]
288 5 Virtual [RFC2865]
289 6 PIAFS [RFC2865]
290 7 HDLC Clear Channel [RFC2865]
291 8 X.25 [RFC2865]
292 9 X.75 [RFC2865]
293 10 G.3 Fax [RFC2865]
294 11 SDSL - Symmetric DSL [RFC2865]
295 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865]
296 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865]
297 14 IDSL - ISDN Digital Subscriber Line [RFC2865]
298 15 Ethernet [RFC2865]
299 16 xDSL - Digital Subscriber Line of unknown type [RFC2865]
300 17 Cable [RFC2865]
301 18 Wireless - Other [RFC2865]
302 19 Wireless - IEEE 802.11 [RFC2865]
303 20 Token-Ring [RFC3580]
304 21 FDDI [RFC3580]
305 22 Wireless - CDMA2000 [McCann]
306 23 Wireless - UMTS [McCann]
307 24 Wireless - 1X-EV [McCann]
308 25 IAPP [IEEE 802.11F][Kerry]
309 26 FTTP - Fiber to the Premises [Nyce]
310 27 Wireless - IEEE 802.16 [IEEE 802.16] 12 December 2006
311 28 Wireless - IEEE 802.20 [IEEE 802.20] 12 December 2006
312 29 Wireless - IEEE 802.22 [IEEE 802.22] 12 December 2006
313 30 PPPoA - PPP over ATM [RFC4603]
314 31 PPPoEoA - PPP over Ethernet over ATM [RFC4603]
315 32 PPPoEoE - PPP over Ethernet over Ethernet [RFC4603]
316 33 PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603]
317 34 PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603]
318 35 xPON - Passive Optical Network [Hublet][Yan] 19 June 2007
319 */
320
321 dict_object_t * type;
322 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(NAS-Port-Type)" , NULL, NULL};
323 dict_type_enum_data_t tvals[] = {
324 #define enum_val_def( _val_, _str_ ) \
325 { _str_, { .u32 = _val_ }}
326 enum_val_def( 0, "Async [RFC2865]"),
327 enum_val_def( 1, "Sync [RFC2865]"),
328 enum_val_def( 2, "ISDN Sync [RFC2865]"),
329 enum_val_def( 3, "ISDN Async V.120 [RFC2865]"),
330 enum_val_def( 4, "ISDN Async V.110 [RFC2865]"),
331 enum_val_def( 5, "Virtual [RFC2865]"),
332 enum_val_def( 6, "PIAFS [RFC2865]"),
333 enum_val_def( 7, "HDLC Clear Channel [RFC2865]"),
334 enum_val_def( 8, "X.25 [RFC2865]"),
335 enum_val_def( 9, "X.75 [RFC2865]"),
336 enum_val_def(10, "G.3 Fax [RFC2865]"),
337 enum_val_def(11, "SDSL - Symmetric DSL [RFC2865]"),
338 enum_val_def(12, "ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865]"),
339 enum_val_def(13, "ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865]"),
340 enum_val_def(14, "IDSL - ISDN Digital Subscriber Line [RFC2865]"),
341 enum_val_def(15, "Ethernet [RFC2865]"),
342 enum_val_def(16, "xDSL - Digital Subscriber Line of unknown type [RFC2865]"),
343 enum_val_def(17, "Cable [RFC2865]"),
344 enum_val_def(18, "Wireless - Other [RFC2865]"),
345 enum_val_def(19, "Wireless - IEEE 802.11 [RFC2865]"),
346 enum_val_def(20, "Token-Ring [RFC3580]"),
347 enum_val_def(21, "FDDI [RFC3580]"),
348 enum_val_def(22, "Wireless - CDMA2000 [McCann]"),
349 enum_val_def(23, "Wireless - UMTS [McCann]"),
350 enum_val_def(24, "Wireless - 1X-EV [McCann]"),
351 enum_val_def(25, "IAPP [IEEE 802.11F][Kerry]"),
352 enum_val_def(26, "FTTP - Fiber to the Premises [Nyce]"),
353 enum_val_def(27, "Wireless - IEEE 802.16 [IEEE 802.16]"),
354 enum_val_def(28, "Wireless - IEEE 802.20 [IEEE 802.20]"),
355 enum_val_def(29, "Wireless - IEEE 802.22 [IEEE 802.22]"),
356 enum_val_def(30, "PPPoA - PPP over ATM [RFC4603]"),
357 enum_val_def(31, "PPPoEoA - PPP over Ethernet over ATM [RFC4603]"),
358 enum_val_def(32, "PPPoEoE - PPP over Ethernet over Ethernet [RFC4603]"),
359 enum_val_def(33, "PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603]"),
360 enum_val_def(34, "PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603]"),
361 enum_val_def(35, "xPON - Passive Optical Network [Hublet][Yan]")
362 };
363 dict_avp_data_t data = {
364 61, /* Code */
365 0, /* Vendor */
366 "NAS-Port-Type", /* Name */
367 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
368 AVP_FLAG_MANDATORY, /* Fixed flag values */
369 AVP_TYPE_UNSIGNED32 /* base type of data */
370 };
371 int i;
372 /* Create the Enumerated type, enumerated values, and the AVP */
373 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
374 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
375 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
376 }
377 CHECK_dict_new( DICT_AVP, &data , type, NULL);
378 }
379
380 /* Called-Station-Id */
381 {
382 /*
383 The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and
384 allows the NAS to send the ASCII string describing the layer 2
385 address the user contacted in the request. For dialup access, this
386 can be a phone number obtained by using Dialed Number Identification
387 (DNIS) or a similar technology. Note that this may be different from
388 the phone number the call comes in on. For use with IEEE 802 access,
389 the Called-Station-Id MAY contain a MAC address formatted as
390 described in [RAD802.1X]. It SHOULD only be present in
391 authentication and/or authorization requests.
392
393 If the Auth-Request-Type AVP is set to authorization-only and the
394 User-Name AVP is absent, the Diameter Server MAY perform
395 authorization based on this field. This can be used by a NAS to
396 request whether a call should be answered based on the DNIS.
397 */
398 dict_avp_data_t data = {
399 30, /* Code */
400 0, /* Vendor */
401 "Called-Station-Id", /* Name */
402 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
403 AVP_FLAG_MANDATORY, /* Fixed flag values */
404 AVP_TYPE_OCTETSTRING /* base type of data */
405 };
406 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
407 }
408
409 /* Calling-Station-Id */
410 {
411 /*
412 The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and
413 allows the NAS to send the ASCII string describing the layer 2
414 address from which the user connected in the request. For dialup
415 access, this is the phone number the call came from, using Automatic
416 Number Identification (ANI) or a similar technology. For use with
417 IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC
418 address, formated as described in [RAD802.1X]. It SHOULD only be
419 present in authentication and/or authorization requests.
420
421 If the Auth-Request-Type AVP is set to authorization-only and the
422 User-Name AVP is absent, the Diameter Server MAY perform
423 authorization based on this field. This can be used by a NAS to
424 request whether a call should be answered based on the layer 2
425 address (ANI, MAC Address, etc.)
426 */
427 dict_avp_data_t data = {
428 31, /* Code */
429 0, /* Vendor */
430 "Calling-Station-Id", /* Name */
431 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
432 AVP_FLAG_MANDATORY, /* Fixed flag values */
433 AVP_TYPE_OCTETSTRING /* base type of data */
434 };
435 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
436 }
437
438 /* Connect-Info */
439 {
440 /*
441 The Connect-Info AVP (AVP Code 77) is of type UTF8String and is sent
442 in the AA-Request message or ACR STOP message. When sent in the
443 Access-Request, it indicates the nature of the user's connection.
444 The connection speed SHOULD be included at the beginning of the first
445 Connect-Info AVP in the message. If the transmit and receive
446 connection speeds differ, both may be included in the first AVP with
447 the transmit speed listed first (the speed the NAS modem transmits
448 at), then a slash (/), then the receive speed, and then other
449 optional information.
450
451 For example: "28800 V42BIS/LAPM" or "52000/31200 V90"
452
453 More than one Connect-Info attribute may be present in an
454 Accounting-Request packet to accommodate expected efforts by the ITU
455 to have modems report more connection information in a standard
456 format that might exceed 252 octets.
457
458 If sent in the ACR STOP, this attribute may summarize statistics
459 relating to session quality. For example, in IEEE 802.11, the
460 Connect-Info attribute may contain information on the number of link
461 layer retransmissions. The exact format of this attribute is
462 implementation specific.
463 */
464 dict_avp_data_t data = {
465 77, /* Code */
466 0, /* Vendor */
467 "Connect-Info", /* Name */
468 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
469 AVP_FLAG_MANDATORY, /* Fixed flag values */
470 AVP_TYPE_OCTETSTRING /* base type of data */
471 };
472 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
473 }
474
475 /* Originating-Line-Info */
476 {
477 /*
478 The Originating-Line-Info AVP (AVP Code 94) is of type OctetString
479 and is sent by the NAS system to convey information about the origin
480 of the call from an SS7 system.
481
482 The originating line information (OLI) element indicates the nature
483 and/or characteristics of the line from which a call originated
484 (e.g., pay phone, hotel, cellular). Telephone companies are starting
485 to offer OLI to their customers as an option over Primary Rate
486 Interface (PRI). Internet Service Providers (ISPs) can use OLI in
487 addition to Called-Station-Id and Calling-Station-Id attributes to
488 differentiate customer calls and to define different services.
489
490 The Value field contains two octets (00 - 99). ANSI T1.113 and
491 BELLCORE 394 can be used for additional information about these
492 values and their use. For more information on current assignment
493 values, see [http://www.nanpa.com/number_resource_info/ani_ii_assignments.html].
494
495 */
496 dict_object_t * type;
497 dict_type_data_t tdata = { AVP_TYPE_OCTETSTRING, "Enumerated*(Originating-Line-Info)" , NULL, NULL};
498 dict_type_enum_data_t tvals[] = {
499 #define enum_os2_def( _val_, _str_ ) \
500 { _str_, { .os = { .data = _val_, .len = 2 }}}
501 enum_os2_def( "00", "Plain Old Telephone Service (POTS)"),
502 enum_os2_def( "01", "Multiparty Line (more than 2)"),
503 enum_os2_def( "02", "ANI Failure"),
504 enum_os2_def( "06", "Station Level Rating"),
505 enum_os2_def( "07", "Special Operator Handling Required"),
506 enum_os2_def( "20", "Automatic Identified Outward Dialing (AIOD)"),
507 enum_os2_def( "23", "Coin or Non-Coin"),
508 enum_os2_def( "24", "Toll Free Service (Non-Pay Origination)"),
509 enum_os2_def( "25", "Toll Free Service (Pay Origination)"),
510 enum_os2_def( "27", "Toll Free Service (Coin Control Origination)"),
511 enum_os2_def( "29", "Prison/Inmate Service"),
512 enum_os2_def( "30", "Intercept (Blank)"),
513 enum_os2_def( "31", "Intercept (Trouble)"),
514 enum_os2_def( "32", "Intercept (Regular)"),
515 enum_os2_def( "34", "Telco Operator Handled Call"),
516 enum_os2_def( "52", "Outward Wide Area Telecommunications Service (OUTWATS)"),
517 enum_os2_def( "60", "Telecommunications Relay Service (TRS)(Unrestricted)"),
518 enum_os2_def( "61", "Cellular/Wireless PCS (Type 1)"),
519 enum_os2_def( "62", "Cellular/Wireless PCS (Type 2)"),
520 enum_os2_def( "63", "Cellular/Wireless PCS (Roaming)"),
521 enum_os2_def( "66", "TRS (Hotel)"),
522 enum_os2_def( "67", "TRS (Restricted)"),
523 enum_os2_def( "70", "Pay Station, No Coin Control"),
524 enum_os2_def( "93", "Access for Private Virtual Network Service")
525 };
526 dict_avp_data_t data = {
527 94, /* Code */
528 0, /* Vendor */
529 "Originating-Line-Info", /* Name */
530 AVP_FLAG_VENDOR, /* Fixed flags */
531 0, /* Fixed flag values */
532 AVP_TYPE_OCTETSTRING /* base type of data */
533 };
534 int i;
535 /* Create the Enumerated type, enumerated values, and the AVP */
536 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
537 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
538 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
539 }
540 CHECK_dict_new( DICT_AVP, &data , type, NULL);
541 }
542
543 /* Reply-Message */
544 {
545 /*
546 The Reply-Message AVP (AVP Code 18) is of type UTF8String and
547 contains text that MAY be displayed to the user. When used in an
548 AA-Answer message with a successful Result-Code AVP, it indicates
549 success. When found in an AAA message with a Result-Code other than
550 DIAMETER_SUCCESS, the AVP contains a failure message.
551
552 The Reply-Message AVP MAY indicate dialog text to prompt the user
553 before another AA-Request attempt. When used in an AA-Answer with a
554 Result-Code of DIAMETER_MULTI_ROUND_AUTH or in an Re-Auth-Request
555 message, it MAY contain a dialog text to prompt the user for a
556 response.
557
558 Multiple Reply-Messages MAY be included, and if any are displayed,
559 they MUST be displayed in the same order as they appear in the
560 Diameter message.
561 */
562 dict_avp_data_t data = {
563 18, /* Code */
564 0, /* Vendor */
565 "Reply-Message", /* Name */
566 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
567 AVP_FLAG_MANDATORY, /* Fixed flag values */
568 AVP_TYPE_OCTETSTRING /* base type of data */
569 };
570 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
571 }
572
573 /********************************
574 * NAS Authentication AVPs *
575 ********************************/
576 /* User-Password */
577 {
578 /*
579 The User-Password AVP (AVP Code 2) is of type OctetString and
580 contains the password of the user to be authenticated, or the user's
581 input in a multi-round authentication exchange.
582
583 The User-Password AVP contains a user password or one-time password
584 and therefore represents sensitive information. As required in
585 [BASE], Diameter messages are encrypted by using IPsec or TLS.
586 Unless this AVP is used for one-time passwords, the User-Password AVP
587 SHOULD NOT be used in untrusted proxy environments without encrypting
588 it by using end-to-end security techniques, such as the proposed CMS
589 Security [DiamCMS].
590
591 The clear-text password (prior to encryption) MUST NOT be longer than
592 128 bytes in length.
593 */
594 dict_avp_data_t data = {
595 2, /* Code */
596 0, /* Vendor */
597 "User-Password", /* Name */
598 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
599 AVP_FLAG_MANDATORY, /* Fixed flag values */
600 AVP_TYPE_OCTETSTRING /* base type of data */
601 };
602 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
603 }
604
605 /* Password-Retry */
606 {
607 /*
608 The Password-Retry AVP (AVP Code 75) is of type Unsigned32 and MAY be
609 included in the AA-Answer if the Result-Code indicates an
610 authentication failure. The value of this AVP indicates how many
611 authentication attempts a user is permitted before being
612 disconnected. This AVP is primarily intended for use when the
613 Framed-Protocol AVP (see section 6.10.1) is set to ARAP.
614 */
615 dict_avp_data_t data = {
616 75, /* Code */
617 0, /* Vendor */
618 "Password-Retry", /* Name */
619 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
620 AVP_FLAG_MANDATORY, /* Fixed flag values */
621 AVP_TYPE_UNSIGNED32 /* base type of data */
622 };
623 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
624 }
625
626 /* Prompt */
627 {
628 /*
629 The Prompt AVP (AVP Code 76) is of type Enumerated and MAY be present
630 in the AA-Answer message. When present, it is used by the NAS to
631 determine whether the user's response, when entered, should be
632 echoed.
633
634 The supported values are listed in http://www.iana.org/assignments/radius-types
635 Sub-registry: Values for RADIUS Attribute 76, Prompt
636 Reference: [RFC2869]
637 */
638 dict_object_t * type;
639 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Prompt)" , NULL, NULL};
640 dict_type_enum_data_t tvals[] = {
641 enum_val_def( 0, "No Echo [RFC2869]"),
642 enum_val_def( 1, "Echo [RFC2869]")
643 };
644 dict_avp_data_t data = {
645 76, /* Code */
646 0, /* Vendor */
647 "Prompt", /* Name */
648 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
649 AVP_FLAG_MANDATORY, /* Fixed flag values */
650 AVP_TYPE_UNSIGNED32 /* base type of data */
651 };
652 int i;
653 /* Create the Enumerated type, enumerated values, and the AVP */
654 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
655 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
656 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
657 }
658 CHECK_dict_new( DICT_AVP, &data , type, NULL);
659 }
660
661 /* CHAP-Auth */
662 {
663 /*
664 The CHAP-Auth AVP (AVP Code 402) is of type Grouped and contains the
665 information necessary to authenticate a user using the PPP
666 Challenge-Handshake Authentication Protocol (CHAP) [PPPCHAP]. If the
667 CHAP-Auth AVP is found in a message, the CHAP-Challenge AVP MUST be
668 present as well. The optional AVPs containing the CHAP response
669 depend upon the value of the CHAP-Algorithm AVP. The grouped AVP has
670 the following ABNF grammar:
671
672 CHAP-Auth ::= < AVP Header: 402 >
673 { CHAP-Algorithm }
674 { CHAP-Ident }
675 [ CHAP-Response ]
676 * [ AVP ]
677 */
678 dict_object_t * CHAP_Auth_avp;
679 dict_object_t * CHAP_Algorithm_avp;
680 dict_object_t * CHAP_Ident_avp;
681 dict_object_t * CHAP_Response_avp;
682
683 dict_avp_data_t data = {
684 402, /* Code */
685 0, /* Vendor */
686 "CHAP-Auth", /* Name */
687 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
688 AVP_FLAG_MANDATORY, /* Fixed flag values */
689 AVP_TYPE_GROUPED /* base type of data */
690 };
691 CHECK_dict_new( DICT_AVP, &data , NULL, &CHAP_Auth_avp);
692
693 /* CHAP-Algorithm */
694 {
695 /*
696 The CHAP-Algorithm AVP (AVP Code 403) is of type Enumerated and
697 contains the algorithm identifier used in the computation of the CHAP
698 response [PPPCHAP]. The following values are currently supported:
699
700 CHAP with MD5 5
701 The CHAP response is computed by using the procedure described
702 in [PPPCHAP]. This algorithm requires that the CHAP-Response
703 AVP MUST be present in the CHAP-Auth AVP.
704 */
705 dict_object_t * type;
706 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(CHAP-Algorithm)" , NULL, NULL};
707 dict_type_enum_data_t tvals[] = {
708 enum_val_def( 5, "CHAP with MD5")
709 };
710 dict_avp_data_t adata = {
711 403, /* Code */
712 0, /* Vendor */
713 "CHAP-Algorithm", /* Name */
714 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
715 AVP_FLAG_MANDATORY, /* Fixed flag values */
716 AVP_TYPE_UNSIGNED32 /* base type of data */
717 };
718 int i;
719 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
720 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
721 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
722 }
723 CHECK_dict_new( DICT_AVP, &adata , type, &CHAP_Algorithm_avp);
724 }
725
726 /* CHAP-Ident */
727 {
728 /*
729 The CHAP-Ident AVP (AVP Code 404) is of type OctetString and contains
730 the 1 octet CHAP Identifier used in the computation of the CHAP
731 response [PPPCHAP].
