Mercurial > hg > waaad
comparison extensions/dict_nasreq/dict_nasreq.c @ 398:11a5d67ee7d4
Split dictionary definitions by application, and added EAP definitions
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Tue, 02 Jun 2009 11:15:00 +0900 |
parents | extensions/dict_nasreq_eap/dict_nasreq_eap.c@a84144eea96c |
children | 316bb3f38d04 |
comparison
equal
deleted
inserted
replaced
397:a84144eea96c | 398:11a5d67ee7d4 |
---|---|
1 /********************************************************************************************************* | |
2 * Software License Agreement (BSD License) * | |
3 * Author: Sebastien Decugis <sdecugis@nict.go.jp> * | |
4 * * | |
5 * Copyright (c) 2008, WIDE Project and NICT * | |
6 * All rights reserved. * | |
7 * * | |
8 * Redistribution and use of this software in source and binary forms, with or without modification, are * | |
9 * permitted provided that the following conditions are met: * | |
10 * * | |
11 * * Redistributions of source code must retain the above * | |
12 * copyright notice, this list of conditions and the * | |
13 * following disclaimer. * | |
14 * * | |
15 * * Redistributions in binary form must reproduce the above * | |
16 * copyright notice, this list of conditions and the * | |
17 * following disclaimer in the documentation and/or other * | |
18 * materials provided with the distribution. * | |
19 * * | |
20 * * Neither the name of the WIDE Project or NICT nor the * | |
21 * names of its contributors may be used to endorse or * | |
22 * promote products derived from this software without * | |
23 * specific prior written permission of WIDE Project and * | |
24 * NICT. * | |
25 * * | |
26 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * | |
27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * | |
28 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * | |
29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * | |
30 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * | |
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * | |
32 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * | |
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * | |
34 *********************************************************************************************************/ | |
35 | |
36 /* | |
37 * Dictionary definitions of objects specified in Diameter NASREQ (RFC4005). | |
38 */ | |
39 | |
40 #define IN_EXTENSION | |
41 #define DECLARE_API_POINTERS | |
42 #define DEFINE_DEBUG_MACRO dict_nasreq | |
43 #include <waaad/waaad.h> | |
44 | |
45 /* The content of this file follows the same structure as dict-base.c */ | |
46 | |
47 static int dict_nasreq_verbosity = INFO; /* Change to NONE to suppress output once the definitions are working */ | |
48 | |
49 #define TRACE_DEBUG_ALL( str ) \ | |
50 TRACE_DEBUG(CALL, str ); | |
51 | |
52 /* Check the return value of an internal function, log and propagate */ | |
53 #define CHECK_FCT_DO( __call__, __fallback__ ) { \ | |
54 int __ret__; \ | |
55 TRACE_DEBUG_ALL( "Check FCT: " #__call__ ); \ | |
56 __ret__ = (__call__); \ | |
57 if (__ret__ != 0) { \ | |
58 TRACE_DEBUG(INFO, "Error in '" #__call__ "': %s", strerror(__ret__)); \ | |
59 __fallback__; \ | |
60 } \ | |
61 } | |
62 /* Check the return value of a function call, return any error code */ | |
63 #define CHECK_FCT( __call__ ) { \ | |
64 int __v__; \ | |
65 CHECK_FCT_DO( __v__ = (__call__), return __v__ ); \ | |
66 } | |
67 | |
68 #define CHECK_dict_new( _type, _data, _parent, _ref ) \ | |
69 CHECK_FCT( dict_new( (_type), (_data), (_parent), (_ref)) ); | |
70 | |
71 #define CHECK_dict_search( _type, _criteria, _what, _result ) \ | |
72 CHECK_FCT( dict_search( (_type), (_criteria), (_what), (_result)) ); \ | |
73 if ( !*(_result) ) { \ | |
74 TRACE_DEBUG(INFO, "Not found: "#_type ", "#_criteria", "#_what", "#_result ); \ | |
75 return ENOENT; \ | |
76 } | |
77 | |
78 | |
79 typedef struct { | |
80 char *avp_name; | |
81 rule_position_t position; | |
82 int min; | |
83 int max; | |
84 int template; | |
85 } loc_rules_def_t; | |
86 | |
87 #define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 ) | |
88 | |
89 #define PARSE_loc_rules( _rulearray, _parent) { \ | |
90 int __ar; \ | |
91 for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \ | |
92 dict_rule_data_t __data = { NULL, \ | |
93 (_rulearray)[__ar].position, \ | |
94 0, \ | |
95 (_rulearray)[__ar].min, \ | |
96 (_rulearray)[__ar].max, \ | |
97 (_rulearray)[__ar].template}; \ | |
98 __data.rule_order = RULE_ORDER(__data.rule_position); \ | |
99 CHECK_FCT( dict_search( \ | |
100 DICT_AVP, \ | |
101 AVP_BY_NAME, \ | |
102 (_rulearray)[__ar].avp_name, \ | |
103 &__data.rule_avp ) ); \ | |
104 if ( !__data.rule_avp ) { \ | |
105 TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \ | |
106 return ENOENT; \ | |
107 } \ | |
108 CHECK_FCT_DO( dict_new( DICT_RULE, &__data, _parent, NULL), \ | |
109 { \ | |
110 TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \ | |
111 (_rulearray)[__ar].avp_name ); \ | |
112 return EINVAL; \ | |
113 } ); \ | |
114 } \ | |
115 } | |
116 | |
117 | |
118 static int entry(char * conffile) | |
119 { | |
120 dict_object_t * nasreq; | |
121 TRACE_ENTRY("%p", conffile); | |
122 | |
123 /* No Vendors definitions */ | |
124 | |
125 /* Applications section */ | |
126 { | |
127 /* NASREQ (RFC 4005) */ | |
128 { | |
129 dict_application_data_t data = { 1, "Diameter Network Access Server Application" }; | |
130 CHECK_dict_new( DICT_APPLICATION, &data, NULL, &nasreq); | |
131 } | |
132 } | |
133 | |
134 /* Derived AVP types section */ | |
135 { | |
136 /* QoSFilterRule */ | |
137 { | |
138 /* | |
139 The QosFilterRule format is derived from the OctetString AVP Base | |
140 Format. It uses the ASCII charset. Packets may be marked or | |
141 metered based on the following information: | |
142 | |
143 Direction (in or out) | |
144 Source and destination IP address (possibly masked) | |
145 Protocol | |
146 Source and destination port (lists or ranges) | |
147 DSCP values (no mask or range) | |
148 | |
149 Rules for the appropriate direction are evaluated in order; the | |
150 first matched rule terminates the evaluation. Each packet is | |
151 evaluated once. If no rule matches, the packet is treated as best | |
152 effort. An access device unable to interpret or apply a QoS rule | |
153 SHOULD NOT terminate the session. | |
154 | |
155 QoSFilterRule filters MUST follow the following format: | |
156 | |
157 action dir proto from src to dst [options] | |
158 | |
159 tag - Mark packet with a specific DSCP | |
160 [DIFFSERV]. The DSCP option MUST be | |
161 included. | |
162 meter - Meter traffic. The metering options | |
163 MUST be included. | |
164 | |
165 dir The format is as described under IPFilterRule. | |
166 | |
167 proto The format is as described under IPFilterRule. | |
168 | |
169 src and dst The format is as described under IPFilterRule. | |
170 | |
171 options: | |
172 | |
173 DSCP <color> | |
174 Color values as defined in [DIFFSERV]. Exact | |
175 matching of DSCP values is required (no masks or | |
176 ranges). | |
177 | |
178 metering <rate> <color_under> <color_over> | |
179 The metering option provides Assured Forwarding, | |
180 as defined in [DIFFSERVAF], and MUST be present | |
181 if the action is set to meter. The rate option is | |
182 the throughput, in bits per second, used | |
183 by the access device to mark packets. Traffic | |
184 over the rate is marked with the color_over | |
185 codepoint, and traffic under the rate is marked | |
186 with the color_under codepoint. The color_under | |
187 and color_over options contain the drop | |
188 preferences and MUST conform to the recommended | |
189 codepoint keywords described in [DIFFSERVAF] | |
190 (e.g., AF13). | |
191 | |
192 The metering option also supports the strict | |
193 limit on traffic required by Expedited | |
194 Forwarding, as defined in [DIFFSERVEF]. The | |
195 color_over option may contain the keyword "drop" | |
196 to prevent forwarding of traffic that exceeds the | |
197 rate parameter. | |
198 | |
199 The rule syntax is a modified subset of ipfw(8) from FreeBSD, | |
200 and the ipfw.c code may provide a useful base for | |
201 implementations. | |
202 */ | |
203 dict_type_data_t data = { AVP_TYPE_OCTETSTRING, "QoSFilterRule" , NULL , NULL }; | |
204 CHECK_dict_new( DICT_TYPE, &data , NULL, NULL); | |
205 } | |
206 | |
207 } | |
208 | |
209 /* AVP section */ | |
210 { | |
211 dict_object_t * UTF8String_type; | |
212 dict_object_t * IPFilterRule_type; | |
213 dict_object_t * QoSFilterRule_type; | |
214 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type); | |
215 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "IPFilterRule", &IPFilterRule_type); | |
216 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "QoSFilterRule", &QoSFilterRule_type); | |
217 | |
218 /******************************** | |
219 * NAS Session AVPs * | |
220 ********************************/ | |
221 /* NAS-Port */ | |
222 { | |
223 /* | |
224 The NAS-Port AVP (AVP Code 5) is of type Unsigned32 and contains the | |
225 physical or virtual port number of the NAS which is authenticating | |
226 the user. Note that "port" is meant in its sense as a service | |
227 connection on the NAS, not as an IP protocol identifier. | |
228 | |
229 Either NAS-Port or NAS-Port-Id (AVP Code 87) SHOULD be present in | |
230 AA-Request (AAR) commands if the NAS differentiates among its ports. | |
231 */ | |
232 dict_avp_data_t data = { | |
233 5, /* Code */ | |
234 0, /* Vendor */ | |
235 "NAS-Port", /* Name */ | |
236 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
237 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
238 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
239 }; | |
240 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
241 } | |
242 | |
243 /* NAS-Port-Id */ | |
244 { | |
245 /* | |
246 The NAS-Port-Id AVP (AVP Code 87) is of type UTF8String and consists | |
247 of ASCII text identifying the port of the NAS authenticating the | |
248 user. Note that "port" is meant in its sense as a service connection | |
249 on the NAS, not as an IP protocol identifier. | |
250 | |
251 Either NAS-Port or NAS-Port-Id SHOULD be present in AA-Request (AAR) | |
252 commands if the NAS differentiates among its ports. NAS-Port-Id is | |
253 intended for use by NASes that cannot conveniently number their | |
254 ports. | |
255 */ | |
256 dict_avp_data_t data = { | |
257 87, /* Code */ | |
258 0, /* Vendor */ | |
259 "NAS-Port-Id", /* Name */ | |
260 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
261 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
262 AVP_TYPE_OCTETSTRING /* base type of data */ | |
263 }; | |
264 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
265 } | |
266 | |
267 /* NAS-Port-Type */ | |
268 { | |
269 /* | |
270 The NAS-Port-Type AVP (AVP Code 61) is of type Enumerated and | |
271 contains the type of the port on which the NAS is authenticating the | |
272 user. This AVP SHOULD be present if the NAS uses the same NAS-Port | |
273 number ranges for different service types concurrently. | |
274 | |
275 The supported values are defined in [RADIUSTypes]. The following | |
276 list is informational and subject to change by the IANA. | |
277 | |
278 http://www.iana.org/assignments/radius-types | |
279 Sub-registry: Values for RADIUS Attribute 61, NAS-Port-Type | |
280 Reference: [RFC2865] | |
281 | |
282 Extract on 2009.06.01: | |
283 0 Async [RFC2865] | |
284 1 Sync [RFC2865] | |
285 2 ISDN Sync [RFC2865] | |
286 3 ISDN Async V.120 [RFC2865] | |
287 4 ISDN Async V.110 [RFC2865] | |
288 5 Virtual [RFC2865] | |
289 6 PIAFS [RFC2865] | |
290 7 HDLC Clear Channel [RFC2865] | |
291 8 X.25 [RFC2865] | |
292 9 X.75 [RFC2865] | |
293 10 G.3 Fax [RFC2865] | |