732 */
733 dict_avp_data_t adata = {
734 404, /* Code */
735 0, /* Vendor */
736 "CHAP-Ident", /* Name */
737 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
738 AVP_FLAG_MANDATORY, /* Fixed flag values */
739 AVP_TYPE_OCTETSTRING /* base type of data */
740 };
741 CHECK_dict_new( DICT_AVP, &adata , NULL, &CHAP_Ident_avp);
742 }
743
744 /* CHAP-Response */
745 {
746 /*
747 The CHAP-Response AVP (AVP Code 405) is of type OctetString and
748 contains the 16 octet authentication data provided by the user in
749 response to the CHAP challenge [PPPCHAP].
750 */
751 dict_avp_data_t adata = {
752 405, /* Code */
753 0, /* Vendor */
754 "CHAP-Response", /* Name */
755 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
756 AVP_FLAG_MANDATORY, /* Fixed flag values */
757 AVP_TYPE_OCTETSTRING /* base type of data */
758 };
759 CHECK_dict_new( DICT_AVP, &adata , NULL, &CHAP_Response_avp);
760 }
761
762 /* Now create the rules for the CHAP-Auth AVP */
763 {
764 dict_rule_data_t rule_data = { NULL, RULE_REQUIRED, 1, 0, 1, 1 };
765
766 rule_data.rule_avp = CHAP_Algorithm_avp;
767 CHECK_dict_new( DICT_RULE, &rule_data, CHAP_Auth_avp, NULL);
768
769 rule_data.rule_avp = CHAP_Ident_avp;
770 CHECK_dict_new( DICT_RULE, &rule_data, CHAP_Auth_avp, NULL);
771
772 rule_data.rule_avp = CHAP_Response_avp;
773 rule_data.rule_position = RULE_OPTIONAL;
774 CHECK_dict_new( DICT_RULE, &rule_data, CHAP_Auth_avp, NULL);
775 }
776 }
777
778 /* CHAP-Challenge */
779 {
780 /*
781 The CHAP-Challenge AVP (AVP Code 60) is of type OctetString and
782 contains the CHAP Challenge sent by the NAS to the CHAP peer
783 [PPPCHAP].
784 */
785 dict_avp_data_t data = {
786 60, /* Code */
787 0, /* Vendor */
788 "CHAP-Challenge", /* Name */
789 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
790 AVP_FLAG_MANDATORY, /* Fixed flag values */
791 AVP_TYPE_OCTETSTRING /* base type of data */
792 };
793 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
794 }
795
796 /* ARAP-Password */
797 {
798 /*
799 The ARAP-Password AVP (AVP Code 70) is of type OctetString and is
800 only present when the Framed-Protocol AVP (see section 6.10.1) is
801 included in the message and is set to ARAP. This AVP MUST NOT be
802 present if either the User-Password or the CHAP-Auth AVP is present.
803 See [RADIUSExt] for more information on the contents of this AVP.
804 */
805 dict_avp_data_t data = {
806 70, /* Code */
807 0, /* Vendor */
808 "ARAP-Password", /* Name */
809 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
810 AVP_FLAG_MANDATORY, /* Fixed flag values */
811 AVP_TYPE_OCTETSTRING /* base type of data */
812 };
813 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
814 }
815
816 /* ARAP-Challenge-Response */
817 {
818 /*
819 The ARAP-Challenge-Response AVP (AVP Code 84) is of type OctetString
820 and is only present when the Framed-Protocol AVP (see section 6.10.1)
821 is included in the message and is set to ARAP. This AVP contains an
822 8 octet response to the dial-in client's challenge. The RADIUS
823 server calculates this value by taking the dial-in client's challenge
824 from the high-order 8 octets of the ARAP-Password AVP and performing
825 DES encryption on this value with the authenticating user's password
826 as the key. If the user's password is fewer than 8 octets in length,
827 the password is padded at the end with NULL octets to a length of 8
828 before it is used as a key.
829 */
830 dict_avp_data_t data = {
831 84, /* Code */
832 0, /* Vendor */
833 "ARAP-Challenge-Response", /* Name */
834 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
835 AVP_FLAG_MANDATORY, /* Fixed flag values */
836 AVP_TYPE_OCTETSTRING /* base type of data */
837 };
838 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
839 }
840
841 /* ARAP-Security */
842 {
843 /*
844 The ARAP-Security AVP (AVP Code 73) is of type Unsigned32 and MAY be
845 present in the AA-Answer message if the Framed-Protocol AVP (see
846 section 6.10.1) is set to the value of ARAP, and the Result-Code AVP
847 is set to DIAMETER_MULTI_ROUND_AUTH. See [RADIUSExt] for more
848 information on the format of this AVP.
849 */
850 dict_avp_data_t data = {
851 73, /* Code */
852 0, /* Vendor */
853 "ARAP-Security", /* Name */
854 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
855 AVP_FLAG_MANDATORY, /* Fixed flag values */
856 AVP_TYPE_UNSIGNED32 /* base type of data */
857 };
858 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
859 }
860
861 /* ARAP-Security-Data */
862 {
863 /*
864 The ARAP-Security-Data AVP (AVP Code 74) is of type OctetString and MAY be
865 present in the AA-Request or AA-Answer message if the Framed-Protocol
866 AVP is set to the value of ARAP, and the Result-Code AVP is set to
867 DIAMETER_MULTI_ROUND_AUTH. This AVP contains the security module
868 challenge or response associated with the ARAP Security Module
869 specified in ARAP-Security.
870 */
871 dict_avp_data_t data = {
872 74, /* Code */
873 0, /* Vendor */
874 "ARAP-Security-Data", /* Name */
875 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
876 AVP_FLAG_MANDATORY, /* Fixed flag values */
877 AVP_TYPE_OCTETSTRING /* base type of data */
878 };
879 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
880 }
881
882 /********************************
883 * NAS Authorization AVPs *
884 ********************************/
885 /* Service-Type */
886 {
887 /*
888 The Service-Type AVP (AVP Code 6) is of type Enumerated and contains
889 the type of service the user has requested or the type of service to
890 be provided. One such AVP MAY be present in an authentication and/or
891 authorization request or response. A NAS is not required to
892 implement all of these service types. It MUST treat unknown or
893 unsupported Service-Types received in a response as a failure and end
894 the session with a DIAMETER_INVALID_AVP_VALUE Result-Code.
895
896 When used in a request, the Service-Type AVP SHOULD be considered a
897 hint to the server that the NAS believes the user would prefer the
898 kind of service indicated. The server is not required to honor the
899 hint. Furthermore, if the service specified by the server is
900 supported, but not compatible with the current mode of access, the
901 NAS MUST fail to start the session. The NAS MUST also generate the
902 appropriate error message(s).
903
904 The following values have been defined for the Service-Type AVP. The
905 complete list of defined values can be found in [RADIUS] and
906 [RADIUSTypes].
907
908 Registry Name: Radius Attribute Values
909 Reference: [RFC2865][RFC3575]
910
911 Sub-registry: Values for RADIUS Attribute 6, Service-Type
912 Reference: [RFC2865][RFC3575]
913
914 1 Login
915 2 Framed
916 3 Callback Login
917 4 Callback Framed
918 5 Outbound
919 6 Administrative
920 7 NAS Prompt
921 8 Authenticate Only
922 9 Callback NAS Prompt
923 10 Call Check
924 11 Callback Administrative
925 12 Voice [Chiba]
926 13 Fax [Chiba]
927 14 Modem Relay [Chiba]
928 15 IAPP-Register [IEEE 802.11f][Kerry]
929 16 IAPP-AP-Check [IEEE 802.11f][Kerry]
930 17 Authorize Only [RFC3576]
931
932 The following values are further qualified:
933
934 Login 1
935 The user should be connected to a host. The message MAY
936 include additional AVPs defined in sections 6.16 or 6.17.
937
938 Framed 2
939 A Framed Protocol, such as PPP or SLIP, should be started for
940 the User. The message MAY include additional AVPs defined in
941 section 6.10, or section 7 for tunneling services.
942
943 Callback Login 3
944 The user should be disconnected and called back, then connected
945 to a host. The message MAY include additional AVPs defined in
946 this section.
947
948 Callback Framed 4
949 The user should be disconnected and called back, and then a
950 Framed Protocol, such as PPP or SLIP, should be started for the
951 User. The message MAY include additional AVPs defined in
952 section 6.10, or in section 7 for tunneling services.
953
954 */
955 dict_object_t * type;
956 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Service-Type)" , NULL, NULL};
957 dict_type_enum_data_t tvals[] = {
958 enum_val_def( 1, "Login"),
959 enum_val_def( 2, "Framed"),
960 enum_val_def( 3, "Callback Login"),
961 enum_val_def( 4, "Callback Framed"),
962 enum_val_def( 5, "Outbound"),
963 enum_val_def( 6, "Administrative"),
964 enum_val_def( 7, "NAS Prompt"),
965 enum_val_def( 8, "Authenticate Only"),
966 enum_val_def( 9, "Callback NAS Prompt"),
967 enum_val_def(10, "Call Check"),
968 enum_val_def(11, "Callback Administrative"),
969 enum_val_def(12, "Voice [Chiba]"),
970 enum_val_def(13, "Fax [Chiba]"),
971 enum_val_def(14, "Modem Relay [Chiba]"),
972 enum_val_def(15, "IAPP-Register [IEEE 802.11f][Kerry]"),
973 enum_val_def(16, "IAPP-AP-Check [IEEE 802.11f][Kerry]"),
974 enum_val_def(17, "Authorize Only [RFC3576]")
975 };
976 dict_avp_data_t data = {
977 6, /* Code */
978 0, /* Vendor */
979 "Service-Type", /* Name */
980 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
981 AVP_FLAG_MANDATORY, /* Fixed flag values */
982 AVP_TYPE_UNSIGNED32 /* base type of data */
983 };
984 int i;
985 /* Create the Enumerated type, enumerated values, and the AVP */
986 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
987 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
988 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
989 }
990 CHECK_dict_new( DICT_AVP, &data , type, NULL);
991 }
992
993 /* Callback-Number */
994 {
995 /*
996 The Callback-Number AVP (AVP Code 19) is of type UTF8String and
997 contains a dialing string to be used for callback. It MAY be used in
998 an authentication and/or authorization request as a hint to the
999 server that a Callback service is desired, but the server is not
1000 required to honor the hint in the corresponding response.
1001 */
1002 dict_avp_data_t data = {
1003 19, /* Code */
1004 0, /* Vendor */
1005 "Callback-Number", /* Name */
1006 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1007 AVP_FLAG_MANDATORY, /* Fixed flag values */
1008 AVP_TYPE_OCTETSTRING /* base type of data */
1009 };
1010 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1011 }
1012
1013 /* Callback-Id */
1014 {
1015 /*
1016 The Callback-Id AVP (AVP Code 20) is of type UTF8String and contains
1017 the name of a place to be called, to be interpreted by the NAS. This
1018 AVP MAY be present in an authentication and/or authorization
1019 response.
1020
1021 This AVP is not roaming-friendly as it assumes that the Callback-Id
1022 is configured on the NAS. Using the Callback-Number AVP therefore
1023 preferable.
1024 */
1025 dict_avp_data_t data = {
1026 20, /* Code */
1027 0, /* Vendor */
1028 "Callback-Id", /* Name */
1029 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1030 AVP_FLAG_MANDATORY, /* Fixed flag values */
1031 AVP_TYPE_OCTETSTRING /* base type of data */
1032 };
1033 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1034 }
1035
1036 /* Idle-Timeout */
1037 {
1038 /*
1039 The Idle-Timeout AVP (AVP Code 28) is of type Unsigned32 and sets the
1040 maximum number of consecutive seconds of idle connection allowable to
1041 the user before termination of the session or before a prompt is
1042 issued. The default is none, or system specific.
1043 */
1044 dict_avp_data_t data = {
1045 28, /* Code */
1046 0, /* Vendor */
1047 "Idle-Timeout", /* Name */
1048 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1049 AVP_FLAG_MANDATORY, /* Fixed flag values */
1050 AVP_TYPE_UNSIGNED32 /* base type of data */
1051 };
1052 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1053 }
1054
1055 /* Port-Limit */
1056 {
1057 /*
1058 The Port-Limit AVP (AVP Code 62) is of type Unsigned32 and sets the
1059 maximum number of ports the NAS provides to the user. It MAY be used
1060 in an authentication and/or authorization request as a hint to the
1061 server that multilink PPP [PPPMP] service is desired, but the server
1062 is not required to honor the hint in the corresponding response.
1063 */
1064 dict_avp_data_t data = {
1065 62, /* Code */
1066 0, /* Vendor */
1067 "Port-Limit", /* Name */
1068 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1069 AVP_FLAG_MANDATORY, /* Fixed flag values */
1070 AVP_TYPE_UNSIGNED32 /* base type of data */
1071 };
1072 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1073 }
1074
1075 /* NAS-Filter-Rule */
1076 {
1077 /*
1078 The NAS-Filter-Rule AVP (AVP Code 400) is of type IPFilterRule and
1079 provides filter rules that need to be configured on the NAS for the
1080 user. One or more of these AVPs MAY be present in an authorization
1081 response.
1082 */
1083 dict_avp_data_t data = {
1084 400, /* Code */
1085 0, /* Vendor */
1086 "NAS-Filter-Rule", /* Name */
1087 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1088 AVP_FLAG_MANDATORY, /* Fixed flag values */
1089 AVP_TYPE_OCTETSTRING /* base type of data */
1090 };
1091 CHECK_dict_new( DICT_AVP, &data , IPFilterRule_type, NULL);
1092 }
1093
1094 /* Filter-Id */
1095 {
1096 /*
1097 The Filter-Id AVP (AVP Code 11) is of type UTF8String and contains
1098 the name of the filter list for this user. Zero or more Filter-Id
1099 AVPs MAY be sent in an authorization answer.
1100
1101 Identifying a filter list by name allows the filter to be used on
1102 different NASes without regard to filter-list implementation details.
1103 However, this AVP is not roaming friendly, as filter naming differs
1104 from one service provider to another.
1105
1106 In non-RADIUS environments, it is RECOMMENDED that the NAS-Filter-
1107 Rule AVP be used instead.
1108 */
1109 dict_avp_data_t data = {
1110 11, /* Code */
1111 0, /* Vendor */
1112 "Filter-Id", /* Name */
1113 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1114 AVP_FLAG_MANDATORY, /* Fixed flag values */
1115 AVP_TYPE_OCTETSTRING /* base type of data */
1116 };
1117 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1118 }
1119
1120 /* Configuration-Token */
1121 {
1122 /*
1123 The Configuration-Token AVP (AVP Code 78) is of type OctetString and
1124 is sent by a Diameter Server to a Diameter Proxy Agent or Translation
1125 Agent in an AA-Answer command to indicate a type of user profile to
1126 be used. It should not be sent to a Diameter Client (NAS).
1127
1128 The format of the Data field of this AVP is site specific.
1129 */
1130 dict_avp_data_t data = {
1131 78, /* Code */
1132 0, /* Vendor */
1133 "Configuration-Token", /* Name */
1134 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1135 AVP_FLAG_MANDATORY, /* Fixed flag values */
1136 AVP_TYPE_OCTETSTRING /* base type of data */
1137 };
1138 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1139 }
1140
1141 /* QoS-Filter-Rule */
1142 {
1143 /*
1144 The QoS-Filter-Rule AVP (AVP Code 407) is of type QoSFilterRule and
1145 provides QoS filter rules that need to be configured on the NAS for
1146 the user. One or more such AVPs MAY be present in an authorization
1147 response.
1148 */
1149 dict_avp_data_t data = {
1150 407, /* Code */
1151 0, /* Vendor */
1152 "QoS-Filter-Rule", /* Name */
1153 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1154 AVP_FLAG_MANDATORY, /* Fixed flag values */
1155 AVP_TYPE_OCTETSTRING /* base type of data */
1156 };
1157 CHECK_dict_new( DICT_AVP, &data , QoSFilterRule_type, NULL);
1158 }
1159
1160 /*** Framed Access Authorization AVPs ***/
1161
1162 /* Framed-Protocol */
1163 {
1164 /*
1165 The Framed-Protocol AVP (AVP Code 7) is of type Enumerated and
1166 contains the framing to be used for framed access. This AVP MAY be
1167 present in both requests and responses. The supported values are
1168 listed in [RADIUSTypes].
1169
1170 Sub-registry: Values for RADIUS Attribute 7, Framed-Protocol
1171 Reference: [RFC2865]
1172 */
1173 dict_object_t * type;
1174 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Protocol)" , NULL, NULL};
1175 dict_type_enum_data_t tvals[] = {
1176 enum_val_def( 1, "PPP"),
1177 enum_val_def( 2, "SLIP"),
1178 enum_val_def( 3, "AppleTalk Remote Access Protocol (ARAP)"),
1179 enum_val_def( 4, "Gandalf proprietary SingleLink/MultiLink protocol"),
1180 enum_val_def( 5, "Xylogics proprietary IPX/SLIP"),
1181 enum_val_def( 6, "X.75 Synchronous"),
1182 enum_val_def( 7, "GPRS PDP Context [Moore]")
1183 };
1184 dict_avp_data_t data = {
1185 7, /* Code */
1186 0, /* Vendor */
1187 "Framed-Protocol", /* Name */
1188 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1189 AVP_FLAG_MANDATORY, /* Fixed flag values */
1190 AVP_TYPE_UNSIGNED32 /* base type of data */
1191 };
1192 int i;
1193 /* Create the Enumerated type, enumerated values, and the AVP */
1194 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1195 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1196 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
1197 }
1198 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1199 }
1200
1201 /* Framed-Routing */
1202 {
1203 /*
1204 The Framed-Routing AVP (AVP Code 10) is of type Enumerated and
1205 contains the routing method for the user when the user is a router to
1206 a network. This AVP SHOULD only be present in authorization
1207 responses. The supported values are listed in [RADIUSTypes].
1208
1209 Sub-registry: Values for RADIUS Attribute 10, Framed-Routing
1210 Reference: [RFC2865]
1211 */
1212 dict_object_t * type;
1213 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Routing)" , NULL, NULL};
1214 dict_type_enum_data_t tvals[] = {
1215 enum_val_def( 0, "None"),
1216 enum_val_def( 1, "Send routing packets"),
1217 enum_val_def( 2, "Listen for routing packets"),
1218 enum_val_def( 3, "Send and Listen")
1219 };
1220 dict_avp_data_t data = {
1221 10, /* Code */
1222 0, /* Vendor */
1223 "Framed-Routing", /* Name */
1224 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1225 AVP_FLAG_MANDATORY, /* Fixed flag values */
1226 AVP_TYPE_UNSIGNED32 /* base type of data */
1227 };
1228 int i;
1229 /* Create the Enumerated type, enumerated values, and the AVP */
1230 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1231 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1232 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
1233 }
1234 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1235 }
1236
1237 /* Framed-MTU */
1238 {
1239 /*
1240 The Framed-MTU AVP (AVP Code 12) is of type Unsigned32 and contains
1241 the Maximum Transmission Unit to be configured for the user, when it
1242 is not negotiated by some other means (such as PPP). This AVP SHOULD
1243 only be present in authorization responses. The MTU value MUST be in
1244 the range from 64 to 65535.
1245 */
1246 dict_avp_data_t data = {
1247 12, /* Code */
1248 0, /* Vendor */
1249 "Framed-MTU", /* Name */
1250 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1251 AVP_FLAG_MANDATORY, /* Fixed flag values */
1252 AVP_TYPE_UNSIGNED32 /* base type of data */
1253 };
1254 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1255 }
1256
1257 /* Framed-Compression */
1258 {
1259 /*
1260 The Framed-Compression AVP (AVP Code 13) is of type Enumerated and
1261 contains the compression protocol to be used for the link. It MAY be
1262 used in an authorization request as a hint to the server that a
1263 specific compression type is desired, but the server is not required
1264 to honor the hint in the corresponding response.
1265
1266 More than one compression protocol AVP MAY be sent. The NAS is
1267 responsible for applying the proper compression protocol to the
1268 appropriate link traffic.
1269
1270 The supported values are listed in [RADIUSTypes].
1271 Sub-registry: Values for RADIUS Attribute 13, Framed-Compression
1272 Reference: [RFC2865]
1273 */
1274 dict_object_t * type;
1275 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Compression)" , NULL, NULL};
1276 dict_type_enum_data_t tvals[] = {
1277 enum_val_def( 0, "None"),
1278 enum_val_def( 1, "VJ TCP/IP header compression"),
1279 enum_val_def( 2, "IPX header compression"),
1280 enum_val_def( 3, "Stac-LZS compression")
1281 };
1282 dict_avp_data_t data = {
1283 13, /* Code */
1284 0, /* Vendor */
1285 "Framed-Compression", /* Name */
1286 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1287 AVP_FLAG_MANDATORY, /* Fixed flag values */
1288 AVP_TYPE_UNSIGNED32 /* base type of data */
1289 };
1290 int i;
1291 /* Create the Enumerated type, enumerated values, and the AVP */
1292 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1293 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1294 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
1295 }
1296 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1297 }
1298
1299 /*** IP Access Authorization AVPs ***/
1300
1301 /* Framed-IP-Address */
1302 {
1303 /*
1304 The Framed-IP-Address AVP (AVP Code 8) [RADIUS] is of type
1305 OctetString and contains an IPv4 address of the type specified in the
1306 attribute value to be configured for the user. It MAY be used in an
1307 authorization request as a hint to the server that a specific address
1308 is desired, but the server is not required to honor the hint in the
1309 corresponding response.
1310
1311 Two values have special significance: 0xFFFFFFFF and 0xFFFFFFFE. The
1312 value 0xFFFFFFFF indicates that the NAS should allow the user to
1313 select an address (i.e., negotiated). The value 0xFFFFFFFE indicates
1314 that the NAS should select an address for the user (e.g., assigned
1315 from a pool of addresses kept by the NAS).
1316 */
1317 dict_avp_data_t data = {
1318 8, /* Code */
1319 0, /* Vendor */
1320 "Framed-IP-Address", /* Name */
1321 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1322 AVP_FLAG_MANDATORY, /* Fixed flag values */
1323 AVP_TYPE_OCTETSTRING /* base type of data */
1324 };
1325 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1326 }
1327
1328 /* Framed-IP-Netmask */
1329 {
1330 /*
1331 The Framed-IP-Netmask AVP (AVP Code 9) is of type OctetString and
1332 contains the four octets of the IPv4 netmask to be configured for the
1333 user when the user is a router to a network. It MAY be used in an
1334 authorization request as a hint to the server that a specific netmask
1335 is desired, but the server is not required to honor the hint in the
1336 corresponding response. This AVP MUST be present in a response if
1337 the request included this AVP with a value of 0xFFFFFFFF.
1338 */
1339 dict_avp_data_t data = {
1340 9, /* Code */
1341 0, /* Vendor */
1342 "Framed-IP-Netmask", /* Name */
1343 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1344 AVP_FLAG_MANDATORY, /* Fixed flag values */
1345 AVP_TYPE_OCTETSTRING /* base type of data */
1346 };
1347 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1348 }
1349
1350 /* Framed-Route */
1351 {
1352 /*
1353 The Framed-Route AVP (AVP Code 22) is of type UTF8String and contains
1354 the ASCII routing information to be configured for the user on the
1355 NAS. Zero or more of these AVPs MAY be present in an authorization
1356 response.
1357
1358 The string MUST contain a destination prefix in dotted quad form
1359 optionally followed by a slash and a decimal length specifier stating
1360 how many high-order bits of the prefix should be used. This is
1361 followed by a space, a gateway address in dotted quad form, a space,
1362 and one or more metrics separated by spaces; for example,
1363
1364 "192.168.1.0/24 192.168.1.1 1".
1365
1366 The length specifier may be omitted, in which case it should default
1367 to 8 bits for class A prefixes, to 16 bits for class B prefixes, and
1368 to 24 bits for class C prefixes; for example,
1369
1370 "192.168.1.0 192.168.1.1 1".
1371
1372 Whenever the gateway address is specified as "0.0.0.0" the IP address
1373 of the user SHOULD be used as the gateway address.
1374 */
1375 dict_avp_data_t data = {
1376 22, /* Code */
1377 0, /* Vendor */
1378 "Framed-Route", /* Name */
1379 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1380 AVP_FLAG_MANDATORY, /* Fixed flag values */
1381 AVP_TYPE_OCTETSTRING /* base type of data */
1382 };
1383 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1384 }
1385
1386 /* Framed-Pool */
1387 {
1388 /*
1389 The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains
1390 the name of an assigned address pool that SHOULD be used to assign an
1391 address for the user. If a NAS does not support multiple address
1392 pools, the NAS SHOULD ignore this AVP. Address pools are usually
1393 used for IP addresses but can be used for other protocols if the NAS
1394 supports pools for those protocols.
1395
1396 Although specified as type OctetString for compatibility with RADIUS
1397 [RADIUSExt], the encoding of the Data field SHOULD also conform to
1398 the rules for the UTF8String Data Format.
1399 */
1400 dict_avp_data_t data = {
1401 88, /* Code */
1402 0, /* Vendor */
1403 "Framed-Pool", /* Name */
1404 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1405 AVP_FLAG_MANDATORY, /* Fixed flag values */
1406 AVP_TYPE_OCTETSTRING /* base type of data */
1407 };
1408 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1409 }
1410
1411 /* Framed-Interface-Id */
1412 {
1413 /*
1414 The Framed-Interface-Id AVP (AVP Code 96) is of type Unsigned64 and
1415 contains the IPv6 interface identifier to be configured for the user.
1416 It MAY be used in authorization requests as a hint to the server that
1417 a specific interface id is desired, but the server is not required to
1418 honor the hint in the corresponding response.
1419 */
1420 dict_avp_data_t data = {
1421 96, /* Code */
1422 0, /* Vendor */
1423 "Framed-Interface-Id", /* Name */
1424 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1425 AVP_FLAG_MANDATORY, /* Fixed flag values */
1426 AVP_TYPE_UNSIGNED64 /* base type of data */
1427 };
1428 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1429 }
1430
1431 /* Framed-IPv6-Prefix */
1432 {
1433 /*
1434 The Framed-IPv6-Prefix AVP (AVP Code 97) is of type OctetString and
1435 contains the IPv6 prefix to be configured for the user. One or more
1436 AVPs MAY be used in authorization requests as a hint to the server
1437 that specific IPv6 prefixes are desired, but the server is not
1438 required to honor the hint in the corresponding response.
1439 */
1440 dict_avp_data_t data = {
1441 97, /* Code */
1442 0, /* Vendor */
1443 "Framed-IPv6-Prefix", /* Name */
1444 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1445 AVP_FLAG_MANDATORY, /* Fixed flag values */
1446 AVP_TYPE_OCTETSTRING /* base type of data */
1447 };
1448 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1449 }
1450
1451 /* Framed-IPv6-Route */
1452 {
1453 /*
1454 The Framed-IPv6-Route AVP (AVP Code 99) is of type UTF8String and
1455 contains the ASCII routing information to be configured for the user
1456 on the NAS. Zero or more of these AVPs MAY be present in an
1457 authorization response.
1458
1459 The string MUST contain an IPv6 address prefix followed by a slash
1460 and a decimal length specifier stating how many high order bits of
1461 the prefix should be used. This is followed by a space, a gateway
1462 address in hexadecimal notation, a space, and one or more metrics
1463 separated by spaces; for example,
1464
1465 "2000:0:0:106::/64 2000::106:a00:20ff:fe99:a998 1".
1466
1467 Whenever the gateway address is the IPv6 unspecified address, the IP
1468 address of the user SHOULD be used as the gateway address, such as
1469 in:
1470
1471 "2000:0:0:106::/64 :: 1".
1472 */
1473 dict_avp_data_t data = {
1474 99, /* Code */
1475 0, /* Vendor */
1476 "Framed-IPv6-Route", /* Name */
1477 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1478 AVP_FLAG_MANDATORY, /* Fixed flag values */
1479 AVP_TYPE_OCTETSTRING /* base type of data */
1480 };
1481 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
1482 }
1483
1484 /* Framed-IPv6-Pool */
1485 {
1486 /*
1487 The Framed-IPv6-Pool AVP (AVP Code 100) is of type OctetString and
1488 contains the name of an assigned pool that SHOULD be used to assign
1489 an IPv6 prefix for the user. If the access device does not support
1490 multiple prefix pools, it MUST ignore this AVP.
1491
1492 Although specified as type OctetString for compatibility with RADIUS
1493 [RADIUSIPv6], the encoding of the Data field SHOULD also conform to
1494 the rules for the UTF8String Data Format.
1495 */
1496 dict_avp_data_t data = {
1497 100, /* Code */
1498 0, /* Vendor */
1499 "Framed-IPv6-Pool", /* Name */
1500 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1501 AVP_FLAG_MANDATORY, /* Fixed flag values */
1502 AVP_TYPE_OCTETSTRING /* base type of data */
1503 };
1504 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1505 }
1506
1507 /*** IPX Access ***/
1508
1509 /* Framed-IPX-Network */
1510 {
1511 /*
1512 The Framed-IPX-Network AVP (AVP Code 23) is of type Unsigned32 and
1513 contains the IPX Network number to be configured for the user. It
1514 MAY be used in an authorization request as a hint to the server that
1515 a specific address is desired, but the server is not required to
1516 honor the hint in the corresponding response.
1517
1518 Two addresses have special significance: 0xFFFFFFFF and 0xFFFFFFFE.
1519 The value 0xFFFFFFFF indicates that the NAS should allow the user to
1520 select an address (i.e., Negotiated). The value 0xFFFFFFFE indicates
1521 that the NAS should select an address for the user (e.g., assign it
1522 from a pool of one or more IPX networks kept by the NAS).
1523 */
1524 dict_avp_data_t data = {
1525 23, /* Code */
1526 0, /* Vendor */
1527 "Framed-IPX-Network", /* Name */
1528 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1529 AVP_FLAG_MANDATORY, /* Fixed flag values */
1530 AVP_TYPE_UNSIGNED32 /* base type of data */
1531 };
1532 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1533 }
1534
1535 /*** AppleTalk Network Access ***/
1536
1537 /* Framed-AppleTalk-Link */
1538 {
1539 /*
1540 The Framed-AppleTalk-Link AVP (AVP Code 37) is of type Unsigned32 and
1541 contains the AppleTalk network number that should be used for the
1542 serial link to the user, which is another AppleTalk router. This AVP
1543 MUST only be present in an authorization response and is never used
1544 when the user is not another router.
1545
1546 Despite the size of the field, values range from 0 to 65,535. The
1547 special value of 0 indicates an unnumbered serial link. A value of 1
1548 to 65,535 means that the serial line between the NAS and the user
1549 should be assigned that value as an AppleTalk network number.
1550 */
1551 dict_avp_data_t data = {
1552 37, /* Code */
1553 0, /* Vendor */
1554 "Framed-AppleTalk-Link", /* Name */
1555 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1556 AVP_FLAG_MANDATORY, /* Fixed flag values */
1557 AVP_TYPE_UNSIGNED32 /* base type of data */
1558 };
1559 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1560 }
1561
1562 /* Framed-AppleTalk-Network */
1563 {
1564 /*
1565 The Framed-AppleTalk-Network AVP (AVP Code 38) is of type Unsigned32
1566 and contains the AppleTalk Network number that the NAS should probe
1567 to allocate an AppleTalk node for the user. This AVP MUST only be
1568 present in an authorization response and is never used when the user
1569 is not another router. Multiple instances of this AVP indicate that
1570 the NAS may probe, using any of the network numbers specified.
1571
1572 Despite the size of the field, values range from 0 to 65,535. The
1573 special value 0 indicates that the NAS should assign a network for
1574 the user, using its default cable range. A value between 1 and
1575 65,535 (inclusive) indicates to the AppleTalk Network that the NAS
1576 should probe to find an address for the user.
1577 */
1578 dict_avp_data_t data = {
1579 38, /* Code */
1580 0, /* Vendor */
1581 "Framed-AppleTalk-Network", /* Name */
1582 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1583 AVP_FLAG_MANDATORY, /* Fixed flag values */
1584 AVP_TYPE_UNSIGNED32 /* base type of data */
1585 };
1586 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1587 }
1588
1589 /* Framed-AppleTalk-Zone */
1590 {
1591 /*
1592 The Framed-AppleTalk-Zone AVP (AVP Code 39) is of type OctetString
1593 and contains the AppleTalk Default Zone to be used for this user.
1594 This AVP MUST only be present in an authorization response. Multiple
1595 instances of this AVP in the same message are not allowed.
1596
1597 The codification of this field's allowed range is outside the scope
1598 of this specification.