294 11 SDSL - Symmetric DSL [RFC2865] | |
295 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865] | |
296 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865] | |
297 14 IDSL - ISDN Digital Subscriber Line [RFC2865] | |
298 15 Ethernet [RFC2865] | |
299 16 xDSL - Digital Subscriber Line of unknown type [RFC2865] | |
300 17 Cable [RFC2865] | |
301 18 Wireless - Other [RFC2865] | |
302 19 Wireless - IEEE 802.11 [RFC2865] | |
303 20 Token-Ring [RFC3580] | |
304 21 FDDI [RFC3580] | |
305 22 Wireless - CDMA2000 [McCann] | |
306 23 Wireless - UMTS [McCann] | |
307 24 Wireless - 1X-EV [McCann] | |
308 25 IAPP [IEEE 802.11F][Kerry] | |
309 26 FTTP - Fiber to the Premises [Nyce] | |
310 27 Wireless - IEEE 802.16 [IEEE 802.16] 12 December 2006 | |
311 28 Wireless - IEEE 802.20 [IEEE 802.20] 12 December 2006 | |
312 29 Wireless - IEEE 802.22 [IEEE 802.22] 12 December 2006 | |
313 30 PPPoA - PPP over ATM [RFC4603] | |
314 31 PPPoEoA - PPP over Ethernet over ATM [RFC4603] | |
315 32 PPPoEoE - PPP over Ethernet over Ethernet [RFC4603] | |
316 33 PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603] | |
317 34 PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603] | |
318 35 xPON - Passive Optical Network [Hublet][Yan] 19 June 2007 | |
319 */ | |
320 | |
321 dict_object_t * type; | |
322 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(NAS-Port-Type)" , NULL, NULL}; | |
323 dict_type_enum_data_t tvals[] = { | |
324 #define enum_val_def( _val_, _str_ ) \ | |
325 { _str_, { .u32 = _val_ }} | |
326 enum_val_def( 0, "Async [RFC2865]"), | |
327 enum_val_def( 1, "Sync [RFC2865]"), | |
328 enum_val_def( 2, "ISDN Sync [RFC2865]"), | |
329 enum_val_def( 3, "ISDN Async V.120 [RFC2865]"), | |
330 enum_val_def( 4, "ISDN Async V.110 [RFC2865]"), | |
331 enum_val_def( 5, "Virtual [RFC2865]"), | |
332 enum_val_def( 6, "PIAFS [RFC2865]"), | |
333 enum_val_def( 7, "HDLC Clear Channel [RFC2865]"), | |
334 enum_val_def( 8, "X.25 [RFC2865]"), | |
335 enum_val_def( 9, "X.75 [RFC2865]"), | |
336 enum_val_def(10, "G.3 Fax [RFC2865]"), | |
337 enum_val_def(11, "SDSL - Symmetric DSL [RFC2865]"), | |
338 enum_val_def(12, "ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865]"), | |
339 enum_val_def(13, "ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865]"), | |
340 enum_val_def(14, "IDSL - ISDN Digital Subscriber Line [RFC2865]"), | |
341 enum_val_def(15, "Ethernet [RFC2865]"), | |
342 enum_val_def(16, "xDSL - Digital Subscriber Line of unknown type [RFC2865]"), | |
343 enum_val_def(17, "Cable [RFC2865]"), | |
344 enum_val_def(18, "Wireless - Other [RFC2865]"), | |
345 enum_val_def(19, "Wireless - IEEE 802.11 [RFC2865]"), | |
346 enum_val_def(20, "Token-Ring [RFC3580]"), | |
347 enum_val_def(21, "FDDI [RFC3580]"), | |
348 enum_val_def(22, "Wireless - CDMA2000 [McCann]"), | |
349 enum_val_def(23, "Wireless - UMTS [McCann]"), | |
350 enum_val_def(24, "Wireless - 1X-EV [McCann]"), | |
351 enum_val_def(25, "IAPP [IEEE 802.11F][Kerry]"), | |
352 enum_val_def(26, "FTTP - Fiber to the Premises [Nyce]"), | |
353 enum_val_def(27, "Wireless - IEEE 802.16 [IEEE 802.16]"), | |
354 enum_val_def(28, "Wireless - IEEE 802.20 [IEEE 802.20]"), | |
355 enum_val_def(29, "Wireless - IEEE 802.22 [IEEE 802.22]"), | |
356 enum_val_def(30, "PPPoA - PPP over ATM [RFC4603]"), | |
357 enum_val_def(31, "PPPoEoA - PPP over Ethernet over ATM [RFC4603]"), | |
358 enum_val_def(32, "PPPoEoE - PPP over Ethernet over Ethernet [RFC4603]"), | |
359 enum_val_def(33, "PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603]"), | |
360 enum_val_def(34, "PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603]"), | |
361 enum_val_def(35, "xPON - Passive Optical Network [Hublet][Yan]") | |
362 }; | |
363 dict_avp_data_t data = { | |
364 61, /* Code */ | |
365 0, /* Vendor */ | |
366 "NAS-Port-Type", /* Name */ | |
367 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
368 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
369 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
370 }; | |
371 int i; | |
372 /* Create the Enumerated type, enumerated values, and the AVP */ | |
373 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
374 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
375 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
376 } | |
377 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
378 } | |
379 | |
380 /* Called-Station-Id */ | |
381 { | |
382 /* | |
383 The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and | |
384 allows the NAS to send the ASCII string describing the layer 2 | |
385 address the user contacted in the request. For dialup access, this | |
386 can be a phone number obtained by using Dialed Number Identification | |
387 (DNIS) or a similar technology. Note that this may be different from | |
388 the phone number the call comes in on. For use with IEEE 802 access, | |
389 the Called-Station-Id MAY contain a MAC address formatted as | |
390 described in [RAD802.1X]. It SHOULD only be present in | |
391 authentication and/or authorization requests. | |
392 | |
393 If the Auth-Request-Type AVP is set to authorization-only and the | |
394 User-Name AVP is absent, the Diameter Server MAY perform | |
395 authorization based on this field. This can be used by a NAS to | |
396 request whether a call should be answered based on the DNIS. | |
397 */ | |
398 dict_avp_data_t data = { | |
399 30, /* Code */ | |
400 0, /* Vendor */ | |
401 "Called-Station-Id", /* Name */ | |
402 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
403 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
404 AVP_TYPE_OCTETSTRING /* base type of data */ | |
405 }; | |
406 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
407 } | |
408 | |
409 /* Calling-Station-Id */ | |
410 { | |
411 /* | |
412 The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and | |
413 allows the NAS to send the ASCII string describing the layer 2 | |
414 address from which the user connected in the request. For dialup | |
415 access, this is the phone number the call came from, using Automatic | |
416 Number Identification (ANI) or a similar technology. For use with | |
417 IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC | |
418 address, formated as described in [RAD802.1X]. It SHOULD only be | |
419 present in authentication and/or authorization requests. | |
420 | |
421 If the Auth-Request-Type AVP is set to authorization-only and the | |
422 User-Name AVP is absent, the Diameter Server MAY perform | |
423 authorization based on this field. This can be used by a NAS to | |
424 request whether a call should be answered based on the layer 2 | |
425 address (ANI, MAC Address, etc.) | |
426 */ | |
427 dict_avp_data_t data = { | |
428 31, /* Code */ | |
429 0, /* Vendor */ | |
430 "Calling-Station-Id", /* Name */ | |
431 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
432 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
433 AVP_TYPE_OCTETSTRING /* base type of data */ | |
434 }; | |
435 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
436 } | |
437 | |
438 /* Connect-Info */ | |
439 { | |
440 /* | |
441 The Connect-Info AVP (AVP Code 77) is of type UTF8String and is sent | |
442 in the AA-Request message or ACR STOP message. When sent in the | |
443 Access-Request, it indicates the nature of the user's connection. | |
444 The connection speed SHOULD be included at the beginning of the first | |
445 Connect-Info AVP in the message. If the transmit and receive | |
446 connection speeds differ, both may be included in the first AVP with | |
447 the transmit speed listed first (the speed the NAS modem transmits | |
448 at), then a slash (/), then the receive speed, and then other | |
449 optional information. | |
450 | |
451 For example: "28800 V42BIS/LAPM" or "52000/31200 V90" | |
452 | |
453 More than one Connect-Info attribute may be present in an | |
454 Accounting-Request packet to accommodate expected efforts by the ITU | |
455 to have modems report more connection information in a standard | |
456 format that might exceed 252 octets. | |
457 | |
458 If sent in the ACR STOP, this attribute may summarize statistics | |
459 relating to session quality. For example, in IEEE 802.11, the | |
460 Connect-Info attribute may contain information on the number of link | |
461 layer retransmissions. The exact format of this attribute is | |
462 implementation specific. | |
463 */ | |
464 dict_avp_data_t data = { | |
465 77, /* Code */ | |
466 0, /* Vendor */ | |
467 "Connect-Info", /* Name */ | |
468 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
469 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
470 AVP_TYPE_OCTETSTRING /* base type of data */ | |
471 }; | |
472 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
473 } | |
474 | |
475 /* Originating-Line-Info */ | |
476 { | |
477 /* | |
478 The Originating-Line-Info AVP (AVP Code 94) is of type OctetString | |
479 and is sent by the NAS system to convey information about the origin | |
480 of the call from an SS7 system. | |
481 | |
482 The originating line information (OLI) element indicates the nature | |
483 and/or characteristics of the line from which a call originated | |
484 (e.g., pay phone, hotel, cellular). Telephone companies are starting | |
485 to offer OLI to their customers as an option over Primary Rate | |
486 Interface (PRI). Internet Service Providers (ISPs) can use OLI in | |
487 addition to Called-Station-Id and Calling-Station-Id attributes to | |
488 differentiate customer calls and to define different services. | |
489 | |
490 The Value field contains two octets (00 - 99). ANSI T1.113 and | |
491 BELLCORE 394 can be used for additional information about these | |
492 values and their use. For more information on current assignment | |
493 values, see [http://www.nanpa.com/number_resource_info/ani_ii_assignments.html]. | |
494 | |
495 */ | |
496 dict_object_t * type; | |
497 dict_type_data_t tdata = { AVP_TYPE_OCTETSTRING, "Enumerated*(Originating-Line-Info)" , NULL, NULL}; | |
498 dict_type_enum_data_t tvals[] = { | |
499 #define enum_os2_def( _val_, _str_ ) \ | |
500 { _str_, { .os = { .data = _val_, .len = 2 }}} | |
501 enum_os2_def( "00", "Plain Old Telephone Service (POTS)"), | |
502 enum_os2_def( "01", "Multiparty Line (more than 2)"), | |
503 enum_os2_def( "02", "ANI Failure"), | |
504 enum_os2_def( "06", "Station Level Rating"), | |
505 enum_os2_def( "07", "Special Operator Handling Required"), | |
506 enum_os2_def( "20", "Automatic Identified Outward Dialing (AIOD)"), | |
507 enum_os2_def( "23", "Coin or Non-Coin"), | |
508 enum_os2_def( "24", "Toll Free Service (Non-Pay Origination)"), | |
509 enum_os2_def( "25", "Toll Free Service (Pay Origination)"), | |
510 enum_os2_def( "27", "Toll Free Service (Coin Control Origination)"), | |
511 enum_os2_def( "29", "Prison/Inmate Service"), | |
512 enum_os2_def( "30", "Intercept (Blank)"), | |
513 enum_os2_def( "31", "Intercept (Trouble)"), | |
514 enum_os2_def( "32", "Intercept (Regular)"), | |
515 enum_os2_def( "34", "Telco Operator Handled Call"), | |
516 enum_os2_def( "52", "Outward Wide Area Telecommunications Service (OUTWATS)"), | |
517 enum_os2_def( "60", "Telecommunications Relay Service (TRS)(Unrestricted)"), | |
518 enum_os2_def( "61", "Cellular/Wireless PCS (Type 1)"), | |
519 enum_os2_def( "62", "Cellular/Wireless PCS (Type 2)"), | |
520 enum_os2_def( "63", "Cellular/Wireless PCS (Roaming)"), | |
521 enum_os2_def( "66", "TRS (Hotel)"), | |
522 enum_os2_def( "67", "TRS (Restricted)"), | |
523 enum_os2_def( "70", "Pay Station, No Coin Control"), | |
524 enum_os2_def( "93", "Access for Private Virtual Network Service") | |
525 }; | |
526 dict_avp_data_t data = { | |
527 94, /* Code */ | |
528 0, /* Vendor */ | |
529 "Originating-Line-Info", /* Name */ | |