1599 */
1600 dict_avp_data_t data = {
1601 39, /* Code */
1602 0, /* Vendor */
1603 "Framed-AppleTalk-Zone", /* Name */
1604 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1605 AVP_FLAG_MANDATORY, /* Fixed flag values */
1606 AVP_TYPE_OCTETSTRING /* base type of data */
1607 };
1608 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1609 }
1610
1611 /*** AppleTalk Remote Access [RFC2869] ***/
1612
1613 /* ARAP-Features */
1614 {
1615 /*
1616 The ARAP-Features AVP (AVP Code 71) is of type OctetString and MAY be
1617 present in the AA-Accept message if the Framed-Protocol AVP is set to
1618 the value of ARAP. See [RADIUSExt] for more information about the
1619 format of this AVP.
1620 */
1621 dict_avp_data_t data = {
1622 71, /* Code */
1623 0, /* Vendor */
1624 "ARAP-Features", /* Name */
1625 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1626 AVP_FLAG_MANDATORY, /* Fixed flag values */
1627 AVP_TYPE_OCTETSTRING /* base type of data */
1628 };
1629 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1630 }
1631
1632 /* ARAP-Zone-Access */
1633 {
1634 /*
1635 The ARAP-Zone-Access AVP (AVP Code 72) is of type Enumerated and MAY
1636 be present in the AA-Accept message if the Framed-Protocol AVP is set
1637 to the value of ARAP.
1638
1639 The supported values are listed in [RADIUSTypes] and defined in
1640 [RADIUSExt].
1641 Sub-registry: Values for RADIUS Attribute 72, ARAP-Zone-Access
1642 Reference: [RFC2869]
1643 */
1644 dict_object_t * type;
1645 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(ARAP-Zone-Access)" , NULL, NULL};
1646 dict_type_enum_data_t tvals[] = {
1647 enum_val_def( 1, "Only allow access to default zone [RFC2869]"),
1648 enum_val_def( 2, "Use zone filter inclusively [RFC2869]"),
1649 enum_val_def( 3, "Not used [RFC2869]"),
1650 enum_val_def( 4, "Use zone filter exclusively [RFC2869]")
1651 };
1652 dict_avp_data_t data = {
1653 72, /* Code */
1654 0, /* Vendor */
1655 "ARAP-Zone-Access", /* Name */
1656 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1657 AVP_FLAG_MANDATORY, /* Fixed flag values */
1658 AVP_TYPE_UNSIGNED32 /* base type of data */
1659 };
1660 int i;
1661 /* Create the Enumerated type, enumerated values, and the AVP */
1662 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1663 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1664 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
1665 }
1666 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1667 }
1668
1669 /*** Non-Framed Access Authorization AVPs ***/
1670
1671 /* Login-IP-Host */
1672 {
1673 /*
1674 The Login-IP-Host AVP (AVP Code 14) [RADIUS] is of type OctetString
1675 and contains the IPv4 address of a host with which to connect the
1676 user when the Login-Service AVP is included. It MAY be used in an
1677 AA-Request command as a hint to the Diameter Server that a specific
1678 host is desired, but the Diameter Server is not required to honor the
1679 hint in the AA-Answer.
1680
1681 Two addresses have special significance: all ones and 0. The value
1682 of all ones indicates that the NAS SHOULD allow the user to select an
1683 address. The value 0 indicates that the NAS SHOULD select a host to
1684 connect the user to.
1685 */
1686 dict_avp_data_t data = {
1687 14, /* Code */
1688 0, /* Vendor */
1689 "Login-IP-Host", /* Name */
1690 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1691 AVP_FLAG_MANDATORY, /* Fixed flag values */
1692 AVP_TYPE_OCTETSTRING /* base type of data */
1693 };
1694 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1695 }
1696
1697 /* Login-IPv6-Host */
1698 {
1699 /*
1700 The Login-IPv6-Host AVP (AVP Code 98) [RADIUSIPv6] is of type
1701 OctetString and contains the IPv6 address of a host with which to
1702 connect the user when the Login-Service AVP is included. It MAY be
1703 used in an AA-Request command as a hint to the Diameter Server that a
1704 specific host is desired, but the Diameter Server is not required to
1705 honor the hint in the AA-Answer.
1706
1707 Two addresses have special significance:
1708
1709 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF and 0. The value
1710 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF indicates that the NAS SHOULD
1711 allow the user to select an address. The value 0 indicates that the
1712 NAS SHOULD select a host to connect the user to.
1713
1714 */
1715 dict_avp_data_t data = {
1716 98, /* Code */
1717 0, /* Vendor */
1718 "Login-IPv6-Host", /* Name */
1719 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1720 AVP_FLAG_MANDATORY, /* Fixed flag values */
1721 AVP_TYPE_OCTETSTRING /* base type of data */
1722 };
1723 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1724 }
1725
1726 /* Login-Service */
1727 {
1728 /*
1729 The Login-Service AVP (AVP Code 15) is of type Enumerated and
1730 contains the service that should be used to connect the user to the
1731 login host. This AVP SHOULD only be present in authorization
1732 responses.
1733
1734 The supported values are listed in [RADIUSTypes].
1735 Sub-registry: Values for RADIUS Attribute 15, Login-Service
1736 Reference: [RFC2865]
1737 */
1738 dict_object_t * type;
1739 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Login-Service)" , NULL, NULL};
1740 dict_type_enum_data_t tvals[] = {
1741 enum_val_def( 0, "Telnet"),
1742 enum_val_def( 1, "Rlogin"),
1743 enum_val_def( 2, "TCP Clear"),
1744 enum_val_def( 3, "PortMaster (proprietary)"),
1745 enum_val_def( 4, "LAT"),
1746 enum_val_def( 5, "X25-PAD"),
1747 enum_val_def( 6, "X25-T3POS"),
1748 enum_val_def( 8, "TCP Clear Quiet (suppresses any NAS-generated connect string)")
1749 };
1750 dict_avp_data_t data = {
1751 15, /* Code */
1752 0, /* Vendor */
1753 "Login-Service", /* Name */
1754 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1755 AVP_FLAG_MANDATORY, /* Fixed flag values */
1756 AVP_TYPE_UNSIGNED32 /* base type of data */
1757 };
1758 int i;
1759 /* Create the Enumerated type, enumerated values, and the AVP */
1760 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
1761 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
1762 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
1763 }
1764 CHECK_dict_new( DICT_AVP, &data , type, NULL);
1765 }
1766
1767 /*** TCP Services ***/
1768
1769 /* Login-TCP-Port */
1770 {
1771 /*
1772 The Login-TCP-Port AVP (AVP Code 16) is of type Unsigned32 and
1773 contains the TCP port with which the user is to be connected when the
1774 Login-Service AVP is also present. This AVP SHOULD only be present
1775 in authorization responses. The value MUST NOT be greater than
1776 65,535.
1777 */
1778 dict_avp_data_t data = {
1779 16, /* Code */
1780 0, /* Vendor */
1781 "Login-TCP-Port", /* Name */
1782 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1783 AVP_FLAG_MANDATORY, /* Fixed flag values */
1784 AVP_TYPE_UNSIGNED32 /* base type of data */
1785 };
1786 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1787 }
1788
1789 /*** LAT Services ***/
1790
1791 /* Login-LAT-Service */
1792 {
1793 /*
1794 The Login-LAT-Service AVP (AVP Code 34) is of type OctetString and
1795 contains the system with which the user is to be connected by LAT.
1796 It MAY be used in an authorization request as a hint to the server
1797 that a specific service is desired, but the server is not required to
1798 honor the hint in the corresponding response. This AVP MUST only be
1799 present in the response if the Login-Service AVP states that LAT is
1800 desired.
1801
1802 Administrators use this service attribute when dealing with clustered
1803 systems, such as a VAX or Alpha cluster. In these environments,
1804 several different time-sharing hosts share the same resources (disks,
1805 printers, etc.), and administrators often configure each host to
1806 offer access (service) to each of the shared resources. In this
1807 case, each host in the cluster advertises its services through LAT
1808 broadcasts.
1809
1810 Sophisticated users often know which service providers (machines) are
1811 faster and tend to use a node name when initiating a LAT connection.
1812 Some administrators want particular users to use certain machines as
1813 a primitive form of load balancing (although LAT knows how to do load
1814 balancing itself).
1815
1816 The String field contains the identity of the LAT service to use.
1817 The LAT Architecture allows this string to contain $ (dollar), -
1818 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase
1819 alphabetics, and the ISO Latin-1 character set extension [ISOLatin].
1820 All LAT string comparisons are case insensitive.
1821 */
1822 dict_avp_data_t data = {
1823 34, /* Code */
1824 0, /* Vendor */
1825 "Login-LAT-Service", /* Name */
1826 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1827 AVP_FLAG_MANDATORY, /* Fixed flag values */
1828 AVP_TYPE_OCTETSTRING /* base type of data */
1829 };
1830 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1831 }
1832
1833 /* Login-LAT-Node */
1834 {
1835 /*
1836 The Login-LAT-Node AVP (AVP Code 35) is of type OctetString and
1837 contains the Node with which the user is to be automatically
1838 connected by LAT. It MAY be used in an authorization request as a
1839 hint to the server that a specific LAT node is desired, but the
1840 server is not required to honor the hint in the corresponding
1841 response. This AVP MUST only be present in a response if the Login-
1842 Service-Type AVP is set to LAT.
1843
1844 The String field contains the identity of the LAT service to use.
1845 The LAT Architecture allows this string to contain $ (dollar), -
1846 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase
1847 alphabetics, and the ISO Latin-1 character set extension [ISOLatin].
1848 All LAT string comparisons are case insensitive.
1849 */
1850 dict_avp_data_t data = {
1851 35, /* Code */
1852 0, /* Vendor */
1853 "Login-LAT-Node", /* Name */
1854 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1855 AVP_FLAG_MANDATORY, /* Fixed flag values */
1856 AVP_TYPE_OCTETSTRING /* base type of data */
1857 };
1858 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1859 }
1860
1861 /* Login-LAT-Group */
1862 {
1863 /*
1864 The Login-LAT-Group AVP (AVP Code 36) is of type OctetString and
1865 contains a string identifying the LAT group codes this user is
1866 authorized to use. It MAY be used in an authorization request as a
1867 hint to the server that a specific group is desired, but the server
1868 is not required to honor the hint in the corresponding response.
1869 This AVP MUST only be present in a response if the Login-Service-Type
1870 AVP is set to LAT.
1871
1872 LAT supports 256 different group codes, which LAT uses as a form of
1873 access rights. LAT encodes the group codes as a 256-bit bitmap.
1874
1875 Administrators can assign one or more of the group code bits at the
1876 LAT service provider; it will only accept LAT connections that have
1877 these group codes set in the bitmap. The administrators assign a
1878 bitmap of authorized group codes to each user. LAT gets these from
1879 the operating system and uses them in its requests to the service
1880 providers.
1881
1882 The codification of the range of allowed usage of this field is
1883 outside the scope of this specification.
1884 */
1885 dict_avp_data_t data = {
1886 36, /* Code */
1887 0, /* Vendor */
1888 "Login-LAT-Group", /* Name */
1889 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1890 AVP_FLAG_MANDATORY, /* Fixed flag values */
1891 AVP_TYPE_OCTETSTRING /* base type of data */
1892 };
1893 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1894 }
1895
1896 /* Login-LAT-Port */
1897 {
1898 /*
1899 The Login-LAT-Port AVP (AVP Code 63) is of type OctetString and
1900 contains the Port with which the user is to be connected by LAT. It
1901 MAY be used in an authorization request as a hint to the server that
1902 a specific port is desired, but the server is not required to honor
1903 the hint in the corresponding response. This AVP MUST only be
1904 present in a response if the Login-Service-Type AVP is set to LAT.
1905
1906 The String field contains the identity of the LAT service to use.
1907 The LAT Architecture allows this string to contain $ (dollar), -
1908 (hyphen), . (period), _ (underscore), numerics, upper- and lower-case
1909 alphabetics, and the ISO Latin-1 character set extension [ISOLatin].
1910 All LAT string comparisons are case insensitive.
1911 */
1912 dict_avp_data_t data = {
1913 63, /* Code */
1914 0, /* Vendor */
1915 "Login-LAT-Port", /* Name */
1916 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1917 AVP_FLAG_MANDATORY, /* Fixed flag values */
1918 AVP_TYPE_OCTETSTRING /* base type of data */
1919 };
1920 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
1921 }
1922
1923 /********************************
1924 * NAS Tunneling AVPs *
1925 ********************************/
1926 /* Tunneling */
1927 {
1928 /*
1929 The Tunneling AVP (AVP Code 401) is of type Grouped and contains the
1930 following AVPs, used to describe a compulsory tunnel service:
1931 [RADTunnels], [RADTunlAcct]. Its data field has the following ABNF
1932 grammar:
1933
1934 Tunneling ::= < AVP Header: 401 >
1935 { Tunnel-Type }
1936 { Tunnel-Medium-Type }
1937 { Tunnel-Client-Endpoint }
1938 { Tunnel-Server-Endpoint }
1939 [ Tunnel-Preference ]
1940 [ Tunnel-Client-Auth-Id ]
1941 [ Tunnel-Server-Auth-Id ]
1942 [ Tunnel-Assignment-Id ]
1943 [ Tunnel-Password ]
1944 [ Tunnel-Private-Group-Id ]
1945 */
1946 dict_object_t * Tunneling_avp;
1947 dict_object_t * Tunnel_Type_avp;
1948 dict_object_t * Tunnel_Medium_Type_avp;
1949 dict_object_t * Tunnel_Client_Endpoint_avp;
1950 dict_object_t * Tunnel_Server_Endpoint_avp;
1951 dict_object_t * Tunnel_Preference_avp;
1952 dict_object_t * Tunnel_Client_Auth_Id_avp;
1953 dict_object_t * Tunnel_Server_Auth_Id_avp;
1954 dict_object_t * Tunnel_Assignment_Id_avp;
1955 dict_object_t * Tunnel_Password_avp;
1956 dict_object_t * Tunnel_Private_Group_Id_avp;
1957
1958 dict_avp_data_t data = {
1959 401, /* Code */
1960 0, /* Vendor */
1961 "Tunneling", /* Name */
1962 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
1963 AVP_FLAG_MANDATORY, /* Fixed flag values */
1964 AVP_TYPE_GROUPED /* base type of data */
1965 };
1966 CHECK_dict_new( DICT_AVP, &data , NULL, &Tunneling_avp);
1967
1968 /* Tunnel-Type */
1969 {
1970 /*
1971 The Tunnel-Type AVP (AVP Code 64) is of type Enumerated and contains
1972 the tunneling protocol(s) to be used (in the case of a tunnel
1973 initiator) or in use (in the case of a tunnel terminator). It MAY be
1974 used in an authorization request as a hint to the server that a
1975 specific tunnel type is desired, but the server is not required to
1976 honor the hint in the corresponding response.
1977
1978 The Tunnel-Type AVP SHOULD also be included in Accounting-Request
1979 messages.
1980
1981 A tunnel initiator is not required to implement any of these tunnel
1982 types. If a tunnel initiator receives a response that contains only
1983 unknown or unsupported Tunnel-Types, the tunnel initiator MUST behave
1984 as though a response were received with the Result-Code indicating a
1985 failure.
1986
1987 The supported values are listed in [RADIUSTypes].
1988 Sub-registry: Values for RADIUS Attribute 64, Tunnel-Type
1989 Reference: [RFC2868]
1990 */
1991 dict_object_t * type;
1992 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Type)" , NULL, NULL};
1993 dict_type_enum_data_t tvals[] = {
1994 enum_val_def( 1, "Point-to-Point Tunneling Protocol (PPTP) [RFC2868]"),
1995 enum_val_def( 2, "Layer Two Forwarding (L2F) [RFC2868]"),
1996 enum_val_def( 3, "Layer Two Tunneling Protocol (L2TP) [RFC2868]"),
1997 enum_val_def( 4, "Ascend Tunnel Management Protocol (ATMP) [RFC2868]"),
1998 enum_val_def( 5, "Virtual Tunneling Protocol (VTP) [RFC2868]"),
1999 enum_val_def( 6, "IP Authentication Header in the Tunnel-mode (AH) [RFC2868]"),
2000 enum_val_def( 7, "IP-in-IP Encapsulation (IP-IP) [RFC2868]"),
2001 enum_val_def( 8, "Minimal IP-in-IP Encapsulation (MIN-IP-IP) [RFC2868]"),
2002 enum_val_def( 9, "IP Encapsulating Security Payload in the Tunnel-mode (ESP) [RFC2868]"),
2003 enum_val_def(10, "Generic Route Encapsulation (GRE) [RFC2868]"),
2004 enum_val_def(11, "Bay Dial Virtual Services (DVS) [RFC2868]"),
2005 enum_val_def(12, "IP-in-IP Tunneling [RFC2868]"),
2006 enum_val_def(13, "Virtual LANs (VLAN) [RFC3580]")
2007 };
2008 dict_avp_data_t adata = {
2009 64, /* Code */
2010 0, /* Vendor */
2011 "Tunnel-Type", /* Name */
2012 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2013 AVP_FLAG_MANDATORY, /* Fixed flag values */
2014 AVP_TYPE_UNSIGNED32 /* base type of data */
2015 };
2016 int i;
2017 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2018 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2019 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
2020 }
2021 CHECK_dict_new( DICT_AVP, &adata , type, &Tunnel_Type_avp);
2022 }
2023
2024 /* Tunnel-Medium-Type */
2025 {
2026 /*
2027 The Tunnel-Medium-Type AVP (AVP Code 65) is of type Enumerated and
2028 contains the transport medium to use when creating a tunnel for
2029 protocols (such as L2TP) that can operate over multiple transports.