530 AVP_FLAG_VENDOR, /* Fixed flags */ | |
531 0, /* Fixed flag values */ | |
532 AVP_TYPE_OCTETSTRING /* base type of data */ | |
533 }; | |
534 int i; | |
535 /* Create the Enumerated type, enumerated values, and the AVP */ | |
536 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
537 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
538 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
539 } | |
540 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
541 } | |
542 | |
543 /* Reply-Message */ | |
544 { | |
545 /* | |
546 The Reply-Message AVP (AVP Code 18) is of type UTF8String and | |
547 contains text that MAY be displayed to the user. When used in an | |
548 AA-Answer message with a successful Result-Code AVP, it indicates | |
549 success. When found in an AAA message with a Result-Code other than | |
550 DIAMETER_SUCCESS, the AVP contains a failure message. | |
551 | |
552 The Reply-Message AVP MAY indicate dialog text to prompt the user | |
553 before another AA-Request attempt. When used in an AA-Answer with a | |
554 Result-Code of DIAMETER_MULTI_ROUND_AUTH or in an Re-Auth-Request | |
555 message, it MAY contain a dialog text to prompt the user for a | |
556 response. | |
557 | |
558 Multiple Reply-Messages MAY be included, and if any are displayed, | |
559 they MUST be displayed in the same order as they appear in the | |
560 Diameter message. | |
561 */ | |
562 dict_avp_data_t data = { | |
563 18, /* Code */ | |
564 0, /* Vendor */ | |
565 "Reply-Message", /* Name */ | |
566 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
567 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
568 AVP_TYPE_OCTETSTRING /* base type of data */ | |
569 }; | |
570 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
571 } | |
572 | |
573 /******************************** | |
574 * NAS Authentication AVPs * | |
575 ********************************/ | |
576 /* User-Password */ | |
577 { | |
578 /* | |
579 The User-Password AVP (AVP Code 2) is of type OctetString and | |
580 contains the password of the user to be authenticated, or the user's | |
581 input in a multi-round authentication exchange. | |
582 | |
583 The User-Password AVP contains a user password or one-time password | |
584 and therefore represents sensitive information. As required in | |
585 [BASE], Diameter messages are encrypted by using IPsec or TLS. | |
586 Unless this AVP is used for one-time passwords, the User-Password AVP | |
587 SHOULD NOT be used in untrusted proxy environments without encrypting | |
588 it by using end-to-end security techniques, such as the proposed CMS | |
589 Security [DiamCMS]. | |
590 | |
591 The clear-text password (prior to encryption) MUST NOT be longer than | |
592 128 bytes in length. | |
593 */ | |
594 dict_avp_data_t data = { | |
595 2, /* Code */ | |
596 0, /* Vendor */ | |
597 "User-Password", /* Name */ | |
598 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
599 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
600 AVP_TYPE_OCTETSTRING /* base type of data */ | |
601 }; | |
602 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
603 } | |
604 | |
605 /* Password-Retry */ | |
606 { | |
607 /* | |
608 The Password-Retry AVP (AVP Code 75) is of type Unsigned32 and MAY be | |
609 included in the AA-Answer if the Result-Code indicates an | |
610 authentication failure. The value of this AVP indicates how many | |
611 authentication attempts a user is permitted before being | |
612 disconnected. This AVP is primarily intended for use when the | |
613 Framed-Protocol AVP (see section 6.10.1) is set to ARAP. | |
614 */ | |
615 dict_avp_data_t data = { | |
616 75, /* Code */ | |
617 0, /* Vendor */ | |
618 "Password-Retry", /* Name */ | |
619 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
620 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
621 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
622 }; | |
623 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
624 } | |
625 | |
626 /* Prompt */ | |
627 { | |
628 /* | |
629 The Prompt AVP (AVP Code 76) is of type Enumerated and MAY be present | |
630 in the AA-Answer message. When present, it is used by the NAS to | |
631 determine whether the user's response, when entered, should be | |
632 echoed. | |
633 | |
634 The supported values are listed in http://www.iana.org/assignments/radius-types | |
635 Sub-registry: Values for RADIUS Attribute 76, Prompt | |
636 Reference: [RFC2869] | |
637 */ | |
638 dict_object_t * type; | |
639 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Prompt)" , NULL, NULL}; | |
640 dict_type_enum_data_t tvals[] = { | |
641 enum_val_def( 0, "No Echo [RFC2869]"), | |
642 enum_val_def( 1, "Echo [RFC2869]") | |
643 }; | |
644 dict_avp_data_t data = { | |
645 76, /* Code */ | |
646 0, /* Vendor */ | |
647 "Prompt", /* Name */ | |
648 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
649 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
650 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
651 }; | |
652 int i; | |
653 /* Create the Enumerated type, enumerated values, and the AVP */ | |
654 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
655 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
656 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
657 } | |
658 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
659 } | |
660 | |
661 /* CHAP-Auth */ | |
662 { | |
663 /* | |
664 The CHAP-Auth AVP (AVP Code 402) is of type Grouped and contains the | |
665 information necessary to authenticate a user using the PPP | |
666 Challenge-Handshake Authentication Protocol (CHAP) [PPPCHAP]. If the | |
667 CHAP-Auth AVP is found in a message, the CHAP-Challenge AVP MUST be | |
668 present as well. The optional AVPs containing the CHAP response | |
669 depend upon the value of the CHAP-Algorithm AVP. The grouped AVP has | |
670 the following ABNF grammar: | |
671 | |
672 CHAP-Auth ::= < AVP Header: 402 > | |
673 { CHAP-Algorithm } | |
674 { CHAP-Ident } | |
675 [ CHAP-Response ] | |
676 * [ AVP ] | |
677 */ | |
678 dict_object_t * CHAP_Auth_avp; | |
679 dict_object_t * CHAP_Algorithm_avp; | |
680 dict_object_t * CHAP_Ident_avp; | |
681 dict_object_t * CHAP_Response_avp; | |
682 | |
683 dict_avp_data_t data = { | |
684 402, /* Code */ | |
685 0, /* Vendor */ | |
686 "CHAP-Auth", /* Name */ | |
687 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
688 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
689 AVP_TYPE_GROUPED /* base type of data */ | |
690 }; | |
691 CHECK_dict_new( DICT_AVP, &data , NULL, &CHAP_Auth_avp); | |
692 | |
693 /* CHAP-Algorithm */ | |
694 { | |
695 /* | |
696 The CHAP-Algorithm AVP (AVP Code 403) is of type Enumerated and | |
697 contains the algorithm identifier used in the computation of the CHAP | |
698 response [PPPCHAP]. The following values are currently supported: | |
699 | |
700 CHAP with MD5 5 | |
701 The CHAP response is computed by using the procedure described | |
702 in [PPPCHAP]. This algorithm requires that the CHAP-Response | |
703 AVP MUST be present in the CHAP-Auth AVP. | |
704 */ | |
705 dict_object_t * type; | |
706 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(CHAP-Algorithm)" , NULL, NULL}; | |
707 dict_type_enum_data_t tvals[] = { | |
708 enum_val_def( 5, "CHAP with MD5") | |
709 }; | |
710 dict_avp_data_t adata = { | |
711 403, /* Code */ | |
712 0, /* Vendor */ | |
713 "CHAP-Algorithm", /* Name */ | |
714 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
715 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
716 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
717 }; | |
718 int i; | |
719 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
720 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
721 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
722 } | |
723 CHECK_dict_new( DICT_AVP, &adata , type, &CHAP_Algorithm_avp); | |
724 } | |
725 | |
726 /* CHAP-Ident */ | |
727 { | |
728 /* | |
729 The CHAP-Ident AVP (AVP Code 404) is of type OctetString and contains | |
730 the 1 octet CHAP Identifier used in the computation of the CHAP | |
731 response [PPPCHAP]. | |
732 */ | |
733 dict_avp_data_t adata = { | |
734 404, /* Code */ | |
735 0, /* Vendor */ | |
736 "CHAP-Ident", /* Name */ | |
737 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
738 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
739 AVP_TYPE_OCTETSTRING /* base type of data */ | |
740 }; | |
741 CHECK_dict_new( DICT_AVP, &adata , NULL, &CHAP_Ident_avp); | |
742 } | |
743 | |
744 /* CHAP-Response */ | |
745 { | |
746 /* | |
747 The CHAP-Response AVP (AVP Code 405) is of type OctetString and | |
748 contains the 16 octet authentication data provided by the user in | |
749 response to the CHAP challenge [PPPCHAP]. | |
750 */ | |
751 dict_avp_data_t adata = { | |
752 405, /* Code */ | |
753 0, /* Vendor */ | |
754 "CHAP-Response", /* Name */ | |
755 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
756 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
757 AVP_TYPE_OCTETSTRING /* base type of data */ | |
758 }; | |
759 CHECK_dict_new( DICT_AVP, &adata , NULL, &CHAP_Response_avp); | |
760 } | |
761 | |
762 /* Now create the rules for the CHAP-Auth AVP */ | |
763 { | |
764 dict_rule_data_t rule_data = { NULL, RULE_REQUIRED, 1, 0, 1, 1 }; | |
765 | |
766 rule_data.rule_avp = CHAP_Algorithm_avp; | |
767 CHECK_dict_new( DICT_RULE, &rule_data, CHAP_Auth_avp, NULL); | |
768 | |
769 rule_data.rule_avp = CHAP_Ident_avp; | |
770 CHECK_dict_new( DICT_RULE, &rule_data, CHAP_Auth_avp, NULL); | |
771 | |
772 rule_data.rule_avp = CHAP_Response_avp; | |
773 rule_data.rule_position = RULE_OPTIONAL; | |
774 CHECK_dict_new( DICT_RULE, &rule_data, CHAP_Auth_avp, NULL); | |
775 } | |
776 } | |
777 | |
778 /* CHAP-Challenge */ | |
779 { | |
780 /* | |
781 The CHAP-Challenge AVP (AVP Code 60) is of type OctetString and | |
782 contains the CHAP Challenge sent by the NAS to the CHAP peer | |
783 [PPPCHAP]. | |
784 */ | |
785 dict_avp_data_t data = { | |
786 60, /* Code */ | |
787 0, /* Vendor */ | |
788 "CHAP-Challenge", /* Name */ | |
789 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
790 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
791 AVP_TYPE_OCTETSTRING /* base type of data */ | |
792 }; | |
793 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
794 } | |
795 | |
796 /* ARAP-Password */ | |
797 { | |
798 /* | |
799 The ARAP-Password AVP (AVP Code 70) is of type OctetString and is | |
800 only present when the Framed-Protocol AVP (see section 6.10.1) is | |
801 included in the message and is set to ARAP. This AVP MUST NOT be | |
802 present if either the User-Password or the CHAP-Auth AVP is present. | |
803 See [RADIUSExt] for more information on the contents of this AVP. | |
804 */ | |
805 dict_avp_data_t data = { | |
806 70, /* Code */ | |
807 0, /* Vendor */ | |
808 "ARAP-Password", /* Name */ | |
809 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
810 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
811 AVP_TYPE_OCTETSTRING /* base type of data */ | |
812 }; | |
813 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
814 } | |
815 | |
816 /* ARAP-Challenge-Response */ | |
817 { | |
818 /* | |
819 The ARAP-Challenge-Response AVP (AVP Code 84) is of type OctetString | |
820 and is only present when the Framed-Protocol AVP (see section 6.10.1) | |
821 is included in the message and is set to ARAP. This AVP contains an | |
822 8 octet response to the dial-in client's challenge. The RADIUS | |
823 server calculates this value by taking the dial-in client's challenge | |
824 from the high-order 8 octets of the ARAP-Password AVP and performing | |
825 DES encryption on this value with the authenticating user's password | |
826 as the key. If the user's password is fewer than 8 octets in length, | |
827 the password is padded at the end with NULL octets to a length of 8 | |
828 before it is used as a key. | |
829 */ | |
830 dict_avp_data_t data = { | |
831 84, /* Code */ | |
832 0, /* Vendor */ | |
833 "ARAP-Challenge-Response", /* Name */ | |
834 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
835 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
836 AVP_TYPE_OCTETSTRING /* base type of data */ | |
837 }; | |
838 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
839 } | |
840 | |
841 /* ARAP-Security */ | |
842 { | |
843 /* | |
844 The ARAP-Security AVP (AVP Code 73) is of type Unsigned32 and MAY be | |
845 present in the AA-Answer message if the Framed-Protocol AVP (see | |
846 section 6.10.1) is set to the value of ARAP, and the Result-Code AVP | |
847 is set to DIAMETER_MULTI_ROUND_AUTH. See [RADIUSExt] for more | |
848 information on the format of this AVP. | |
849 */ | |
850 dict_avp_data_t data = { | |
851 73, /* Code */ | |
852 0, /* Vendor */ | |
853 "ARAP-Security", /* Name */ | |
854 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
855 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
856 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
857 }; | |
858 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
859 } | |
860 | |
861 /* ARAP-Security-Data */ | |
862 { | |
863 /* | |
864 The ARAP-Security-Data AVP (AVP Code 74) is of type OctetString and MAY be | |
865 present in the AA-Request or AA-Answer message if the Framed-Protocol | |
866 AVP is set to the value of ARAP, and the Result-Code AVP is set to | |
867 DIAMETER_MULTI_ROUND_AUTH. This AVP contains the security module | |
868 challenge or response associated with the ARAP Security Module | |
869 specified in ARAP-Security. | |
870 */ | |
871 dict_avp_data_t data = { | |
872 74, /* Code */ | |
873 0, /* Vendor */ | |
874 "ARAP-Security-Data", /* Name */ | |
875 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
876 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
877 AVP_TYPE_OCTETSTRING /* base type of data */ | |
878 }; | |
879 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
880 } | |
881 | |
882 /******************************** | |
883 * NAS Authorization AVPs * | |
884 ********************************/ | |
885 /* Service-Type */ | |
886 { | |
887 /* | |
888 The Service-Type AVP (AVP Code 6) is of type Enumerated and contains | |
889 the type of service the user has requested or the type of service to | |
890 be provided. One such AVP MAY be present in an authentication and/or | |
891 authorization request or response. A NAS is not required to | |
892 implement all of these service types. It MUST treat unknown or | |
893 unsupported Service-Types received in a response as a failure and end | |
894 the session with a DIAMETER_INVALID_AVP_VALUE Result-Code. | |
895 | |
896 When used in a request, the Service-Type AVP SHOULD be considered a | |
897 hint to the server that the NAS believes the user would prefer the | |
898 kind of service indicated. The server is not required to honor the | |
899 hint. Furthermore, if the service specified by the server is | |
900 supported, but not compatible with the current mode of access, the | |
901 NAS MUST fail to start the session. The NAS MUST also generate the | |
902 appropriate error message(s). | |
903 | |
904 The following values have been defined for the Service-Type AVP. The | |
905 complete list of defined values can be found in [RADIUS] and | |
906 [RADIUSTypes]. | |
907 | |
908 Registry Name: Radius Attribute Values | |
909 Reference: [RFC2865][RFC3575] | |
910 | |
911 Sub-registry: Values for RADIUS Attribute 6, Service-Type | |
912 Reference: [RFC2865][RFC3575] | |
913 | |
914 1 Login | |
915 2 Framed | |
916 3 Callback Login | |
917 4 Callback Framed | |
918 5 Outbound | |
919 6 Administrative | |
920 7 NAS Prompt | |
921 8 Authenticate Only | |
922 9 Callback NAS Prompt | |
923 10 Call Check | |
924 11 Callback Administrative | |
925 12 Voice [Chiba] | |
926 13 Fax [Chiba] | |
927 14 Modem Relay [Chiba] | |
928 15 IAPP-Register [IEEE 802.11f][Kerry] | |
929 16 IAPP-AP-Check [IEEE 802.11f][Kerry] | |
930 17 Authorize Only [RFC3576] | |
931 | |
932 The following values are further qualified: | |
933 | |
934 Login 1 | |
935 The user should be connected to a host. The message MAY | |
936 include additional AVPs defined in sections 6.16 or 6.17. | |
937 | |
938 Framed 2 | |
939 A Framed Protocol, such as PPP or SLIP, should be started for | |
940 the User. The message MAY include additional AVPs defined in | |
941 section 6.10, or section 7 for tunneling services. | |
942 | |
943 Callback Login 3 | |
944 The user should be disconnected and called back, then connected | |
945 to a host. The message MAY include additional AVPs defined in | |
946 this section. | |
947 | |
948 Callback Framed 4 | |
949 The user should be disconnected and called back, and then a | |
950 Framed Protocol, such as PPP or SLIP, should be started for the | |
951 User. The message MAY include additional AVPs defined in | |
952 section 6.10, or in section 7 for tunneling services. | |
953 | |
954 */ | |
955 dict_object_t * type; | |
956 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Service-Type)" , NULL, NULL}; | |
957 dict_type_enum_data_t tvals[] = { | |
958 enum_val_def( 1, "Login"), | |
959 enum_val_def( 2, "Framed"), | |
960 enum_val_def( 3, "Callback Login"), | |
961 enum_val_def( 4, "Callback Framed"), | |
962 enum_val_def( 5, "Outbound"), | |
963 enum_val_def( 6, "Administrative"), | |
964 enum_val_def( 7, "NAS Prompt"), | |
965 enum_val_def( 8, "Authenticate Only"), | |
966 enum_val_def( 9, "Callback NAS Prompt"), | |
967 enum_val_def(10, "Call Check"), | |
968 enum_val_def(11, "Callback Administrative"), | |
969 enum_val_def(12, "Voice [Chiba]"), | |
970 enum_val_def(13, "Fax [Chiba]"), | |
971 enum_val_def(14, "Modem Relay [Chiba]"), | |
972 enum_val_def(15, "IAPP-Register [IEEE 802.11f][Kerry]"), | |
973 enum_val_def(16, "IAPP-AP-Check [IEEE 802.11f][Kerry]"), | |
974 enum_val_def(17, "Authorize Only [RFC3576]") | |
975 }; | |
976 dict_avp_data_t data = { | |
977 6, /* Code */ | |
978 0, /* Vendor */ | |
979 "Service-Type", /* Name */ | |
980 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
981 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
982 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
983 }; | |
984 int i; | |
985 /* Create the Enumerated type, enumerated values, and the AVP */ | |
986 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
987 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
988 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
989 } | |
990 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
991 } | |
992 | |
993 /* Callback-Number */ | |
994 { | |
995 /* | |
996 The Callback-Number AVP (AVP Code 19) is of type UTF8String and | |
997 contains a dialing string to be used for callback. It MAY be used in | |
998 an authentication and/or authorization request as a hint to the | |
999 server that a Callback service is desired, but the server is not | |
1000 required to honor the hint in the corresponding response. | |
1001 */ | |
1002 dict_avp_data_t data = { | |
1003 19, /* Code */ | |
1004 0, /* Vendor */ | |
1005 "Callback-Number", /* Name */ | |
1006 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1007 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1008 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1009 }; | |
1010 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1011 } | |
1012 | |
1013 /* Callback-Id */ | |
1014 { | |
1015 /* | |
1016 The Callback-Id AVP (AVP Code 20) is of type UTF8String and contains | |
1017 the name of a place to be called, to be interpreted by the NAS. This | |
1018 AVP MAY be present in an authentication and/or authorization | |
1019 response. | |
1020 | |
1021 This AVP is not roaming-friendly as it assumes that the Callback-Id | |
1022 is configured on the NAS. Using the Callback-Number AVP therefore | |
1023 preferable. | |
1024 */ | |
1025 dict_avp_data_t data = { | |
1026 20, /* Code */ | |
1027 0, /* Vendor */ | |
1028 "Callback-Id", /* Name */ | |
1029 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1030 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1031 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1032 }; | |
1033 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1034 } | |
1035 | |
1036 /* Idle-Timeout */ | |
1037 { | |
1038 /* | |
1039 The Idle-Timeout AVP (AVP Code 28) is of type Unsigned32 and sets the | |
1040 maximum number of consecutive seconds of idle connection allowable to | |
1041 the user before termination of the session or before a prompt is | |
1042 issued. The default is none, or system specific. | |
1043 */ | |
1044 dict_avp_data_t data = { | |
1045 28, /* Code */ | |
1046 0, /* Vendor */ | |
1047 "Idle-Timeout", /* Name */ | |
1048 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1049 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1050 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1051 }; | |
1052 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1053 } | |
1054 | |
1055 /* Port-Limit */ | |
1056 { | |
1057 /* | |
1058 The Port-Limit AVP (AVP Code 62) is of type Unsigned32 and sets the | |
1059 maximum number of ports the NAS provides to the user. It MAY be used | |
1060 in an authentication and/or authorization request as a hint to the | |
1061 server that multilink PPP [PPPMP] service is desired, but the server | |
1062 is not required to honor the hint in the corresponding response. | |
1063 */ | |
1064 dict_avp_data_t data = { | |
1065 62, /* Code */ | |
1066 0, /* Vendor */ | |
1067 "Port-Limit", /* Name */ | |
1068 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1069 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1070 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1071 }; | |
1072 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1073 } | |
1074 | |
1075 /* NAS-Filter-Rule */ | |
1076 { | |
1077 /* | |
1078 The NAS-Filter-Rule AVP (AVP Code 400) is of type IPFilterRule and | |
1079 provides filter rules that need to be configured on the NAS for the | |
1080 user. One or more of these AVPs MAY be present in an authorization | |
1081 response. | |
1082 */ | |
1083 dict_avp_data_t data = { | |
1084 400, /* Code */ | |
1085 0, /* Vendor */ | |
1086 "NAS-Filter-Rule", /* Name */ | |
1087 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1088 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1089 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1090 }; | |
1091 CHECK_dict_new( DICT_AVP, &data , IPFilterRule_type, NULL); | |
1092 } | |
1093 | |
1094 /* Filter-Id */ | |
1095 { | |
1096 /* | |
1097 The Filter-Id AVP (AVP Code 11) is of type UTF8String and contains | |
1098 the name of the filter list for this user. Zero or more Filter-Id | |
1099 AVPs MAY be sent in an authorization answer. | |
1100 | |
1101 Identifying a filter list by name allows the filter to be used on | |
1102 different NASes without regard to filter-list implementation details. | |
1103 However, this AVP is not roaming friendly, as filter naming differs | |
1104 from one service provider to another. | |
1105 | |
1106 In non-RADIUS environments, it is RECOMMENDED that the NAS-Filter- | |
1107 Rule AVP be used instead. | |
1108 */ | |
1109 dict_avp_data_t data = { | |
1110 11, /* Code */ | |
1111 0, /* Vendor */ | |
1112 "Filter-Id", /* Name */ | |
1113 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1114 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1115 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1116 }; | |
1117 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1118 } | |
1119 | |
1120 /* Configuration-Token */ | |
1121 { | |
1122 /* | |