2030 It MAY be used in an authorization request as a hint to the server
2031 that a specific medium is desired, but the server is not required to
2032 honor the hint in the corresponding response.
2033
2034 The supported values are listed in [RADIUSTypes].
2035 Sub-registry: Values for RADIUS Attribute 65, Tunnel-Medium-Type
2036 Reference: [RFC2868]
2037 */
2038 dict_object_t * type;
2039 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Medium-Type)" , NULL, NULL};
2040 dict_type_enum_data_t tvals[] = {
2041 enum_val_def( 1, "IPv4 (IP version 4) [RFC2868]"),
2042 enum_val_def( 2, "IPv6 (IP version 6) [RFC2868]"),
2043 enum_val_def( 3, "NSAP [RFC2868]"),
2044 enum_val_def( 4, "HDLC (8-bit multidrop) [RFC2868]"),
2045 enum_val_def( 5, "BBN 1822 [RFC2868]"),
2046 enum_val_def( 6, "802 (includes all 802 media plus Ethernet \"canonical format\") [RFC2868]"),
2047 enum_val_def( 7, "E.163 (POTS) [RFC2868]"),
2048 enum_val_def( 8, "E.164 (SMDS, Frame Relay, ATM) [RFC2868]"),
2049 enum_val_def( 9, "F.69 (Telex) [RFC2868]"),
2050 enum_val_def(10, "X.121 (X.25, Frame Relay) [RFC2868]"),
2051 enum_val_def(11, "IPX [RFC2868]"),
2052 enum_val_def(12, "Appletalk [RFC2868]"),
2053 enum_val_def(13, "Decnet IV [RFC2868]"),
2054 enum_val_def(14, "Banyan Vines [RFC2868]"),
2055 enum_val_def(15, "E.164 with NSAP format subaddress [RFC2868]")
2056 };
2057 dict_avp_data_t adata = {
2058 65, /* Code */
2059 0, /* Vendor */
2060 "Tunnel-Medium-Type", /* Name */
2061 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2062 AVP_FLAG_MANDATORY, /* Fixed flag values */
2063 AVP_TYPE_UNSIGNED32 /* base type of data */
2064 };
2065 int i;
2066 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2067 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2068 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
2069 }
2070 CHECK_dict_new( DICT_AVP, &adata , type, &Tunnel_Medium_Type_avp);
2071 }
2072
2073 /* Tunnel-Client-Endpoint */
2074 {
2075 /*
2076 The Tunnel-Client-Endpoint AVP (AVP Code 66) is of type UTF8String
2077 and contains the address of the initiator end of the tunnel. It MAY
2078 be used in an authorization request as a hint to the server that a
2079 specific endpoint is desired, but the server is not required to honor
2080 the hint in the corresponding response.
2081
2082 This AVP SHOULD be included in the corresponding Accounting-Request
2083 messages, in which case it indicates the address from which the
2084 tunnel was initiated. This AVP, along with the Tunnel-Server-
2085 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally
2086 unique means to identify a tunnel for accounting and auditing
2087 purposes.
2088
2089 If Tunnel-Medium-Type is IPv4 (1), then this string is either the
2090 fully qualified domain name (FQDN) of the tunnel client machine, or a
2091 "dotted-decimal" IP address. Implementations MUST support the
2092 dotted-decimal format and SHOULD support the FQDN format for IP
2093 addresses.
2094
2095 If Tunnel-Medium-Type is IPv6 (2), then this string is either the
2096 FQDN of the tunnel client machine, or a text representation of the
2097 address in either the preferred or alternate form [IPv6Addr].
2098 Conforming implementations MUST support the preferred form and SHOULD
2099 support both the alternate text form and the FQDN format for IPv6
2100 addresses.
2101
2102 If Tunnel-Medium-Type is neither IPv4 nor IPv6, then this string is a
2103 tag referring to configuration data local to the Diameter client that
2104 describes the interface or medium-specific client address to use.
2105 */
2106 dict_avp_data_t adata = {
2107 66, /* Code */
2108 0, /* Vendor */
2109 "Tunnel-Client-Endpoint", /* Name */
2110 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2111 AVP_FLAG_MANDATORY, /* Fixed flag values */
2112 AVP_TYPE_OCTETSTRING /* base type of data */
2113 };
2114 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Client_Endpoint_avp);
2115 }
2116
2117 /* Tunnel-Server-Endpoint */
2118 {
2119 /*
2120 The Tunnel-Server-Endpoint AVP (AVP Code 67) is of type UTF8String
2121 and contains the address of the server end of the tunnel. It MAY be
2122 used in an authorization request as a hint to the server that a
2123 specific endpoint is desired, but the server is not required to honor
2124 the hint in the corresponding response.
2125
2126 This AVP SHOULD be included in the corresponding Accounting-Request
2127 messages, in which case it indicates the address from which the
2128 tunnel was initiated. This AVP, along with the Tunnel-Client-
2129 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally
2130 unique means to identify a tunnel for accounting and auditing
2131 purposes.
2132
2133 If Tunnel-Medium-Type is IPv4 (1), then this string is either the
2134 fully qualified domain name (FQDN) of the tunnel server machine, or a
2135 "dotted-decimal" IP address. Implementations MUST support the
2136 dotted-decimal format and SHOULD support the FQDN format for IP
2137 addresses.
2138
2139 If Tunnel-Medium-Type is IPv6 (2), then this string is either the
2140 FQDN of the tunnel server machine, or a text representation of the
2141 address in either the preferred or alternate form [IPv6Addr].
2142 Implementations MUST support the preferred form and SHOULD support
2143 both the alternate text form and the FQDN format for IPv6 addresses.
2144
2145 If Tunnel-Medium-Type is not IPv4 or IPv6, this string is a tag
2146 referring to configuration data local to the Diameter client that
2147 describes the interface or medium-specific server address to use.
2148 */
2149 dict_avp_data_t adata = {
2150 67, /* Code */
2151 0, /* Vendor */
2152 "Tunnel-Server-Endpoint", /* Name */
2153 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2154 AVP_FLAG_MANDATORY, /* Fixed flag values */
2155 AVP_TYPE_OCTETSTRING /* base type of data */
2156 };
2157 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Server_Endpoint_avp);
2158 }
2159
2160 /* Tunnel-Password */
2161 {
2162 /*
2163 The Tunnel-Password AVP (AVP Code 69) is of type OctetString and may
2164 contain a password to be used to authenticate to a remote server.
2165 The Tunnel-Password AVP contains sensitive information. This value
2166 is not protected in the same manner as RADIUS [RADTunnels].
2167
2168 As required in [BASE], Diameter messages are encrypted by using IPsec
2169 or TLS. The Tunnel-Password AVP SHOULD NOT be used in untrusted
2170 proxy environments without encrypting it by using end-to-end security
2171 techniques, such as CMS Security [DiamCMS].
2172 */
2173 dict_avp_data_t adata = {
2174 69, /* Code */
2175 0, /* Vendor */
2176 "Tunnel-Password", /* Name */
2177 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2178 AVP_FLAG_MANDATORY, /* Fixed flag values */
2179 AVP_TYPE_OCTETSTRING /* base type of data */
2180 };
2181 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Password_avp);
2182 }
2183
2184 /* Tunnel-Private-Group-Id */
2185 {
2186 /*
2187 The Tunnel-Private-Group-Id AVP (AVP Code 81) is of type OctetString
2188 and contains the group Id for a particular tunneled session. The
2189 Tunnel-Private-Group-Id AVP MAY be included in an authorization
2190 request if the tunnel initiator can predetermine the group resulting
2191 from a particular connection. It SHOULD be included in the
2192 authorization response if this tunnel session is to be treated as
2193 belonging to a particular private group. Private groups may be used
2194 to associate a tunneled session with a particular group of users.
2195 For example, it MAY be used to facilitate routing of unregistered IP
2196 addresses through a particular interface. This AVP SHOULD be
2197 included in the Accounting-Request messages that pertain to the
2198 tunneled session.
2199 */
2200 dict_avp_data_t adata = {
2201 81, /* Code */
2202 0, /* Vendor */
2203 "Tunnel-Private-Group-Id", /* Name */
2204 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2205 AVP_FLAG_MANDATORY, /* Fixed flag values */
2206 AVP_TYPE_OCTETSTRING /* base type of data */
2207 };
2208 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Private_Group_Id_avp);
2209 }
2210
2211 /* Tunnel-Assignment-Id */
2212 {
2213 /*
2214 The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and
2215 is used to indicate to the tunnel initiator the particular tunnel to
2216 which a session is to be assigned. Some tunneling protocols, such as
2217 [PPTP] and [L2TP], allow for sessions between the same two tunnel
2218 endpoints to be multiplexed over the same tunnel and also for a given
2219 session to use its own dedicated tunnel. This attribute provides a
2220 mechanism for Diameter to inform the tunnel initiator (e.g., PAC,
2221 LAC) whether to assign the session to a multiplexed tunnel or to a
2222 separate tunnel. Furthermore, it allows for sessions sharing
2223 multiplexed tunnels to be assigned to different multiplexed tunnels.
2224
2225 A particular tunneling implementation may assign differing
2226 characteristics to particular tunnels. For example, different
2227 tunnels may be assigned different QoS parameters. Such tunnels may
2228 be used to carry either individual or multiple sessions. The
2229 Tunnel-Assignment-Id attribute thus allows the Diameter server to
2230 indicate that a particular session is to be assigned to a tunnel
2231 providing an appropriate level of service. It is expected that any
2232 QoS-related Diameter tunneling attributes defined in the future
2233 accompanying this one will be associated by the tunnel initiator with
2234 the Id given by this attribute. In the meantime, any semantic given
2235 to a particular Id string is a matter left to local configuration in
2236 the tunnel initiator.
2237
2238 The Tunnel-Assignment-Id AVP is of significance only to Diameter and
2239 the tunnel initiator. The Id it specifies is only intended to be of
2240 local use to Diameter and the tunnel initiator. The Id assigned by
2241 the tunnel initiator is not conveyed to the tunnel peer.
2242
2243 This attribute MAY be included in authorization responses. The
2244 tunnel initiator receiving this attribute MAY choose to ignore it and
2245 to assign the session to an arbitrary multiplexed or non-multiplexed
2246 tunnel between the desired endpoints. This AVP SHOULD also be
2247 included in the Accounting-Request messages pertaining to the
2248 tunneled session.
2249
2250 If a tunnel initiator supports the Tunnel-Assignment-Id AVP, then it
2251 should assign a session to a tunnel in the following manner:
2252
2253 - If this AVP is present and a tunnel exists between the
2254 specified endpoints with the specified Id, then the session
2255 should be assigned to that tunnel.
2256
2257 - If this AVP is present and no tunnel exists between the
2258 specified endpoints with the specified Id, then a new tunnel
2259 should be established for the session and the specified Id
2260 should be associated with the new tunnel.
2261
2262 - If this AVP is not present, then the session is assigned to an
2263 unnamed tunnel. If an unnamed tunnel does not yet exist
2264 between the specified endpoints, then it is established and
2265 used for this session and for subsequent ones established
2266 without the Tunnel-Assignment-Id attribute. A tunnel initiator
2267 MUST NOT assign a session for which a Tunnel-Assignment-Id AVP
2268 was not specified to a named tunnel (i.e., one that was
2269 initiated by a session specifying this AVP).
2270
2271 Note that the same Id may be used to name different tunnels if these
2272 tunnels are between different endpoints.
2273
2274 */
2275 dict_avp_data_t adata = {
2276 82, /* Code */
2277 0, /* Vendor */
2278 "Tunnel-Assignment-Id", /* Name */
2279 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2280 AVP_FLAG_MANDATORY, /* Fixed flag values */
2281 AVP_TYPE_OCTETSTRING /* base type of data */
2282 };
2283 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Assignment_Id_avp);
2284 }
2285
2286 /* Tunnel-Preference */
2287 {
2288 /*
2289 The Tunnel-Preference AVP (AVP Code 83) is of type Unsigned32 and is
2290 used to identify the relative preference assigned to each tunnel when
2291 more than one set of tunneling AVPs is returned within separate
2292 Grouped-AVP AVPs. It MAY be used in an authorization request as a
2293 hint to the server that a specific preference is desired, but the
2294 server is not required to honor the hint in the corresponding
2295 response.
2296
2297 For example, suppose that AVPs describing two tunnels are returned by
2298 the server, one with a Tunnel-Type of PPTP and the other with a
2299 Tunnel-Type of L2TP. If the tunnel initiator supports only one of
2300 the Tunnel-Types returned, it will initiate a tunnel of that type.
2301 If, however, it supports both tunnel protocols, it SHOULD use the
2302 value of the Tunnel-Preference AVP to decide which tunnel should be
2303 started. The tunnel with the lowest numerical value in the Value
2304 field of this AVP SHOULD be given the highest preference. The values
2305 assigned to two or more instances of the Tunnel-Preference AVP within
2306 a given authorization response MAY be identical. In this case, the
2307 tunnel initiator SHOULD use locally configured metrics to decide
2308 which set of AVPs to use.
2309 */
2310 dict_avp_data_t adata = {
2311 83, /* Code */
2312 0, /* Vendor */
2313 "Tunnel-Preference", /* Name */
2314 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2315 AVP_FLAG_MANDATORY, /* Fixed flag values */
2316 AVP_TYPE_UNSIGNED32 /* base type of data */
2317 };
2318 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Preference_avp);
2319 }
2320
2321 /* Tunnel-Client-Auth-Id */
2322 {
2323 /*
2324 The Tunnel-Client-Auth-Id AVP (AVP Code 90) is of type UTF8String and
2325 specifies the name used by the tunnel initiator during the
2326 authentication phase of tunnel establishment. It MAY be used in an
2327 authorization request as a hint to the server that a specific
2328 preference is desired, but the server is not required to honor the
2329 hint in the corresponding response. This AVP MUST be present in the
2330 authorization response if an authentication name other than the
2331 default is desired. This AVP SHOULD be included in the Accounting-
2332 Request messages pertaining to the tunneled session.
2333 */
2334 dict_avp_data_t adata = {
2335 90, /* Code */
2336 0, /* Vendor */
2337 "Tunnel-Client-Auth-Id", /* Name */
2338 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2339 AVP_FLAG_MANDATORY, /* Fixed flag values */
2340 AVP_TYPE_OCTETSTRING /* base type of data */
2341 };
2342 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Client_Auth_Id_avp);
2343 }
2344
2345 /* Tunnel-Server-Auth-Id */
2346 {
2347 /*
2348 The Tunnel-Server-Auth-Id AVP (AVP Code 91) is of type UTF8String and
2349 specifies the name used by the tunnel terminator during the
2350 authentication phase of tunnel establishment. It MAY be used in an
2351 authorization request as a hint to the server that a specific
2352 preference is desired, but the server is not required to honor the
2353 hint in the corresponding response. This AVP MUST be present in the
2354 authorization response if an authentication name other than the
2355 default is desired. This AVP SHOULD be included in the Accounting-
2356 Request messages pertaining to the tunneled session.
2357 */
2358 dict_avp_data_t adata = {
2359 91, /* Code */
2360 0, /* Vendor */
2361 "Tunnel-Server-Auth-Id", /* Name */
2362 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2363 AVP_FLAG_MANDATORY, /* Fixed flag values */
2364 AVP_TYPE_OCTETSTRING /* base type of data */
2365 };
2366 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Server_Auth_Id_avp);
2367 }
2368
2369 /* Now create the rules for the Tunneling AVP */
2370 {
2371 dict_rule_data_t rule_data = { NULL, RULE_REQUIRED, 1, 0, 1, 1 };
2372
2373 rule_data.rule_avp = Tunnel_Type_avp;
2374 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2375
2376 rule_data.rule_avp = Tunnel_Medium_Type_avp;
2377 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2378
2379 rule_data.rule_avp = Tunnel_Client_Endpoint_avp;
2380 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2381
2382 rule_data.rule_avp = Tunnel_Server_Endpoint_avp;
2383 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2384
2385 rule_data.rule_position = RULE_OPTIONAL;
2386 rule_data.rule_avp = Tunnel_Preference_avp;
2387 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2388
2389 rule_data.rule_avp = Tunnel_Client_Auth_Id_avp;
2390 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2391
2392 rule_data.rule_avp = Tunnel_Server_Auth_Id_avp;
2393 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2394
2395 rule_data.rule_avp = Tunnel_Assignment_Id_avp;
2396 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2397
2398 rule_data.rule_avp = Tunnel_Password_avp;
2399 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2400
2401 rule_data.rule_avp = Tunnel_Private_Group_Id_avp;
2402 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL);
2403 }
2404 }
2405
2406 /********************************
2407 * NAS Accounting AVPs *
2408 ********************************/
2409 /* Accounting-Input-Octets */
2410 {
2411 /*
2412 The Accounting-Input-Octets AVP (AVP Code 363) is of type Unsigned64
2413 and contains the number of octets received from the user.
2414
2415 For NAS usage, this AVP indicates how many octets have been received
2416 from the port in the course of this session. It can only be present
2417 in ACR messages with an Accounting-Record-Type of INTERIM_RECORD or
2418 STOP_RECORD.
2419 */
2420 dict_avp_data_t data = {
2421 363, /* Code */
2422 0, /* Vendor */
2423 "Accounting-Input-Octets", /* Name */
2424 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2425 AVP_FLAG_MANDATORY, /* Fixed flag values */
2426 AVP_TYPE_UNSIGNED64 /* base type of data */
2427 };
2428 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2429 }
2430
2431 /* Accounting-Output-Octets */
2432 {
2433 /*
2434 The Accounting-Output-Octets AVP (AVP Code 364) is of type Unsigned64
2435 and contains the number of octets sent to the user.