1123 The Configuration-Token AVP (AVP Code 78) is of type OctetString and | |
1124 is sent by a Diameter Server to a Diameter Proxy Agent or Translation | |
1125 Agent in an AA-Answer command to indicate a type of user profile to | |
1126 be used. It should not be sent to a Diameter Client (NAS). | |
1127 | |
1128 The format of the Data field of this AVP is site specific. | |
1129 */ | |
1130 dict_avp_data_t data = { | |
1131 78, /* Code */ | |
1132 0, /* Vendor */ | |
1133 "Configuration-Token", /* Name */ | |
1134 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1135 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1136 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1137 }; | |
1138 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1139 } | |
1140 | |
1141 /* QoS-Filter-Rule */ | |
1142 { | |
1143 /* | |
1144 The QoS-Filter-Rule AVP (AVP Code 407) is of type QoSFilterRule and | |
1145 provides QoS filter rules that need to be configured on the NAS for | |
1146 the user. One or more such AVPs MAY be present in an authorization | |
1147 response. | |
1148 */ | |
1149 dict_avp_data_t data = { | |
1150 407, /* Code */ | |
1151 0, /* Vendor */ | |
1152 "QoS-Filter-Rule", /* Name */ | |
1153 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1154 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1155 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1156 }; | |
1157 CHECK_dict_new( DICT_AVP, &data , QoSFilterRule_type, NULL); | |
1158 } | |
1159 | |
1160 /*** Framed Access Authorization AVPs ***/ | |
1161 | |
1162 /* Framed-Protocol */ | |
1163 { | |
1164 /* | |
1165 The Framed-Protocol AVP (AVP Code 7) is of type Enumerated and | |
1166 contains the framing to be used for framed access. This AVP MAY be | |
1167 present in both requests and responses. The supported values are | |
1168 listed in [RADIUSTypes]. | |
1169 | |
1170 Sub-registry: Values for RADIUS Attribute 7, Framed-Protocol | |
1171 Reference: [RFC2865] | |
1172 */ | |
1173 dict_object_t * type; | |
1174 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Protocol)" , NULL, NULL}; | |
1175 dict_type_enum_data_t tvals[] = { | |
1176 enum_val_def( 1, "PPP"), | |
1177 enum_val_def( 2, "SLIP"), | |
1178 enum_val_def( 3, "AppleTalk Remote Access Protocol (ARAP)"), | |
1179 enum_val_def( 4, "Gandalf proprietary SingleLink/MultiLink protocol"), | |
1180 enum_val_def( 5, "Xylogics proprietary IPX/SLIP"), | |
1181 enum_val_def( 6, "X.75 Synchronous"), | |
1182 enum_val_def( 7, "GPRS PDP Context [Moore]") | |
1183 }; | |
1184 dict_avp_data_t data = { | |
1185 7, /* Code */ | |
1186 0, /* Vendor */ | |
1187 "Framed-Protocol", /* Name */ | |
1188 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1189 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1190 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1191 }; | |
1192 int i; | |
1193 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1194 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1195 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1196 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
1197 } | |
1198 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1199 } | |
1200 | |
1201 /* Framed-Routing */ | |
1202 { | |
1203 /* | |
1204 The Framed-Routing AVP (AVP Code 10) is of type Enumerated and | |
1205 contains the routing method for the user when the user is a router to | |
1206 a network. This AVP SHOULD only be present in authorization | |
1207 responses. The supported values are listed in [RADIUSTypes]. | |
1208 | |
1209 Sub-registry: Values for RADIUS Attribute 10, Framed-Routing | |
1210 Reference: [RFC2865] | |
1211 */ | |
1212 dict_object_t * type; | |
1213 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Routing)" , NULL, NULL}; | |
1214 dict_type_enum_data_t tvals[] = { | |
1215 enum_val_def( 0, "None"), | |
1216 enum_val_def( 1, "Send routing packets"), | |
1217 enum_val_def( 2, "Listen for routing packets"), | |
1218 enum_val_def( 3, "Send and Listen") | |
1219 }; | |
1220 dict_avp_data_t data = { | |
1221 10, /* Code */ | |
1222 0, /* Vendor */ | |
1223 "Framed-Routing", /* Name */ | |
1224 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1225 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1226 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1227 }; | |
1228 int i; | |
1229 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1230 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1231 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1232 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
1233 } | |
1234 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1235 } | |
1236 | |
1237 /* Framed-MTU */ | |
1238 { | |
1239 /* | |
1240 The Framed-MTU AVP (AVP Code 12) is of type Unsigned32 and contains | |
1241 the Maximum Transmission Unit to be configured for the user, when it | |
1242 is not negotiated by some other means (such as PPP). This AVP SHOULD | |
1243 only be present in authorization responses. The MTU value MUST be in | |
1244 the range from 64 to 65535. | |
1245 */ | |
1246 dict_avp_data_t data = { | |
1247 12, /* Code */ | |
1248 0, /* Vendor */ | |
1249 "Framed-MTU", /* Name */ | |
1250 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1251 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1252 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1253 }; | |
1254 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1255 } | |
1256 | |
1257 /* Framed-Compression */ | |
1258 { | |
1259 /* | |
1260 The Framed-Compression AVP (AVP Code 13) is of type Enumerated and | |
1261 contains the compression protocol to be used for the link. It MAY be | |
1262 used in an authorization request as a hint to the server that a | |
1263 specific compression type is desired, but the server is not required | |
1264 to honor the hint in the corresponding response. | |
1265 | |
1266 More than one compression protocol AVP MAY be sent. The NAS is | |
1267 responsible for applying the proper compression protocol to the | |
1268 appropriate link traffic. | |
1269 | |
1270 The supported values are listed in [RADIUSTypes]. | |
1271 Sub-registry: Values for RADIUS Attribute 13, Framed-Compression | |
1272 Reference: [RFC2865] | |
1273 */ | |
1274 dict_object_t * type; | |
1275 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Compression)" , NULL, NULL}; | |
1276 dict_type_enum_data_t tvals[] = { | |
1277 enum_val_def( 0, "None"), | |
1278 enum_val_def( 1, "VJ TCP/IP header compression"), | |
1279 enum_val_def( 2, "IPX header compression"), | |
1280 enum_val_def( 3, "Stac-LZS compression") | |
1281 }; | |
1282 dict_avp_data_t data = { | |
1283 13, /* Code */ | |
1284 0, /* Vendor */ | |
1285 "Framed-Compression", /* Name */ | |
1286 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1287 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1288 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1289 }; | |
1290 int i; | |
1291 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1292 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1293 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1294 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
1295 } | |
1296 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1297 } | |
1298 | |
1299 /*** IP Access Authorization AVPs ***/ | |
1300 | |
1301 /* Framed-IP-Address */ | |
1302 { | |
1303 /* | |
1304 The Framed-IP-Address AVP (AVP Code 8) [RADIUS] is of type | |
1305 OctetString and contains an IPv4 address of the type specified in the | |
1306 attribute value to be configured for the user. It MAY be used in an | |
1307 authorization request as a hint to the server that a specific address | |
1308 is desired, but the server is not required to honor the hint in the | |
1309 corresponding response. | |
1310 | |
1311 Two values have special significance: 0xFFFFFFFF and 0xFFFFFFFE. The | |
1312 value 0xFFFFFFFF indicates that the NAS should allow the user to | |
1313 select an address (i.e., negotiated). The value 0xFFFFFFFE indicates | |
1314 that the NAS should select an address for the user (e.g., assigned | |
1315 from a pool of addresses kept by the NAS). | |
1316 */ | |
1317 dict_avp_data_t data = { | |
1318 8, /* Code */ | |
1319 0, /* Vendor */ | |
1320 "Framed-IP-Address", /* Name */ | |
1321 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1322 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1323 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1324 }; | |
1325 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1326 } | |
1327 | |
1328 /* Framed-IP-Netmask */ | |
1329 { | |
1330 /* | |
1331 The Framed-IP-Netmask AVP (AVP Code 9) is of type OctetString and | |
1332 contains the four octets of the IPv4 netmask to be configured for the | |
1333 user when the user is a router to a network. It MAY be used in an | |
1334 authorization request as a hint to the server that a specific netmask | |
1335 is desired, but the server is not required to honor the hint in the | |
1336 corresponding response. This AVP MUST be present in a response if | |
1337 the request included this AVP with a value of 0xFFFFFFFF. | |
1338 */ | |
1339 dict_avp_data_t data = { | |
1340 9, /* Code */ | |
1341 0, /* Vendor */ | |
1342 "Framed-IP-Netmask", /* Name */ | |
1343 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1344 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1345 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1346 }; | |
1347 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1348 } | |
1349 | |
1350 /* Framed-Route */ | |
1351 { | |
1352 /* | |
1353 The Framed-Route AVP (AVP Code 22) is of type UTF8String and contains | |
1354 the ASCII routing information to be configured for the user on the | |
1355 NAS. Zero or more of these AVPs MAY be present in an authorization | |
1356 response. | |
1357 | |
1358 The string MUST contain a destination prefix in dotted quad form | |
1359 optionally followed by a slash and a decimal length specifier stating | |
1360 how many high-order bits of the prefix should be used. This is | |
1361 followed by a space, a gateway address in dotted quad form, a space, | |
1362 and one or more metrics separated by spaces; for example, | |
1363 | |
1364 "192.168.1.0/24 192.168.1.1 1". | |
1365 | |
1366 The length specifier may be omitted, in which case it should default | |
1367 to 8 bits for class A prefixes, to 16 bits for class B prefixes, and | |
1368 to 24 bits for class C prefixes; for example, | |
1369 | |
1370 "192.168.1.0 192.168.1.1 1". | |
1371 | |
1372 Whenever the gateway address is specified as "0.0.0.0" the IP address | |
1373 of the user SHOULD be used as the gateway address. | |
1374 */ | |
1375 dict_avp_data_t data = { | |
1376 22, /* Code */ | |
1377 0, /* Vendor */ | |
1378 "Framed-Route", /* Name */ | |
1379 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1380 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1381 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1382 }; | |
1383 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1384 } | |
1385 | |
1386 /* Framed-Pool */ | |
1387 { | |
1388 /* | |
1389 The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains | |
1390 the name of an assigned address pool that SHOULD be used to assign an | |
1391 address for the user. If a NAS does not support multiple address | |
1392 pools, the NAS SHOULD ignore this AVP. Address pools are usually | |
1393 used for IP addresses but can be used for other protocols if the NAS | |
1394 supports pools for those protocols. | |
1395 | |
1396 Although specified as type OctetString for compatibility with RADIUS | |
1397 [RADIUSExt], the encoding of the Data field SHOULD also conform to | |
1398 the rules for the UTF8String Data Format. | |
1399 */ | |
1400 dict_avp_data_t data = { | |
1401 88, /* Code */ | |
1402 0, /* Vendor */ | |
1403 "Framed-Pool", /* Name */ | |
1404 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1405 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1406 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1407 }; | |
1408 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1409 } | |
1410 | |
1411 /* Framed-Interface-Id */ | |
1412 { | |
1413 /* | |
1414 The Framed-Interface-Id AVP (AVP Code 96) is of type Unsigned64 and | |
1415 contains the IPv6 interface identifier to be configured for the user. | |
1416 It MAY be used in authorization requests as a hint to the server that | |
1417 a specific interface id is desired, but the server is not required to | |
1418 honor the hint in the corresponding response. | |
1419 */ | |
1420 dict_avp_data_t data = { | |
1421 96, /* Code */ | |
1422 0, /* Vendor */ | |
1423 "Framed-Interface-Id", /* Name */ | |
1424 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1425 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1426 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
1427 }; | |
1428 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1429 } | |
1430 | |
1431 /* Framed-IPv6-Prefix */ | |
1432 { | |
1433 /* | |
1434 The Framed-IPv6-Prefix AVP (AVP Code 97) is of type OctetString and | |
1435 contains the IPv6 prefix to be configured for the user. One or more | |
1436 AVPs MAY be used in authorization requests as a hint to the server | |
1437 that specific IPv6 prefixes are desired, but the server is not | |
1438 required to honor the hint in the corresponding response. | |
1439 */ | |
1440 dict_avp_data_t data = { | |
1441 97, /* Code */ | |
1442 0, /* Vendor */ | |
1443 "Framed-IPv6-Prefix", /* Name */ | |
1444 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1445 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1446 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1447 }; | |
1448 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1449 } | |
1450 | |
1451 /* Framed-IPv6-Route */ | |
1452 { | |
1453 /* | |
1454 The Framed-IPv6-Route AVP (AVP Code 99) is of type UTF8String and | |
1455 contains the ASCII routing information to be configured for the user | |
1456 on the NAS. Zero or more of these AVPs MAY be present in an | |
1457 authorization response. | |
1458 | |
1459 The string MUST contain an IPv6 address prefix followed by a slash | |
1460 and a decimal length specifier stating how many high order bits of | |
1461 the prefix should be used. This is followed by a space, a gateway | |
1462 address in hexadecimal notation, a space, and one or more metrics | |
1463 separated by spaces; for example, | |
1464 | |
1465 "2000:0:0:106::/64 2000::106:a00:20ff:fe99:a998 1". | |
1466 | |
1467 Whenever the gateway address is the IPv6 unspecified address, the IP | |
1468 address of the user SHOULD be used as the gateway address, such as | |
1469 in: | |
1470 | |
1471 "2000:0:0:106::/64 :: 1". | |
1472 */ | |
1473 dict_avp_data_t data = { | |
1474 99, /* Code */ | |
1475 0, /* Vendor */ | |
1476 "Framed-IPv6-Route", /* Name */ | |
1477 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1478 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1479 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1480 }; | |
1481 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
1482 } | |
1483 | |
1484 /* Framed-IPv6-Pool */ | |
1485 { | |
1486 /* | |
1487 The Framed-IPv6-Pool AVP (AVP Code 100) is of type OctetString and | |
1488 contains the name of an assigned pool that SHOULD be used to assign | |
1489 an IPv6 prefix for the user. If the access device does not support | |
1490 multiple prefix pools, it MUST ignore this AVP. | |
1491 | |
1492 Although specified as type OctetString for compatibility with RADIUS | |
1493 [RADIUSIPv6], the encoding of the Data field SHOULD also conform to | |
1494 the rules for the UTF8String Data Format. | |
1495 */ | |
1496 dict_avp_data_t data = { | |
1497 100, /* Code */ | |
1498 0, /* Vendor */ | |
1499 "Framed-IPv6-Pool", /* Name */ | |
1500 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1501 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1502 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1503 }; | |
1504 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1505 } | |
1506 | |
1507 /*** IPX Access ***/ | |
1508 | |
1509 /* Framed-IPX-Network */ | |
1510 { | |
1511 /* | |
1512 The Framed-IPX-Network AVP (AVP Code 23) is of type Unsigned32 and | |
1513 contains the IPX Network number to be configured for the user. It | |
1514 MAY be used in an authorization request as a hint to the server that | |
1515 a specific address is desired, but the server is not required to | |
1516 honor the hint in the corresponding response. | |
1517 | |
1518 Two addresses have special significance: 0xFFFFFFFF and 0xFFFFFFFE. | |
1519 The value 0xFFFFFFFF indicates that the NAS should allow the user to | |
1520 select an address (i.e., Negotiated). The value 0xFFFFFFFE indicates | |
1521 that the NAS should select an address for the user (e.g., assign it | |
1522 from a pool of one or more IPX networks kept by the NAS). | |
1523 */ | |
1524 dict_avp_data_t data = { | |
1525 23, /* Code */ | |
1526 0, /* Vendor */ | |
1527 "Framed-IPX-Network", /* Name */ | |
1528 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1529 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1530 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1531 }; | |
1532 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1533 } | |
1534 | |
1535 /*** AppleTalk Network Access ***/ | |
1536 | |
1537 /* Framed-AppleTalk-Link */ | |
1538 { | |
1539 /* | |
1540 The Framed-AppleTalk-Link AVP (AVP Code 37) is of type Unsigned32 and | |
1541 contains the AppleTalk network number that should be used for the | |
1542 serial link to the user, which is another AppleTalk router. This AVP | |
1543 MUST only be present in an authorization response and is never used | |
1544 when the user is not another router. | |
1545 | |
1546 Despite the size of the field, values range from 0 to 65,535. The | |
1547 special value of 0 indicates an unnumbered serial link. A value of 1 | |
1548 to 65,535 means that the serial line between the NAS and the user | |
1549 should be assigned that value as an AppleTalk network number. | |
1550 */ | |
1551 dict_avp_data_t data = { | |
1552 37, /* Code */ | |
1553 0, /* Vendor */ | |
1554 "Framed-AppleTalk-Link", /* Name */ | |
1555 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1556 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1557 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1558 }; | |
1559 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1560 } | |
1561 | |
1562 /* Framed-AppleTalk-Network */ | |
1563 { | |
1564 /* | |
1565 The Framed-AppleTalk-Network AVP (AVP Code 38) is of type Unsigned32 | |
1566 and contains the AppleTalk Network number that the NAS should probe | |
1567 to allocate an AppleTalk node for the user. This AVP MUST only be | |
1568 present in an authorization response and is never used when the user | |
1569 is not another router. Multiple instances of this AVP indicate that | |
1570 the NAS may probe, using any of the network numbers specified. | |
1571 | |
1572 Despite the size of the field, values range from 0 to 65,535. The | |
1573 special value 0 indicates that the NAS should assign a network for | |
1574 the user, using its default cable range. A value between 1 and | |
1575 65,535 (inclusive) indicates to the AppleTalk Network that the NAS | |
1576 should probe to find an address for the user. | |
1577 */ | |
1578 dict_avp_data_t data = { | |
1579 38, /* Code */ | |
1580 0, /* Vendor */ | |
1581 "Framed-AppleTalk-Network", /* Name */ | |
1582 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1583 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1584 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1585 }; | |
1586 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1587 } | |
1588 | |
1589 /* Framed-AppleTalk-Zone */ | |
1590 { | |
1591 /* | |
1592 The Framed-AppleTalk-Zone AVP (AVP Code 39) is of type OctetString | |
1593 and contains the AppleTalk Default Zone to be used for this user. | |
1594 This AVP MUST only be present in an authorization response. Multiple | |
1595 instances of this AVP in the same message are not allowed. | |
1596 | |
1597 The codification of this field's allowed range is outside the scope | |
1598 of this specification. | |
1599 */ | |
1600 dict_avp_data_t data = { | |
1601 39, /* Code */ | |
1602 0, /* Vendor */ | |
1603 "Framed-AppleTalk-Zone", /* Name */ | |
1604 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1605 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1606 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1607 }; | |
1608 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1609 } | |
1610 | |
1611 /*** AppleTalk Remote Access [RFC2869] ***/ | |
1612 | |
1613 /* ARAP-Features */ | |
1614 { | |
1615 /* | |
1616 The ARAP-Features AVP (AVP Code 71) is of type OctetString and MAY be | |
1617 present in the AA-Accept message if the Framed-Protocol AVP is set to | |
1618 the value of ARAP. See [RADIUSExt] for more information about the | |
1619 format of this AVP. | |
1620 */ | |
1621 dict_avp_data_t data = { | |
1622 71, /* Code */ | |
1623 0, /* Vendor */ | |
1624 "ARAP-Features", /* Name */ | |
1625 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1626 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1627 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1628 }; | |
1629 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1630 } | |
1631 | |
1632 /* ARAP-Zone-Access */ | |
1633 { | |
1634 /* | |
1635 The ARAP-Zone-Access AVP (AVP Code 72) is of type Enumerated and MAY | |
1636 be present in the AA-Accept message if the Framed-Protocol AVP is set | |
1637 to the value of ARAP. | |
1638 | |
1639 The supported values are listed in [RADIUSTypes] and defined in | |
1640 [RADIUSExt]. | |
1641 Sub-registry: Values for RADIUS Attribute 72, ARAP-Zone-Access | |
1642 Reference: [RFC2869] | |
1643 */ | |
1644 dict_object_t * type; | |
1645 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(ARAP-Zone-Access)" , NULL, NULL}; | |
1646 dict_type_enum_data_t tvals[] = { | |
1647 enum_val_def( 1, "Only allow access to default zone [RFC2869]"), | |
1648 enum_val_def( 2, "Use zone filter inclusively [RFC2869]"), | |
1649 enum_val_def( 3, "Not used [RFC2869]"), | |
1650 enum_val_def( 4, "Use zone filter exclusively [RFC2869]") | |
1651 }; | |
1652 dict_avp_data_t data = { | |
1653 72, /* Code */ | |
1654 0, /* Vendor */ | |
1655 "ARAP-Zone-Access", /* Name */ | |
1656 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1657 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1658 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1659 }; | |
1660 int i; | |
1661 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1662 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1663 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1664 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
1665 } | |
1666 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1667 } | |
1668 | |
1669 /*** Non-Framed Access Authorization AVPs ***/ | |
1670 | |
1671 /* Login-IP-Host */ | |
1672 { | |
1673 /* | |
1674 The Login-IP-Host AVP (AVP Code 14) [RADIUS] is of type OctetString | |
1675 and contains the IPv4 address of a host with which to connect the | |
1676 user when the Login-Service AVP is included. It MAY be used in an | |
1677 AA-Request command as a hint to the Diameter Server that a specific | |
1678 host is desired, but the Diameter Server is not required to honor the | |
1679 hint in the AA-Answer. | |
1680 | |
1681 Two addresses have special significance: all ones and 0. The value | |