2436
2437 For NAS usage, this AVP indicates how many octets have been sent to
2438 the port in the course of this session. It can only be present in
2439 ACR messages with an Accounting-Record-Type of INTERIM_RECORD or
2440 STOP_RECORD.
2441 */
2442 dict_avp_data_t data = {
2443 364, /* Code */
2444 0, /* Vendor */
2445 "Accounting-Output-Octets", /* Name */
2446 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2447 AVP_FLAG_MANDATORY, /* Fixed flag values */
2448 AVP_TYPE_UNSIGNED64 /* base type of data */
2449 };
2450 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2451 }
2452
2453 /* Accounting-Input-Packets */
2454 {
2455 /*
2456 The Accounting-Input-Packets (AVP Code 365) is of type Unsigned64 and
2457 contains the number of packets received from the user.
2458
2459 For NAS usage, this AVP indicates how many packets have been received
2460 from the port over the course of a session being provided to a Framed
2461 User. It can only be present in ACR messages with an Accounting-
2462 Record-Type of INTERIM_RECORD or STOP_RECORD.
2463 */
2464 dict_avp_data_t data = {
2465 365, /* Code */
2466 0, /* Vendor */
2467 "Accounting-Input-Packets", /* Name */
2468 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2469 AVP_FLAG_MANDATORY, /* Fixed flag values */
2470 AVP_TYPE_UNSIGNED64 /* base type of data */
2471 };
2472 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2473 }
2474
2475 /* Accounting-Output-Packets */
2476 {
2477 /*
2478 The Accounting-Output-Packets (AVP Code 366) is of type Unsigned64
2479 and contains the number of IP packets sent to the user.
2480
2481 For NAS usage, this AVP indicates how many packets have been sent to
2482 the port over the course of a session being provided to a Framed
2483 User. It can only be present in ACR messages with an Accounting-
2484 Record-Type of INTERIM_RECORD or STOP_RECORD.
2485 */
2486 dict_avp_data_t data = {
2487 366, /* Code */
2488 0, /* Vendor */
2489 "Accounting-Output-Packets", /* Name */
2490 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2491 AVP_FLAG_MANDATORY, /* Fixed flag values */
2492 AVP_TYPE_UNSIGNED64 /* base type of data */
2493 };
2494 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2495 }
2496
2497 /* Acct-Session-Time */
2498 {
2499 /*
2500 The Acct-Session-Time AVP (AVP Code 46) is of type Unsigned32 and
2501 indicates the length of the current session in seconds. It can only
2502 be present in ACR messages with an Accounting-Record-Type of
2503 INTERIM_RECORD or STOP_RECORD.
2504 */
2505 dict_avp_data_t data = {
2506 46, /* Code */
2507 0, /* Vendor */
2508 "Acct-Session-Time", /* Name */
2509 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2510 AVP_FLAG_MANDATORY, /* Fixed flag values */
2511 AVP_TYPE_UNSIGNED32 /* base type of data */
2512 };
2513 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2514 }
2515
2516 /* Acct-Authentic */
2517 {
2518 /*
2519 The Acct-Authentic AVP (AVP Code 45) is of type Enumerated and
2520 specifies how the user was authenticated. The supported values are
2521 listed in [RADIUSTypes].
2522 Sub-registry: Values for RADIUS Attribute 45, Acct-Authentic
2523 Reference: [RFC2866]
2524 */
2525 dict_object_t * type;
2526 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Acct-Authentic)" , NULL, NULL};
2527 dict_type_enum_data_t tvals[] = {
2528 enum_val_def( 1, "RADIUS"),
2529 enum_val_def( 2, "Local"),
2530 enum_val_def( 3, "Remote"),
2531 enum_val_def( 4, "Diameter")
2532 };
2533 dict_avp_data_t data = {
2534 45, /* Code */
2535 0, /* Vendor */
2536 "Acct-Authentic", /* Name */
2537 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2538 AVP_FLAG_MANDATORY, /* Fixed flag values */
2539 AVP_TYPE_UNSIGNED32 /* base type of data */
2540 };
2541 int i;
2542 /* Create the Enumerated type, enumerated values, and the AVP */
2543 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2544 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2545 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
2546 }
2547 CHECK_dict_new( DICT_AVP, &data , type, NULL);
2548 }
2549
2550 /* Accounting-Auth-Method */
2551 {
2552 /*
2553 The Accounting-Auth-Method AVP (AVP Code 406) is of type Enumerated.
2554 A NAS MAY include this AVP in an Accounting-Request message to
2555 indicate the method used to authenticate the user. (Note that this
2556 is equivalent to the RADIUS MS-Acct-Auth-Type VSA attribute).
2557
2558 The following values are defined:
2559
2560 1 PAP
2561 2 CHAP
2562 3 MS-CHAP-1
2563 4 MS-CHAP-2
2564 5 EAP
2565 7 None
2566 */
2567 dict_object_t * type;
2568 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Accounting-Auth-Method)" , NULL, NULL};
2569 dict_type_enum_data_t tvals[] = {
2570 enum_val_def( 1, "PAP"),
2571 enum_val_def( 2, "CHAP"),
2572 enum_val_def( 3, "MS-CHAP-1"),
2573 enum_val_def( 4, "MS-CHAP-2"),
2574 enum_val_def( 5, "EAP"),
2575 enum_val_def( 7, "None")
2576 };
2577 dict_avp_data_t data = {
2578 406, /* Code */
2579 0, /* Vendor */
2580 "Accounting-Auth-Method", /* Name */
2581 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2582 AVP_FLAG_MANDATORY, /* Fixed flag values */
2583 AVP_TYPE_UNSIGNED32 /* base type of data */
2584 };
2585 int i;
2586 /* Create the Enumerated type, enumerated values, and the AVP */
2587 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2588 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2589 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
2590 }
2591 CHECK_dict_new( DICT_AVP, &data , type, NULL);
2592 }
2593
2594 /* Acct-Delay-Time */
2595 {
2596 /*
2597 The Acct-Delay-Time AVP (AVP Code 41) is of type Unsigned32 and
2598 indicates the number of seconds the Diameter client has been trying
2599 to send the Accounting-Request (ACR). The accounting server may
2600 subtract this value from the time when the ACR arrives at the server
2601 to calculate the approximate time of the event that caused the ACR to
2602 be generated.
2603
2604 This AVP is not used for retransmissions at the transport level (TCP
2605 or SCTP). Rather, it may be used when an ACR command cannot be
2606 transmitted because there is no appropriate peer to transmit it to or
2607 was rejected because it could not be delivered. In these cases, the
2608 command MAY be buffered and transmitted later, when an appropriate
2609 peer-connection is available or after sufficient time has passed that
2610 the destination-host may be reachable and operational. If the ACR is
2611 resent in this way, the Acct-Delay-Time AVP SHOULD be included. The
2612 value of this AVP indicates the number of seconds that elapsed
2613 between the time of the first attempt at transmission and the current
2614 attempt.
2615 */
2616 dict_avp_data_t data = {
2617 41, /* Code */
2618 0, /* Vendor */
2619 "Acct-Delay-Time", /* Name */
2620 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2621 AVP_FLAG_MANDATORY, /* Fixed flag values */
2622 AVP_TYPE_UNSIGNED32 /* base type of data */
2623 };
2624 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2625 }
2626
2627 /* Acct-Link-Count */
2628 {
2629 /*
2630 The Acct-Link-Count AVP (AVP Code 51) is of type Unsigned32 and
2631 indicates the total number of links that have been active (current or
2632 closed) in a given multilink session at the time the accounting
2633 record is generated. This AVP MAY be included in Accounting-Requests
2634 for any session that may be part of a multilink service.
2635
2636 The Acct-Link-Count AVP may be used to make it easier for an
2637 accounting server to know when it has all the records for a given
2638 multilink service. When the number of Accounting-Requests received
2639 with Accounting-Record-Type = STOP_RECORD and with the same Acct-
2640 Multi-Session-Id and unique Session-Ids equals the largest value of
2641 Acct-Link-Count seen in those Accounting-Requests, all STOP_RECORD
2642 Accounting-Requests for that multilink service have been received.
2643
2644 The following example, showing eight Accounting-Requests, illustrates
2645 how the Acct-Link-Count AVP is used. In the table below, only the
2646 relevant AVPs are shown, although additional AVPs containing
2647 accounting information will be present in the Accounting-Requests.
2648
2649 Acct-Multi- Accounting- Acct-
2650 Session-Id Session-Id Record-Type Link-Count
2651 --------------------------------------------------------
2652 "...10" "...10" START_RECORD 1
2653 "...10" "...11" START_RECORD 2
2654 "...10" "...11" STOP_RECORD 2
2655 "...10" "...12" START_RECORD 3
2656 "...10" "...13" START_RECORD 4
2657 "...10" "...12" STOP_RECORD 4
2658 "...10" "...13" STOP_RECORD 4
2659 "...10" "...10" STOP_RECORD 4
2660
2661 */
2662 dict_avp_data_t data = {
2663 51, /* Code */
2664 0, /* Vendor */
2665 "Acct-Link-Count", /* Name */
2666 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2667 AVP_FLAG_MANDATORY, /* Fixed flag values */
2668 AVP_TYPE_UNSIGNED32 /* base type of data */
2669 };
2670 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2671 }
2672
2673 /* Acct-Tunnel-Connection */
2674 {
2675 /*
2676 The Acct-Tunnel-Connection AVP (AVP Code 68) is of type OctetString
2677 and contains the identifier assigned to the tunnel session. This
2678 AVP, along with the Tunnel-Client-Endpoint and Tunnel-Server-Endpoint
2679 AVPs, may be used to provide a means to uniquely identify a tunnel
2680 session for auditing purposes.
2681
2682 The format of the identifier in this AVP depends upon the value of
2683 the Tunnel-Type AVP. For example, to identify an L2TP tunnel
2684 connection fully, the L2TP Tunnel Id and Call Id might be encoded in
2685 this field. The exact encoding of this field is implementation
2686 dependent.
2687 */
2688 dict_avp_data_t data = {
2689 68, /* Code */
2690 0, /* Vendor */
2691 "Acct-Tunnel-Connection", /* Name */
2692 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2693 AVP_FLAG_MANDATORY, /* Fixed flag values */
2694 AVP_TYPE_OCTETSTRING /* base type of data */
2695 };
2696 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2697 }
2698
2699 /* Acct-Tunnel-Packets-Lost */
2700 {
2701 /*
2702 The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32
2703 and contains the number of packets lost on a given link.
2704 */
2705 dict_avp_data_t data = {
2706 86, /* Code */
2707 0, /* Vendor */
2708 "Acct-Tunnel-Packets-Lost", /* Name */
2709 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2710 AVP_FLAG_MANDATORY, /* Fixed flag values */
2711 AVP_TYPE_UNSIGNED32 /* base type of data */
2712 };
2713 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2714 }
2715
2716 /***********************************
2717 * Compatibility with RADIUS AVPs *
2718 ***********************************/
2719 /* NAS-Identifier */
2720 {
2721 /*
2722 The NAS-Identifier AVP (AVP Code 32) [RADIUS] is of type UTF8String
2723 and contains the identity of the NAS providing service to the user.
2724 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent.
2725 When this AVP is present, the Origin-Host AVP identifies the NAS
2726 providing service to the user.
2727
2728 In RADIUS it would be possible for a rogue NAS to forge the NAS-
2729 Identifier attribute. Diameter/RADIUS translation agents SHOULD
2730 attempt to check a received NAS-Identifier attribute against the
2731 source address of the RADIUS packet, by doing an A/AAAA RR query. If
2732 the NAS-Identifier attribute contains an FQDN, then such a query
2733 would resolve to an IP address matching the source address. However,
2734 the NAS-Identifier attribute is not required to contain an FQDN, so
2735 such a query could fail. If it fails, an error should be logged, but
2736 no action should be taken, other than a reverse lookup on the source
2737 address and insert the resulting FQDN into the Route-Record AVP.
2738
2739 Diameter agents and servers SHOULD check whether a NAS-Identifier AVP
2740 corresponds to an entry in the Route-Record AVP. If no match is
2741 found, then an error is logged, but no other action is taken.
2742 */
2743 dict_avp_data_t data = {
2744 32, /* Code */
2745 0, /* Vendor */
2746 "NAS-Identifier", /* Name */
2747 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2748 AVP_FLAG_MANDATORY, /* Fixed flag values */
2749 AVP_TYPE_OCTETSTRING /* base type of data */
2750 };
2751 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
2752 }
2753
2754 /* NAS-IP-Address */
2755 {
2756 /*
2757 The NAS-IP-Address AVP (AVP Code 4) [RADIUS] is of type OctetString
2758 and contains the IP Address of the NAS providing service to the user.
2759 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent.
2760 When this AVP is present, the Origin-Host AVP identifies the NAS
2761 providing service to the user.
2762
2763 In RADIUS it would be possible for a rogue NAS to forge the NAS-IP-
2764 Address attribute value. Diameter/RADIUS translation agents MUST
2765 check a received NAS-IP-Address or NAS-IPv6-Address attribute against
2766 the source address of the RADIUS packet. If they do not match and
2767 the Diameter/RADIUS translation agent does not know whether the
2768 packet was sent by a RADIUS proxy or NAS (e.g., no Proxy-State
2769 attribute), then by default it is assumed that the source address
2770 corresponds to a RADIUS proxy, and that the NAS Address is behind
2771 that proxy, potentially with some additional RADIUS proxies in
2772 between. The Diameter/RADIUS translation agent MUST insert entries
2773 in the Route-Record AVP corresponding to the apparent route. This
2774 implies doing a reverse lookup on the source address and NAS-IP-
2775 Address or NAS-IPv6-Address attributes to determine the corresponding
2776 FQDNs.
2777
2778 If the source address and the NAS-IP-Address or NAS-IPv6-Address do
2779 not match, and the Diameter/RADIUS translation agent knows that it is
2780 talking directly to the NAS (e.g., there are no RADIUS proxies
2781 between it and the NAS), then the error should be logged, and the
2782 packet MUST be discarded.
2783
2784 Diameter agents and servers MUST check whether the NAS-IP-Address AVP
2785 corresponds to an entry in the Route-Record AVP. This is done by
2786 doing a reverse lookup (PTR RR) for the NAS-IP-Address to retrieve
2787 the corresponding FQDN, and by checking for a match with the Route-
2788 Record AVP. If no match is found, then an error is logged, but no
2789 other action is taken.
2790 */
2791 dict_avp_data_t data = {
2792 4, /* Code */
2793 0, /* Vendor */
2794 "NAS-IP-Address", /* Name */
2795 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2796 AVP_FLAG_MANDATORY, /* Fixed flag values */
2797 AVP_TYPE_OCTETSTRING /* base type of data */
2798 };
2799 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2800 }
2801
2802 /* NAS-IPv6-Address */
2803 {
2804 /*
2805 The NAS-IPv6-Address AVP (AVP Code 95) [RADIUSIPv6] is of type
2806 OctetString and contains the IPv6 Address of the NAS providing
2807 service to the user. This AVP SHOULD only be added by a
2808 RADIUS/Diameter Translation Agent. When this AVP is present, the
2809 Origin-Host AVP identifies the NAS providing service to the user.
2810
2811 In RADIUS it would be possible for a rogue NAS to forge the NAS-
2812 IPv6-Address attribute. Diameter/RADIUS translation agents MUST
2813 check a received NAS-IPv6-Address attribute against the source
2814 address of the RADIUS packet. If they do not match and the
2815 Diameter/RADIUS translation agent does not know whether the packet
2816 was sent by a RADIUS proxy or NAS (e.g., no Proxy-State attribute),
2817 then by default it is assumed that the source address corresponds to
2818 a RADIUS proxy, and that the NAS-IPv6-Address is behind that proxy,
2819 potentially with some additional RADIUS proxies in between. The
2820 Diameter/RADIUS translation agent MUST insert entries in the Route-
2821 Record AVP corresponding to the apparent route. This implies doing a
2822 reverse lookup on the source address and NAS-IPv6-Address attributes
2823 to determine the corresponding FQDNs.
2824
2825 If the source address and the NAS-IPv6-Address do not match, and the
2826 Diameter/RADIUS translation agent knows that it is talking directly
2827 to the NAS (e.g., there are no RADIUS proxies between it and the
2828 NAS), then the error should be logged, and the packet MUST be
2829 discarded.
2830
2831 Diameter agents and servers MUST check whether the NAS-IPv6-Address
2832 AVP corresponds to an entry in the Route-Record AVP. This is done by
2833 doing a reverse lookup (PTR RR) for the NAS-IPv6-Address to retrieve
2834 the corresponding FQDN, and by checking for a match with the Record-
2835 Route AVP. If no match is found, then an error is logged, but no
2836 other action is taken.
2837 */
2838 dict_avp_data_t data = {
2839 95, /* Code */
2840 0, /* Vendor */
2841 "NAS-IPv6-Address", /* Name */
2842 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2843 AVP_FLAG_MANDATORY, /* Fixed flag values */
2844 AVP_TYPE_OCTETSTRING /* base type of data */
2845 };
2846 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2847 }
2848
2849 /* State */
2850 {
2851 /*
2852 The State AVP (AVP Code 24) [RADIUS] is of type OctetString and has
2853 two uses in the Diameter NAS application.