1682 of all ones indicates that the NAS SHOULD allow the user to select an | |
1683 address. The value 0 indicates that the NAS SHOULD select a host to | |
1684 connect the user to. | |
1685 */ | |
1686 dict_avp_data_t data = { | |
1687 14, /* Code */ | |
1688 0, /* Vendor */ | |
1689 "Login-IP-Host", /* Name */ | |
1690 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1691 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1692 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1693 }; | |
1694 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1695 } | |
1696 | |
1697 /* Login-IPv6-Host */ | |
1698 { | |
1699 /* | |
1700 The Login-IPv6-Host AVP (AVP Code 98) [RADIUSIPv6] is of type | |
1701 OctetString and contains the IPv6 address of a host with which to | |
1702 connect the user when the Login-Service AVP is included. It MAY be | |
1703 used in an AA-Request command as a hint to the Diameter Server that a | |
1704 specific host is desired, but the Diameter Server is not required to | |
1705 honor the hint in the AA-Answer. | |
1706 | |
1707 Two addresses have special significance: | |
1708 | |
1709 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF and 0. The value | |
1710 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF indicates that the NAS SHOULD | |
1711 allow the user to select an address. The value 0 indicates that the | |
1712 NAS SHOULD select a host to connect the user to. | |
1713 | |
1714 */ | |
1715 dict_avp_data_t data = { | |
1716 98, /* Code */ | |
1717 0, /* Vendor */ | |
1718 "Login-IPv6-Host", /* Name */ | |
1719 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1720 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1721 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1722 }; | |
1723 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1724 } | |
1725 | |
1726 /* Login-Service */ | |
1727 { | |
1728 /* | |
1729 The Login-Service AVP (AVP Code 15) is of type Enumerated and | |
1730 contains the service that should be used to connect the user to the | |
1731 login host. This AVP SHOULD only be present in authorization | |
1732 responses. | |
1733 | |
1734 The supported values are listed in [RADIUSTypes]. | |
1735 Sub-registry: Values for RADIUS Attribute 15, Login-Service | |
1736 Reference: [RFC2865] | |
1737 */ | |
1738 dict_object_t * type; | |
1739 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Login-Service)" , NULL, NULL}; | |
1740 dict_type_enum_data_t tvals[] = { | |
1741 enum_val_def( 0, "Telnet"), | |
1742 enum_val_def( 1, "Rlogin"), | |
1743 enum_val_def( 2, "TCP Clear"), | |
1744 enum_val_def( 3, "PortMaster (proprietary)"), | |
1745 enum_val_def( 4, "LAT"), | |
1746 enum_val_def( 5, "X25-PAD"), | |
1747 enum_val_def( 6, "X25-T3POS"), | |
1748 enum_val_def( 8, "TCP Clear Quiet (suppresses any NAS-generated connect string)") | |
1749 }; | |
1750 dict_avp_data_t data = { | |
1751 15, /* Code */ | |
1752 0, /* Vendor */ | |
1753 "Login-Service", /* Name */ | |
1754 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1755 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1756 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1757 }; | |
1758 int i; | |
1759 /* Create the Enumerated type, enumerated values, and the AVP */ | |
1760 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
1761 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
1762 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
1763 } | |
1764 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
1765 } | |
1766 | |
1767 /*** TCP Services ***/ | |
1768 | |
1769 /* Login-TCP-Port */ | |
1770 { | |
1771 /* | |
1772 The Login-TCP-Port AVP (AVP Code 16) is of type Unsigned32 and | |
1773 contains the TCP port with which the user is to be connected when the | |
1774 Login-Service AVP is also present. This AVP SHOULD only be present | |
1775 in authorization responses. The value MUST NOT be greater than | |
1776 65,535. | |
1777 */ | |
1778 dict_avp_data_t data = { | |
1779 16, /* Code */ | |
1780 0, /* Vendor */ | |
1781 "Login-TCP-Port", /* Name */ | |
1782 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1783 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1784 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
1785 }; | |
1786 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1787 } | |
1788 | |
1789 /*** LAT Services ***/ | |
1790 | |
1791 /* Login-LAT-Service */ | |
1792 { | |
1793 /* | |
1794 The Login-LAT-Service AVP (AVP Code 34) is of type OctetString and | |
1795 contains the system with which the user is to be connected by LAT. | |
1796 It MAY be used in an authorization request as a hint to the server | |
1797 that a specific service is desired, but the server is not required to | |
1798 honor the hint in the corresponding response. This AVP MUST only be | |
1799 present in the response if the Login-Service AVP states that LAT is | |
1800 desired. | |
1801 | |
1802 Administrators use this service attribute when dealing with clustered | |
1803 systems, such as a VAX or Alpha cluster. In these environments, | |
1804 several different time-sharing hosts share the same resources (disks, | |
1805 printers, etc.), and administrators often configure each host to | |
1806 offer access (service) to each of the shared resources. In this | |
1807 case, each host in the cluster advertises its services through LAT | |
1808 broadcasts. | |
1809 | |
1810 Sophisticated users often know which service providers (machines) are | |
1811 faster and tend to use a node name when initiating a LAT connection. | |
1812 Some administrators want particular users to use certain machines as | |
1813 a primitive form of load balancing (although LAT knows how to do load | |
1814 balancing itself). | |
1815 | |
1816 The String field contains the identity of the LAT service to use. | |
1817 The LAT Architecture allows this string to contain $ (dollar), - | |
1818 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase | |
1819 alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. | |
1820 All LAT string comparisons are case insensitive. | |
1821 */ | |
1822 dict_avp_data_t data = { | |
1823 34, /* Code */ | |
1824 0, /* Vendor */ | |
1825 "Login-LAT-Service", /* Name */ | |
1826 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1827 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1828 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1829 }; | |
1830 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1831 } | |
1832 | |
1833 /* Login-LAT-Node */ | |
1834 { | |
1835 /* | |
1836 The Login-LAT-Node AVP (AVP Code 35) is of type OctetString and | |
1837 contains the Node with which the user is to be automatically | |
1838 connected by LAT. It MAY be used in an authorization request as a | |
1839 hint to the server that a specific LAT node is desired, but the | |
1840 server is not required to honor the hint in the corresponding | |
1841 response. This AVP MUST only be present in a response if the Login- | |
1842 Service-Type AVP is set to LAT. | |
1843 | |
1844 The String field contains the identity of the LAT service to use. | |
1845 The LAT Architecture allows this string to contain $ (dollar), - | |
1846 (hyphen), . (period), _ (underscore), numerics, upper- and lowercase | |
1847 alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. | |
1848 All LAT string comparisons are case insensitive. | |
1849 */ | |
1850 dict_avp_data_t data = { | |
1851 35, /* Code */ | |
1852 0, /* Vendor */ | |
1853 "Login-LAT-Node", /* Name */ | |
1854 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1855 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1856 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1857 }; | |
1858 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1859 } | |
1860 | |
1861 /* Login-LAT-Group */ | |
1862 { | |
1863 /* | |
1864 The Login-LAT-Group AVP (AVP Code 36) is of type OctetString and | |
1865 contains a string identifying the LAT group codes this user is | |
1866 authorized to use. It MAY be used in an authorization request as a | |
1867 hint to the server that a specific group is desired, but the server | |
1868 is not required to honor the hint in the corresponding response. | |
1869 This AVP MUST only be present in a response if the Login-Service-Type | |
1870 AVP is set to LAT. | |
1871 | |
1872 LAT supports 256 different group codes, which LAT uses as a form of | |
1873 access rights. LAT encodes the group codes as a 256-bit bitmap. | |
1874 | |
1875 Administrators can assign one or more of the group code bits at the | |
1876 LAT service provider; it will only accept LAT connections that have | |
1877 these group codes set in the bitmap. The administrators assign a | |
1878 bitmap of authorized group codes to each user. LAT gets these from | |
1879 the operating system and uses them in its requests to the service | |
1880 providers. | |
1881 | |
1882 The codification of the range of allowed usage of this field is | |
1883 outside the scope of this specification. | |
1884 */ | |
1885 dict_avp_data_t data = { | |
1886 36, /* Code */ | |
1887 0, /* Vendor */ | |
1888 "Login-LAT-Group", /* Name */ | |
1889 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1890 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1891 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1892 }; | |
1893 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1894 } | |
1895 | |
1896 /* Login-LAT-Port */ | |
1897 { | |
1898 /* | |
1899 The Login-LAT-Port AVP (AVP Code 63) is of type OctetString and | |
1900 contains the Port with which the user is to be connected by LAT. It | |
1901 MAY be used in an authorization request as a hint to the server that | |
1902 a specific port is desired, but the server is not required to honor | |
1903 the hint in the corresponding response. This AVP MUST only be | |
1904 present in a response if the Login-Service-Type AVP is set to LAT. | |
1905 | |
1906 The String field contains the identity of the LAT service to use. | |
1907 The LAT Architecture allows this string to contain $ (dollar), - | |
1908 (hyphen), . (period), _ (underscore), numerics, upper- and lower-case | |
1909 alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. | |
1910 All LAT string comparisons are case insensitive. | |
1911 */ | |
1912 dict_avp_data_t data = { | |
1913 63, /* Code */ | |
1914 0, /* Vendor */ | |
1915 "Login-LAT-Port", /* Name */ | |
1916 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1917 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1918 AVP_TYPE_OCTETSTRING /* base type of data */ | |
1919 }; | |
1920 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
1921 } | |
1922 | |
1923 /******************************** | |
1924 * NAS Tunneling AVPs * | |
1925 ********************************/ | |
1926 /* Tunneling */ | |
1927 { | |
1928 /* | |
1929 The Tunneling AVP (AVP Code 401) is of type Grouped and contains the | |
1930 following AVPs, used to describe a compulsory tunnel service: | |
1931 [RADTunnels], [RADTunlAcct]. Its data field has the following ABNF | |
1932 grammar: | |
1933 | |
1934 Tunneling ::= < AVP Header: 401 > | |
1935 { Tunnel-Type } | |
1936 { Tunnel-Medium-Type } | |
1937 { Tunnel-Client-Endpoint } | |
1938 { Tunnel-Server-Endpoint } | |
1939 [ Tunnel-Preference ] | |
1940 [ Tunnel-Client-Auth-Id ] | |
1941 [ Tunnel-Server-Auth-Id ] | |
1942 [ Tunnel-Assignment-Id ] | |
1943 [ Tunnel-Password ] | |
1944 [ Tunnel-Private-Group-Id ] | |
1945 */ | |
1946 dict_object_t * Tunneling_avp; | |
1947 dict_object_t * Tunnel_Type_avp; | |
1948 dict_object_t * Tunnel_Medium_Type_avp; | |
1949 dict_object_t * Tunnel_Client_Endpoint_avp; | |
1950 dict_object_t * Tunnel_Server_Endpoint_avp; | |
1951 dict_object_t * Tunnel_Preference_avp; | |