2854
2855 The State AVP MAY be sent by a Diameter Server to a NAS in an AA-
2856 Response command that contains a Result-Code of
2857 DIAMETER_MULTI_ROUND_AUTH. If so, the NAS MUST return it unmodified
2858 in the subsequent AA-Request command.
2859
2860 The State AVP MAY also be sent by a Diameter Server to a NAS in an
2861 AA-Response command that also includes a Termination-Action AVP with
2862 the value of AA-REQUEST. If the NAS performs the Termination-Action
2863 by sending a new AA-Request command upon termination of the current
2864 service, it MUST return the State AVP unmodified in the new request
2865 command.
2866
2867 In either usage, the NAS MUST NOT interpret the AVP locally. Usage
2868 of the State AVP is implementation dependent.
2869 */
2870 dict_avp_data_t data = {
2871 24, /* Code */
2872 0, /* Vendor */
2873 "State", /* Name */
2874 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2875 AVP_FLAG_MANDATORY, /* Fixed flag values */
2876 AVP_TYPE_OCTETSTRING /* base type of data */
2877 };
2878 CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
2879 }
2880
2881 /* Termination-Cause mapping */
2882 {
2883
2884 dict_object_t * type;
2885 dict_type_enum_data_t tvals[] = {
2886 enum_val_def(11, "[RADIUS] User Request"),
2887 enum_val_def(12, "[RADIUS] Lost Carrier"),
2888 enum_val_def(13, "[RADIUS] Lost Service"),
2889 enum_val_def(14, "[RADIUS] Idle Timeout"),
2890 enum_val_def(15, "[RADIUS] Session Timeout"),
2891 enum_val_def(16, "[RADIUS] Admin Reset"),
2892 enum_val_def(17, "[RADIUS] Admin Reboot"),
2893 enum_val_def(18, "[RADIUS] Port Error"),
2894 enum_val_def(19, "[RADIUS] NAS Error"),
2895 enum_val_def(20, "[RADIUS] NAS Request"),
2896 enum_val_def(21, "[RADIUS] NAS Reboot"),
2897 enum_val_def(22, "[RADIUS] Port Unneeded"),
2898 enum_val_def(23, "[RADIUS] Port Preempted"),
2899 enum_val_def(24, "[RADIUS] Port Suspended"),
2900 enum_val_def(25, "[RADIUS] Service Unavailable"),
2901 enum_val_def(26, "[RADIUS] Callback"),
2902 enum_val_def(27, "[RADIUS] User Error"),
2903 enum_val_def(28, "[RADIUS] Host Request"),
2904 enum_val_def(29, "[RADIUS] Supplicant Restart"),
2905 enum_val_def(30, "[RADIUS] Reauthentication Failure"),
2906 enum_val_def(31, "[RADIUS] Port Reinit"),
2907 enum_val_def(32, "[RADIUS] Port Disabled")
2908 };
2909 int i;
2910
2911 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Enumerated(Termination-Cause)", &type);
2912 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2913 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
2914 }
2915
2916 }
2917
2918 /* Origin-AAA-Protocol */
2919 {
2920 /*
2921 The Origin-AAA-Protocol AVP (AVP Code 408) is of the type Enumerated
2922 and should be inserted in a Diameter message translated by a gateway
2923 system from another AAA protocol, such as RADIUS. It identifies the
2924 source protocol of the message to the Diameter system receiving the
2925 message.
2926
2927 The supported values are:
2928
2929 1 RADIUS
2930 */
2931 dict_object_t * type;
2932 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Origin-AAA-Protocol)" , NULL, NULL};
2933 dict_type_enum_data_t tvals[] = {
2934 enum_val_def( 1, "RADIUS")
2935 };
2936 dict_avp_data_t data = {
2937 408, /* Code */
2938 0, /* Vendor */
2939 "Origin-AAA-Protocol", /* Name */
2940 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
2941 AVP_FLAG_MANDATORY, /* Fixed flag values */
2942 AVP_TYPE_UNSIGNED32 /* base type of data */
2943 };
2944 int i;
2945 /* Create the Enumerated type, enumerated values, and the AVP */
2946 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
2947 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) {
2948 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL);
2949 }
2950 CHECK_dict_new( DICT_AVP, &data , type, NULL);
2951 }
2952
2953 }
2954
2955 /********************/
2956 /* Commands section */
2957 /********************/
2958 {
2959 /* To avoid defining global variables for all the AVP that we use here, we do search the dictionary in each sub-block.
2960 * This is far from optimal, but the code is clearer like this, and the time it requires at execution is not noticeable.
2961 */
2962
2963 /* AA-Request (AAR) Command */
2964 {
2965 /*
2966 The AA-Request (AAR), which is indicated by setting the Command-Code
2967 field to 265 and the 'R' bit in the Command Flags field, is used to
2968 request authentication and/or authorization for a given NAS user.
2969 The type of request is identified through the Auth-Request-Type AVP
2970 [BASE]. The recommended value for most RADIUS interoperabily
2971 situations is AUTHORIZE_AUTHENTICATE.
2972
2973 If Authentication is requested, the User-Name attribute SHOULD be
2974 present, as well as any additional authentication AVPs that would
2975 carry the password information. A request for authorization SHOULD
2976 only include the information from which the authorization will be
2977 performed, such as the User-Name, Called-Station-Id, or Calling-
2978 Station-Id AVPs. All requests SHOULD contain AVPs uniquely
2979 identifying the source of the call, such as Origin-Host and NAS-Port.
2980 Certain networks MAY use different AVPs for authorization purposes.
2981 A request for authorization will include some AVPs defined in section
2982 6.
2983
2984 It is possible for a single session to be authorized first and then
2985 for an authentication request to follow.
2986
2987 This AA-Request message MAY be the result of a multi-round
2988 authentication exchange, which occurs when the AA-Answer message is
2989 received with the Result-Code AVP set to DIAMETER_MULTI_ROUND_AUTH.
2990 A subsequent AAR message SHOULD be sent, with the User-Password AVP
2991 that includes the user's response to the prompt, and MUST include any
2992 State AVPs that were present in the AAA message.
2993
2994 Message Format
2995 <AA-Request> ::= < Diameter Header: 265, REQ, PXY >
2996 < Session-Id >
2997 { Auth-Application-Id }
2998 { Origin-Host }
2999 { Origin-Realm }
3000 { Destination-Realm }
3001 { Auth-Request-Type }
3002 [ Destination-Host ]
3003 [ NAS-Identifier ]
3004 [ NAS-IP-Address ]
3005 [ NAS-IPv6-Address ]
3006 [ NAS-Port ]
3007 [ NAS-Port-Id ]
3008 [ NAS-Port-Type ]
3009 [ Origin-AAA-Protocol ]
3010 [ Origin-State-Id ]
3011 [ Port-Limit ]
3012 [ User-Name ]
3013 [ User-Password ]
3014 [ Service-Type ]
3015 [ State ]
3016 [ Authorization-Lifetime ]
3017 [ Auth-Grace-Period ]
3018 [ Auth-Session-State ]
3019 [ Callback-Number ]
3020 [ Called-Station-Id ]
3021 [ Calling-Station-Id ]
3022 [ Originating-Line-Info ]
3023 [ Connect-Info ]
3024 [ CHAP-Auth ]
3025 [ CHAP-Challenge ]
3026 * [ Framed-Compression ]
3027 [ Framed-Interface-Id ]
3028 [ Framed-IP-Address ]
3029 * [ Framed-IPv6-Prefix ]
3030 [ Framed-IP-Netmask ]
3031 [ Framed-MTU ]
3032 [ Framed-Protocol ]
3033 [ ARAP-Password ]
3034 [ ARAP-Security ]
3035 * [ ARAP-Security-Data ]
3036 * [ Login-IP-Host ]
3037 * [ Login-IPv6-Host ]
3038 [ Login-LAT-Group ]
3039 [ Login-LAT-Node ]
3040 [ Login-LAT-Port ]
3041 [ Login-LAT-Service ]
3042 * [ Tunneling ]
3043 * [ Proxy-Info ]
3044 * [ Route-Record ]
3045 * [ AVP ]
3046 */
3047 dict_object_t * cmd;
3048 dict_cmd_data_t data = {
3049 265, /* Code */
3050 "AA-Request", /* Name */
3051 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_RETRANSMIT | CMD_FLAG_ERROR, /* Fixed flags */
3052 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE /* Fixed flag values */
3053 };
3054 loc_rules_def_t rules[] = { { "Session-Id", RULE_FIXED_HEAD, -1, 1, 1 }
3055 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1, 1 }
3056 ,{ "Origin-Host", RULE_REQUIRED, -1, 1, 1 }
3057 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1, 1 }
3058 ,{ "Destination-Realm", RULE_REQUIRED, -1, 1, 1 }
3059 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1, 1 }
3060 ,{ "Destination-Host", RULE_OPTIONAL, -1, 1, 1 }
3061 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 }
3062 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3063 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 }
3064 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 }
3065 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 }
3066 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 }
3067 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3068 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1, 1 }
3069 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1, 1 }
3070 ,{ "User-Name", RULE_OPTIONAL, -1, 1, 1 }
3071 ,{ "User-Password", RULE_OPTIONAL, -1, 1, 1 }
3072 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 }
3073 ,{ "State", RULE_OPTIONAL, -1, 1, 1 }
3074 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 }
3075 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1, 1 }
3076 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1, 1 }
3077 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1, 1 }
3078 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3079 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3080 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 }
3081 ,{ "Connect-Info", RULE_OPTIONAL, -1, 1, 1 }
3082 ,{ "CHAP-Auth", RULE_OPTIONAL, -1, 1, 1 }
3083 ,{ "CHAP-Challenge", RULE_OPTIONAL, -1, 1, 1 }
3084 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1, 1 }
3085 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 }
3086 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3087 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1, 1 }
3088 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1, 1 }
3089 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1, 1 }
3090 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3091 ,{ "ARAP-Password", RULE_OPTIONAL, -1, 1, 1 }
3092 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1, 1 }
3093 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1, 1 }
3094 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1, 1 }
3095 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1, 1 }
3096 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1, 1 }
3097 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1, 1 }
3098 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1, 1 }
3099 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1, 1 }
3100 ,{ "Tunneling", RULE_OPTIONAL, -1,-1, 1 }
3101 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1, 0 }
3102 ,{ "Route-Record", RULE_OPTIONAL, -1,-1, 0 }
3103 };
3104
3105 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd);
3106 PARSE_loc_rules( rules, cmd );
3107 }
3108
3109 /* AA-Answer (AAA) Command */
3110 {
3111 /*
3112 The AA-Answer (AAA) message is indicated by setting the Command-Code
3113 field to 265 and clearing the 'R' bit in the Command Flags field. It
3114 is sent in response to the AA-Request (AAR) message. If
3115 authorization was requested, a successful response will include the
3116 authorization AVPs appropriate for the service being provided, as
3117 defined in section 6.
3118
3119 For authentication exchanges requiring more than a single round trip,
3120 the server MUST set the Result-Code AVP to DIAMETER_MULTI_ROUND_AUTH.
3121 An AAA message with this result code MAY include one Reply-Message or
3122 more and MAY include zero or one State AVPs.
3123
3124 If the Reply-Message AVP was present, the network access server
3125 SHOULD send the text to the user's client to display to the user,
3126 instructing the client to prompt the user for a response. For
3127 example, this capability can be achieved in PPP via PAP. If the
3128 access client is unable to prompt the user for a new response, it
3129 MUST treat the AA-Answer (AAA) with the Reply-Message AVP as an error
3130 and deny access.
3131
3132 Message Format
3133
3134 <AA-Answer> ::= < Diameter Header: 265, PXY >
3135 < Session-Id >
3136 { Auth-Application-Id }
3137 { Auth-Request-Type }
3138 { Result-Code }
3139 { Origin-Host }
3140 { Origin-Realm }
3141 [ User-Name ]
3142 [ Service-Type ]
3143 * [ Class ]
3144 * [ Configuration-Token ]
3145 [ Acct-Interim-Interval ]
3146 [ Error-Message ]
3147 [ Error-Reporting-Host ]
3148 * [ Failed-AVP ]
3149 [ Idle-Timeout ]
3150 [ Authorization-Lifetime ]
3151 [ Auth-Grace-Period ]
3152 [ Auth-Session-State ]
3153 [ Re-Auth-Request-Type ]
3154 [ Multi-Round-Time-Out ]
3155 [ Session-Timeout ]
3156 [ State ]
3157 * [ Reply-Message ]
3158 [ Origin-AAA-Protocol ]
3159 [ Origin-State-Id ]
3160 * [ Filter-Id ]
3161 [ Password-Retry ]
3162 [ Port-Limit ]
3163 [ Prompt ]
3164 [ ARAP-Challenge-Response ]
3165 [ ARAP-Features ]
3166 [ ARAP-Security ]
3167 * [ ARAP-Security-Data ]
3168 [ ARAP-Zone-Access ]
3169 [ Callback-Id ]
3170 [ Callback-Number ]
3171 [ Framed-Appletalk-Link ]
3172 * [ Framed-Appletalk-Network ]
3173 [ Framed-Appletalk-Zone ]
3174 * [ Framed-Compression ]
3175 [ Framed-Interface-Id ]
3176 [ Framed-IP-Address ]
3177 * [ Framed-IPv6-Prefix ]
3178 [ Framed-IPv6-Pool ]
3179 * [ Framed-IPv6-Route ]
3180 [ Framed-IP-Netmask ]
3181 * [ Framed-Route ]
3182 [ Framed-Pool ]
3183 [ Framed-IPX-Network ]
3184 [ Framed-MTU ]
3185 [ Framed-Protocol ]
3186 [ Framed-Routing ]
3187 * [ Login-IP-Host ]
3188 * [ Login-IPv6-Host ]
3189 [ Login-LAT-Group ]
3190 [ Login-LAT-Node ]
3191 [ Login-LAT-Port ]
3192 [ Login-LAT-Service ]
3193 [ Login-Service ]
3194 [ Login-TCP-Port ]
3195 * [ NAS-Filter-Rule ]
3196 * [ QoS-Filter-Rule ]
3197 * [ Tunneling ]
3198 * [ Redirect-Host ]
3199 [ Redirect-Host-Usage ]
3200 [ Redirect-Max-Cache-Time ]
3201 * [ Proxy-Info ]
3202 * [ AVP ]
3203 */
3204 dict_object_t * cmd;
3205 dict_cmd_data_t data = {
3206 265, /* Code */
3207 "AA-Answer", /* Name */
3208 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE, /* Fixed flags */
3209 CMD_FLAG_PROXIABLE /* Fixed flag values */
3210 };
3211 loc_rules_def_t rules[] = { { "Session-Id", RULE_FIXED_HEAD, -1, 1, 1 }
3212 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1, 1 }
3213 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1, 1 }
3214 ,{ "Result-Code", RULE_REQUIRED, -1, 1, 1 }
3215 ,{ "Origin-Host", RULE_REQUIRED, -1, 1, 1 }
3216 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1, 1 }
3217 ,{ "User-Name", RULE_OPTIONAL, -1, 1, 1 }
3218 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 }
3219 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 }
3220 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1, 1 }
3221 ,{ "Acct-Interim-Interval", RULE_OPTIONAL, -1, 1, 1 }
3222 ,{ "Error-Message", RULE_OPTIONAL, -1, 1, 1 }
3223 ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1, 1 }
3224 ,{ "Failed-AVP", RULE_OPTIONAL, -1,-1, 1 }
3225 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1, 1 }
3226 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 }
3227 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1, 1 }
3228 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1, 1 }
3229 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1, 1 }
3230 ,{ "Multi-Round-Time-Out", RULE_OPTIONAL, -1, 1, 1 }
3231 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1, 1 }
3232 ,{ "State", RULE_OPTIONAL, -1, 1, 1 }
3233 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 }
3234 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3235 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1, 1 }
3236 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1, 1 }
3237 ,{ "Password-Retry", RULE_OPTIONAL, -1, 1, 1 }
3238 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1, 1 }
3239 ,{ "Prompt", RULE_OPTIONAL, -1, 1, 1 }
3240 ,{ "ARAP-Challenge-Response", RULE_OPTIONAL, -1, 1, 1 }
3241 ,{ "ARAP-Features", RULE_OPTIONAL, -1, 1, 1 }
3242 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1, 1 }
3243 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1, 1 }
3244 ,{ "ARAP-Zone-Access", RULE_OPTIONAL, -1, 1, 1 }
3245 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1, 1 }
3246 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1, 1 }
3247 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1, 1 }
3248 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1,-1, 1 }
3249 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1, 1 }
3250 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1, 1 }
3251 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1,-1, 1 }
3252 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3253 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1, 1 }
3254 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1, 1 }
3255 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1, 1 }
3256 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1,-1, 1 }
3257 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1, 1 }
3258 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1, 1 }
3259 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1, 1 }
3260 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1, 1 }
3261 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3262 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1, 1 }
3263 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1, 1 }
3264 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1, 1 }
3265 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1, 1 }
3266 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1, 1 }
3267 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1, 1 }
3268 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1, 1 }
3269 ,{ "Login-Service", RULE_OPTIONAL, -1, 1, 1 }
3270 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1, 1 }
3271 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 }
3272 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 }
3273 ,{ "Tunneling", RULE_OPTIONAL, -1,-1, 1 }
3274 ,{ "Redirect-Host", RULE_OPTIONAL, -1,-1, 1 }
3275 ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1, 1 }
3276 ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1, 1 }
3277 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1, 0 }
3278 };
3279
3280 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd);
3281 PARSE_loc_rules( rules, cmd );
3282 }
3283
3284 /* Re-Auth-Request */
3285 {
3286 /*
3287 Add additional rules of the ABNF (compared to Base definition):
3288
3289 <RA-Request> ::= < Diameter Header: 258, REQ, PXY >
3290 < Session-Id >
3291 { Origin-Host }
3292 { Origin-Realm }
3293 { Destination-Realm }
3294 { Destination-Host }
3295 { Auth-Application-Id }
3296 { Re-Auth-Request-Type }
3297 [ User-Name ]
3298 [ Origin-AAA-Protocol ]
3299 [ Origin-State-Id ]
3300 [ NAS-Identifier ]
3301 [ NAS-IP-Address ]
3302 [ NAS-IPv6-Address ]
3303 [ NAS-Port ]
3304 [ NAS-Port-Id ]
3305 [ NAS-Port-Type ]
3306 [ Service-Type ]
3307 [ Framed-IP-Address ]
3308 [ Framed-IPv6-Prefix ]
3309 [ Framed-Interface-Id ]
3310 [ Called-Station-Id ]
3311 [ Calling-Station-Id ]
3312 [ Originating-Line-Info ]
3313 [ Acct-Session-Id ]
3314 [ Acct-Multi-Session-Id ]
3315 [ State ]
3316 * [ Class ]
3317 [ Reply-Message ]
3318 * [ Proxy-Info ]
3319 * [ Route-Record ]
3320 * [ AVP ]
3321 */
3322 dict_object_t * cmd;
3323 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3324 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 }
3325 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3326 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 }
3327 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 }
3328 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 }
3329 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 }
3330 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 }
3331 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3332 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1, 1 }
3333 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 }
3334 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3335 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3336 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 }
3337 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1, 1 }
3338 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1, 1 }
3339 ,{ "State", RULE_OPTIONAL, -1, 1, 1 }
3340 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 }
3341 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 }
3342 };
3343
3344 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Request", &cmd);
3345 PARSE_loc_rules( rules, cmd );
3346 }
3347
3348 /* Re-Auth-Answer */
3349 {
3350 /*
3351 Add additional rules of the ABNF (compared to Base definition):
3352
3353
3354 <RA-Answer> ::= < Diameter Header: 258, PXY >
3355 < Session-Id >
3356 { Result-Code }
3357 { Origin-Host }
3358 { Origin-Realm }
3359 [ User-Name ]
3360 [ Origin-AAA-Protocol ]
3361 [ Origin-State-Id ]
3362 [ Error-Message ]
3363 [ Error-Reporting-Host ]
3364 * [ Failed-AVP ]
3365 * [ Redirected-Host ]
3366 [ Redirected-Host-Usage ]
3367 [ Redirected-Host-Cache-Time ]
3368 [ Service-Type ]
3369 * [ Configuration-Token ]
3370 [ Idle-Timeout ]
3371 [ Authorization-Lifetime ]
3372 [ Auth-Grace-Period ]
3373 [ Re-Auth-Request-Type ]
3374 [ State ]
3375 * [ Class ]
3376 * [ Reply-Message ]
3377 [ Prompt ]
3378 * [ Proxy-Info ]
3379 * [ AVP ]
3380 */
3381 dict_object_t * cmd;
3382 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3383 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 }
3384 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1, 1 }
3385 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1, 1 }
3386 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 }
3387 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1, 1 }
3388 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1, 1 }
3389 ,{ "State", RULE_OPTIONAL, -1, 1, 1 }
3390 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 }
3391 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 }
3392 ,{ "Prompt", RULE_OPTIONAL, -1, 1, 1 }
3393 };
3394
3395 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Answer", &cmd);
3396 PARSE_loc_rules( rules, cmd );
3397 }
3398
3399 /* Session-Termination-Request */
3400 {
3401 /*
3402 Add additional rules of the ABNF (compared to Base definition):
3403
3404
3405 <ST-Request> ::= < Diameter Header: 275, REQ, PXY >
3406 < Session-Id >
3407 { Origin-Host }
3408 { Origin-Realm }
3409 { Destination-Realm }
3410 { Auth-Application-Id }
3411 { Termination-Cause }
3412 [ User-Name ]
3413 [ Destination-Host ]
3414 * [ Class ]
3415 [ Origin-AAA-Protocol ]
3416 [ Origin-State-Id ]
3417 * [ Proxy-Info ]
3418 * [ Route-Record ]
3419 * [ AVP ]
3420 */
3421 dict_object_t * cmd;
3422 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3423 };
3424
3425 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Request", &cmd);
3426 PARSE_loc_rules( rules, cmd );
3427 }
3428
3429 /* Session-Termination-Answer */
3430 {
3431 /*
3432 Add additional rules of the ABNF (compared to Base definition):
3433
3434 <ST-Answer> ::= < Diameter Header: 275, PXY >
3435 < Session-Id >
3436 { Result-Code }
3437 { Origin-Host }
3438 { Origin-Realm }
3439 [ User-Name ]
3440 * [ Class ]
3441 [ Error-Message ]
3442 [ Error-Reporting-Host ]
3443 * [ Failed-AVP ]
3444 [ Origin-AAA-Protocol ]
3445 [ Origin-State-Id ]
3446 * [ Redirect-Host ]
3447 [ Redirect-Host-Usase ]
3448 [ Redirect-Max-Cache-Time ]
3449 * [ Proxy-Info ]
3450 * [ AVP ]
3451 */
3452 dict_object_t * cmd;
3453 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3454 };
3455
3456 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Answer", &cmd);
3457 PARSE_loc_rules( rules, cmd );
3458 }
3459
3460 /* Abort-Session-Request */
3461 {
3462 /*
3463 Add additional rules of the ABNF (compared to Base definition):
3464
3465 <AS-Request> ::= < Diameter Header: 274, REQ, PXY >
3466 < Session-Id >
3467 { Origin-Host }
3468 { Origin-Realm }
3469 { Destination-Realm }
3470 { Destination-Host }
3471 { Auth-Application-Id }
3472 [ User-Name ]
3473 [ Origin-AAA-Protocol ]
3474 [ Origin-State-Id ]
3475 [ NAS-Identifier ]
3476 [ NAS-IP-Address ]
3477 [ NAS-IPv6-Address ]
3478 [ NAS-Port ]
3479 [ NAS-Port-Id ]
3480 [ NAS-Port-Type ]
3481 [ Service-Type ]
3482 [ Framed-IP-Address ]
3483 [ Framed-IPv6-Prefix ]
3484 [ Framed-Interface-Id ]
3485 [ Called-Station-Id ]
3486 [ Calling-Station-Id ]
3487 [ Originating-Line-Info ]
3488 [ Acct-Session-Id ]
3489 [ Acct-Multi-Session-Id ]
3490 [ State ]
3491 * [ Class ]
3492 * [ Reply-Message ]
3493 * [ Proxy-Info ]
3494 * [ Route-Record ]
3495 * [ AVP ]
3496
3497 */
3498 dict_object_t * cmd;
3499 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3500 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 }
3501 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3502 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 }
3503 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 }
3504 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 }
3505 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 }
3506 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 }
3507 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3508 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1, 1 }
3509 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 }
3510 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3511 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3512 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 }
3513 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1, 1 }
3514 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1, 1 }
3515 ,{ "State", RULE_OPTIONAL, -1, 1, 1 }
3516 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 }
3517 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 }
3518 };
3519
3520 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Request", &cmd);
3521 PARSE_loc_rules( rules, cmd );
3522 }
3523
3524 /* Abort-Session-Answer */
3525 {
3526 /*
3527 Add additional rules of the ABNF (compared to Base definition):
3528
3529 <AS-Answer> ::= < Diameter Header: 274, PXY >
3530 < Session-Id >
3531 { Result-Code }
3532 { Origin-Host }
3533 { Origin-Realm }
3534 [ User-Name ]
3535 [ Origin-AAA-Protocol ]
3536 [ Origin-State-Id ]
3537 [ State]
3538 [ Error-Message ]
3539 [ Error-Reporting-Host ]
3540 * [ Failed-AVP ]
3541 * [ Redirected-Host ]
3542 [ Redirected-Host-Usage ]
3543 [ Redirected-Max-Cache-Time ]
3544 * [ Proxy-Info ]
3545 * [ AVP ]
3546 */
3547 dict_object_t * cmd;
3548 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3549 ,{ "State", RULE_REQUIRED, -1, 1, 1 }
3550 };
3551
3552 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Answer", &cmd);
3553 PARSE_loc_rules( rules, cmd );
3554 }
3555
3556 /* Accounting-Request */
3557 {
3558 /*
3559 Add additional rules of the ABNF (compared to Base definition):
3560
3561 <AC-Request> ::= < Diameter Header: 271, REQ, PXY >
3562 < Session-Id >
3563 { Origin-Host }
3564 { Origin-Realm }
3565 { Destination-Realm }
3566 { Accounting-Record-Type }
3567 { Accounting-Record-Number }
3568 [ Acct-Application-Id ]
3569 [ Vendor-Specific-Application-Id ]
3570 [ User-Name ]
3571 [ Accounting-Sub-Session-Id ]
3572 [ Acct-Session-Id ]
3573 [ Acct-Multi-Session-Id ]
3574 [ Origin-AAA-Protocol ]
3575 [ Origin-State-Id ]
3576 [ Destination-Host ]
3577 [ Event-Timestamp ]
3578 [ Acct-Delay-Time ]
3579 [ NAS-Identifier ]
3580 [ NAS-IP-Address ]
3581 [ NAS-IPv6-Address ]
3582 [ NAS-Port ]
3583 [ NAS-Port-Id ]
3584 [ NAS-Port-Type ]
3585 * [ Class ]
3586 [ Service-Type ]
3587 [ Termination-Cause ]
3588 [ Accounting-Input-Octets ]
3589 [ Accounting-Input-Packets ]
3590 [ Accounting-Output-Octets ]
3591 [ Accounting-Output-Packets ]
3592 [ Acct-Authentic ]
3593 [ Accounting-Auth-Method ]
3594 [ Acct-Link-Count ]
3595 [ Acct-Session-Time ]
3596 [ Acct-Tunnel-Connection ]
3597 [ Acct-Tunnel-Packets-Lost ]
3598 [ Callback-Id ]
3599 [ Callback-Number ]
3600 [ Called-Station-Id ]
3601 [ Calling-Station-Id ]
3602 * [ Connection-Info ]
3603 [ Originating-Line-Info ]
3604 [ Authorization-Lifetime ]
3605 [ Session-Timeout ]
3606 [ Idle-Timeout ]
3607 [ Port-Limit ]
3608 [ Accounting-Realtime-Required ]
3609 [ Acct-Interim-Interval ]
3610 * [ Filter-Id ]
3611 * [ NAS-Filter-Rule ]
3612 * [ Qos-Filter-Rule ]
3613 [ Framed-AppleTalk-Link ]
3614 [ Framed-AppleTalk-Network ]
3615 [ Framed-AppleTalk-Zone ]
3616 [ Framed-Compression ]
3617 [ Framed-Interface-Id ]
3618 [ Framed-IP-Address ]
3619 [ Framed-IP-Netmask ]
3620 * [ Framed-IPv6-Prefix ]
3621 [ Framed-IPv6-Pool ]
3622 * [ Framed-IPv6-Route ]
3623 [ Framed-IPX-Network ]
3624 [ Framed-MTU ]
3625 [ Framed-Pool ]
3626 [ Framed-Protocol ]
3627 * [ Framed-Route ]
3628 [ Framed-Routing ]
3629 * [ Login-IP-Host ]
3630 * [ Login-IPv6-Host ]
3631 [ Login-LAT-Group ]
3632 [ Login-LAT-Node ]
3633 [ Login-LAT-Port ]
3634 [ Login-LAT-Service ]
3635 [ Login-Service ]
3636 [ Login-TCP-Port ]
3637 * [ Tunneling ]
3638 * [ Proxy-Info ]
3639 * [ Route-Record ]
3640 * [ AVP ]
3641 */
3642 dict_object_t * cmd;
3643 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3644 ,{ "Acct-Delay-Time", RULE_OPTIONAL, -1, 1, 1 }
3645 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 }
3646 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3647 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 }
3648 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 }
3649 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 }
3650 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 }
3651 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 }
3652 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 }
3653 ,{ "Termination-Cause", RULE_OPTIONAL, -1, 1, 1 }
3654 ,{ "Accounting-Input-Octets", RULE_OPTIONAL, -1, 1, 1 }
3655 ,{ "Accounting-Input-Packets", RULE_OPTIONAL, -1, 1, 1 }
3656 ,{ "Accounting-Output-Octets", RULE_OPTIONAL, -1, 1, 1 }
3657 ,{ "Accounting-Output-Packets", RULE_OPTIONAL, -1, 1, 1 }
3658 ,{ "Acct-Authentic", RULE_OPTIONAL, -1, 1, 1 }
3659 ,{ "Accounting-Auth-Method", RULE_OPTIONAL, -1, 1, 1 }
3660 ,{ "Acct-Link-Count", RULE_OPTIONAL, -1, 1, 1 }
3661 ,{ "Acct-Session-Time", RULE_OPTIONAL, -1, 1, 1 }
3662 ,{ "Acct-Tunnel-Connection", RULE_OPTIONAL, -1, 1, 1 }
3663 ,{ "Acct-Tunnel-Packets-Lost", RULE_OPTIONAL, -1, 1, 1 }
3664 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1, 1 }
3665 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1, 1 }
3666 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3667 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 }
3668 ,{ "Connect-Info", RULE_OPTIONAL, -1,-1, 1 }
3669 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 }
3670 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 }
3671 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1, 1 }
3672 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1, 1 }
3673 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1, 1 }
3674 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1, 1 }
3675 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 }
3676 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 }
3677 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1, 1 }
3678 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1, 1, 1 }
3679 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1, 1 }
3680 ,{ "Framed-Compression", RULE_OPTIONAL, -1, 1, 1 }
3681 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 }
3682 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 }
3683 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1, 1 }
3684 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1, 1 }
3685 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1, 1 }
3686 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1, 1 }
3687 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1, 1 }
3688 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1, 1 }
3689 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1, 1 }
3690 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1, 1 }
3691 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3692 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1, 1 }
3693 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1, 1 }
3694 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1, 1 }
3695 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1, 1 }
3696 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1, 1 }
3697 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1, 1 }
3698 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1, 1 }
3699 ,{ "Login-Service", RULE_OPTIONAL, -1, 1, 1 }
3700 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1, 1 }
3701 ,{ "Tunneling", RULE_OPTIONAL, -1,-1, 1 }
3702 };
3703
3704 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Request", &cmd);
3705 PARSE_loc_rules( rules, cmd );
3706 }
3707
3708 /* Accounting-Answer */
3709 {
3710 /*
3711 Add additional rules of the ABNF (compared to Base definition):
3712
3713 <AC-Answer> ::= < Diameter Header: 271, PXY >
3714 < Session-Id >
3715 { Result-Code }
3716 { Origin-Host }
3717 { Origin-Realm }
3718 { Accounting-Record-Type }
3719 { Accounting-Record-Number }
3720 [ Acct-Application-Id ]
3721 [ Vendor-Specific-Application-Id ]
3722 [ User-Name ]
3723 [ Accounting-Sub-Session-Id ]
3724 [ Acct-Session-Id ]
3725 [ Acct-Multi-Session-Id ]
3726 [ Event-Timestamp ]
3727 [ Error-Message ]
3728 [ Error-Reporting-Host ]
3729 * [ Failed-AVP ]
3730 [ Origin-AAA-Protocol ]
3731 [ Origin-State-Id ]
3732 [ NAS-Identifier ]
3733 [ NAS-IP-Address ]
3734 [ NAS-IPv6-Address ]
3735 [ NAS-Port ]
3736 [ NAS-Port-Id ]
3737 [ NAS-Port-Type ]
3738 [ Service-Type ]
3739 [ Termination-Cause ]
3740 [ Accounting-Realtime-Required ]
3741 [ Acct-Interim-Interval ]
3742 * [ Class ]
3743 * [ Proxy-Info ]
3744 * [ Route-Record ]
3745 * [ AVP ]
3746
3747 */
3748 dict_object_t * cmd;
3749 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 }
3750 ,{ "NAS-Identifier", RULE_REQUIRED, -1, 1, 1 }
3751 ,{ "NAS-IP-Address", RULE_REQUIRED, -1, 1, 1 }
3752 ,{ "NAS-IPv6-Address", RULE_REQUIRED, -1, 1, 1 }
3753 ,{ "NAS-Port", RULE_REQUIRED, -1, 1, 1 }
3754 ,{ "NAS-Port-Id", RULE_REQUIRED, -1, 1, 1 }
3755 ,{ "NAS-Port-Type", RULE_REQUIRED, -1, 1, 1 }
3756 ,{ "Service-Type", RULE_REQUIRED, -1, 1, 1 }
3757 ,{ "Termination-Cause", RULE_REQUIRED, -1, 1, 1 }
3758 };
3759
3760 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Answer", &cmd);
3761 PARSE_loc_rules( rules, cmd );
3762 }
3763 }
3764
3765 TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for NASREQ' initialized");
3766 return 0;
3767 }
3768
3769 EXTENSION_API_INIT(API_MODULE_DICTIONARY | API_MODULE_LOG, entry, "dict_nasreq");
"Welcome to our mercurial repository"