1952 dict_object_t * Tunnel_Client_Auth_Id_avp; | |
1953 dict_object_t * Tunnel_Server_Auth_Id_avp; | |
1954 dict_object_t * Tunnel_Assignment_Id_avp; | |
1955 dict_object_t * Tunnel_Password_avp; | |
1956 dict_object_t * Tunnel_Private_Group_Id_avp; | |
1957 | |
1958 dict_avp_data_t data = { | |
1959 401, /* Code */ | |
1960 0, /* Vendor */ | |
1961 "Tunneling", /* Name */ | |
1962 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
1963 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
1964 AVP_TYPE_GROUPED /* base type of data */ | |
1965 }; | |
1966 CHECK_dict_new( DICT_AVP, &data , NULL, &Tunneling_avp); | |
1967 | |
1968 /* Tunnel-Type */ | |
1969 { | |
1970 /* | |
1971 The Tunnel-Type AVP (AVP Code 64) is of type Enumerated and contains | |
1972 the tunneling protocol(s) to be used (in the case of a tunnel | |
1973 initiator) or in use (in the case of a tunnel terminator). It MAY be | |
1974 used in an authorization request as a hint to the server that a | |
1975 specific tunnel type is desired, but the server is not required to | |
1976 honor the hint in the corresponding response. | |
1977 | |
1978 The Tunnel-Type AVP SHOULD also be included in Accounting-Request | |
1979 messages. | |
1980 | |
1981 A tunnel initiator is not required to implement any of these tunnel | |
1982 types. If a tunnel initiator receives a response that contains only | |
1983 unknown or unsupported Tunnel-Types, the tunnel initiator MUST behave | |
1984 as though a response were received with the Result-Code indicating a | |
1985 failure. | |
1986 | |
1987 The supported values are listed in [RADIUSTypes]. | |
1988 Sub-registry: Values for RADIUS Attribute 64, Tunnel-Type | |
1989 Reference: [RFC2868] | |
1990 */ | |
1991 dict_object_t * type; | |
1992 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Type)" , NULL, NULL}; | |
1993 dict_type_enum_data_t tvals[] = { | |
1994 enum_val_def( 1, "Point-to-Point Tunneling Protocol (PPTP) [RFC2868]"), | |
1995 enum_val_def( 2, "Layer Two Forwarding (L2F) [RFC2868]"), | |
1996 enum_val_def( 3, "Layer Two Tunneling Protocol (L2TP) [RFC2868]"), | |
1997 enum_val_def( 4, "Ascend Tunnel Management Protocol (ATMP) [RFC2868]"), | |
1998 enum_val_def( 5, "Virtual Tunneling Protocol (VTP) [RFC2868]"), | |
1999 enum_val_def( 6, "IP Authentication Header in the Tunnel-mode (AH) [RFC2868]"), | |
2000 enum_val_def( 7, "IP-in-IP Encapsulation (IP-IP) [RFC2868]"), | |
2001 enum_val_def( 8, "Minimal IP-in-IP Encapsulation (MIN-IP-IP) [RFC2868]"), | |
2002 enum_val_def( 9, "IP Encapsulating Security Payload in the Tunnel-mode (ESP) [RFC2868]"), | |
2003 enum_val_def(10, "Generic Route Encapsulation (GRE) [RFC2868]"), | |
2004 enum_val_def(11, "Bay Dial Virtual Services (DVS) [RFC2868]"), | |
2005 enum_val_def(12, "IP-in-IP Tunneling [RFC2868]"), | |
2006 enum_val_def(13, "Virtual LANs (VLAN) [RFC3580]") | |
2007 }; | |
2008 dict_avp_data_t adata = { | |
2009 64, /* Code */ | |
2010 0, /* Vendor */ | |
2011 "Tunnel-Type", /* Name */ | |
2012 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2013 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2014 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2015 }; | |
2016 int i; | |
2017 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2018 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2019 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
2020 } | |
2021 CHECK_dict_new( DICT_AVP, &adata , type, &Tunnel_Type_avp); | |
2022 } | |
2023 | |
2024 /* Tunnel-Medium-Type */ | |
2025 { | |
2026 /* | |
2027 The Tunnel-Medium-Type AVP (AVP Code 65) is of type Enumerated and | |
2028 contains the transport medium to use when creating a tunnel for | |
2029 protocols (such as L2TP) that can operate over multiple transports. | |
2030 It MAY be used in an authorization request as a hint to the server | |
2031 that a specific medium is desired, but the server is not required to | |
2032 honor the hint in the corresponding response. | |
2033 | |
2034 The supported values are listed in [RADIUSTypes]. | |
2035 Sub-registry: Values for RADIUS Attribute 65, Tunnel-Medium-Type | |
2036 Reference: [RFC2868] | |
2037 */ | |
2038 dict_object_t * type; | |
2039 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Medium-Type)" , NULL, NULL}; | |
2040 dict_type_enum_data_t tvals[] = { | |
2041 enum_val_def( 1, "IPv4 (IP version 4) [RFC2868]"), | |
2042 enum_val_def( 2, "IPv6 (IP version 6) [RFC2868]"), | |
2043 enum_val_def( 3, "NSAP [RFC2868]"), | |
2044 enum_val_def( 4, "HDLC (8-bit multidrop) [RFC2868]"), | |
2045 enum_val_def( 5, "BBN 1822 [RFC2868]"), | |
2046 enum_val_def( 6, "802 (includes all 802 media plus Ethernet \"canonical format\") [RFC2868]"), | |
2047 enum_val_def( 7, "E.163 (POTS) [RFC2868]"), | |
2048 enum_val_def( 8, "E.164 (SMDS, Frame Relay, ATM) [RFC2868]"), | |
2049 enum_val_def( 9, "F.69 (Telex) [RFC2868]"), | |
2050 enum_val_def(10, "X.121 (X.25, Frame Relay) [RFC2868]"), | |
2051 enum_val_def(11, "IPX [RFC2868]"), | |
2052 enum_val_def(12, "Appletalk [RFC2868]"), | |
2053 enum_val_def(13, "Decnet IV [RFC2868]"), | |
2054 enum_val_def(14, "Banyan Vines [RFC2868]"), | |
2055 enum_val_def(15, "E.164 with NSAP format subaddress [RFC2868]") | |
2056 }; | |
2057 dict_avp_data_t adata = { | |
2058 65, /* Code */ | |
2059 0, /* Vendor */ | |
2060 "Tunnel-Medium-Type", /* Name */ | |
2061 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2062 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2063 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2064 }; | |
2065 int i; | |
2066 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2067 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2068 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
2069 } | |
2070 CHECK_dict_new( DICT_AVP, &adata , type, &Tunnel_Medium_Type_avp); | |
2071 } | |
2072 | |
2073 /* Tunnel-Client-Endpoint */ | |
2074 { | |
2075 /* | |
2076 The Tunnel-Client-Endpoint AVP (AVP Code 66) is of type UTF8String | |
2077 and contains the address of the initiator end of the tunnel. It MAY | |
2078 be used in an authorization request as a hint to the server that a | |
2079 specific endpoint is desired, but the server is not required to honor | |
2080 the hint in the corresponding response. | |
2081 | |
2082 This AVP SHOULD be included in the corresponding Accounting-Request | |
2083 messages, in which case it indicates the address from which the | |
2084 tunnel was initiated. This AVP, along with the Tunnel-Server- | |
2085 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally | |
2086 unique means to identify a tunnel for accounting and auditing | |
2087 purposes. | |
2088 | |
2089 If Tunnel-Medium-Type is IPv4 (1), then this string is either the | |
2090 fully qualified domain name (FQDN) of the tunnel client machine, or a | |
2091 "dotted-decimal" IP address. Implementations MUST support the | |
2092 dotted-decimal format and SHOULD support the FQDN format for IP | |
2093 addresses. | |
2094 | |
2095 If Tunnel-Medium-Type is IPv6 (2), then this string is either the | |
2096 FQDN of the tunnel client machine, or a text representation of the | |
2097 address in either the preferred or alternate form [IPv6Addr]. | |
2098 Conforming implementations MUST support the preferred form and SHOULD | |
2099 support both the alternate text form and the FQDN format for IPv6 | |
2100 addresses. | |
2101 | |
2102 If Tunnel-Medium-Type is neither IPv4 nor IPv6, then this string is a | |
2103 tag referring to configuration data local to the Diameter client that | |
2104 describes the interface or medium-specific client address to use. | |
2105 */ | |
2106 dict_avp_data_t adata = { | |
2107 66, /* Code */ | |
2108 0, /* Vendor */ | |
2109 "Tunnel-Client-Endpoint", /* Name */ | |
2110 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2111 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2112 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2113 }; | |
2114 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Client_Endpoint_avp); | |
2115 } | |
2116 | |
2117 /* Tunnel-Server-Endpoint */ | |
2118 { | |
2119 /* | |
2120 The Tunnel-Server-Endpoint AVP (AVP Code 67) is of type UTF8String | |
2121 and contains the address of the server end of the tunnel. It MAY be | |
2122 used in an authorization request as a hint to the server that a | |
2123 specific endpoint is desired, but the server is not required to honor | |
2124 the hint in the corresponding response. | |
2125 | |
2126 This AVP SHOULD be included in the corresponding Accounting-Request | |
2127 messages, in which case it indicates the address from which the | |
2128 tunnel was initiated. This AVP, along with the Tunnel-Client- | |
2129 Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally | |
2130 unique means to identify a tunnel for accounting and auditing | |
2131 purposes. | |
2132 | |
2133 If Tunnel-Medium-Type is IPv4 (1), then this string is either the | |
2134 fully qualified domain name (FQDN) of the tunnel server machine, or a | |
2135 "dotted-decimal" IP address. Implementations MUST support the | |
2136 dotted-decimal format and SHOULD support the FQDN format for IP | |
2137 addresses. | |
2138 | |
2139 If Tunnel-Medium-Type is IPv6 (2), then this string is either the | |
2140 FQDN of the tunnel server machine, or a text representation of the | |
2141 address in either the preferred or alternate form [IPv6Addr]. | |
2142 Implementations MUST support the preferred form and SHOULD support | |
2143 both the alternate text form and the FQDN format for IPv6 addresses. | |
2144 | |
2145 If Tunnel-Medium-Type is not IPv4 or IPv6, this string is a tag | |
2146 referring to configuration data local to the Diameter client that | |
2147 describes the interface or medium-specific server address to use. | |
2148 */ | |
2149 dict_avp_data_t adata = { | |
2150 67, /* Code */ | |
2151 0, /* Vendor */ | |
2152 "Tunnel-Server-Endpoint", /* Name */ | |
2153 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2154 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2155 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2156 }; | |
2157 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Server_Endpoint_avp); | |
2158 } | |
2159 | |
2160 /* Tunnel-Password */ | |
2161 { | |
2162 /* | |
2163 The Tunnel-Password AVP (AVP Code 69) is of type OctetString and may | |
2164 contain a password to be used to authenticate to a remote server. | |
2165 The Tunnel-Password AVP contains sensitive information. This value | |
2166 is not protected in the same manner as RADIUS [RADTunnels]. | |
2167 | |
2168 As required in [BASE], Diameter messages are encrypted by using IPsec | |
2169 or TLS. The Tunnel-Password AVP SHOULD NOT be used in untrusted | |
2170 proxy environments without encrypting it by using end-to-end security | |
2171 techniques, such as CMS Security [DiamCMS]. | |
2172 */ | |
2173 dict_avp_data_t adata = { | |
2174 69, /* Code */ | |
2175 0, /* Vendor */ | |
2176 "Tunnel-Password", /* Name */ | |
2177 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2178 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2179 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2180 }; | |
2181 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Password_avp); | |
2182 } | |
2183 | |
2184 /* Tunnel-Private-Group-Id */ | |
2185 { | |
2186 /* | |
2187 The Tunnel-Private-Group-Id AVP (AVP Code 81) is of type OctetString | |
2188 and contains the group Id for a particular tunneled session. The | |
2189 Tunnel-Private-Group-Id AVP MAY be included in an authorization | |
2190 request if the tunnel initiator can predetermine the group resulting | |
2191 from a particular connection. It SHOULD be included in the | |
2192 authorization response if this tunnel session is to be treated as | |
2193 belonging to a particular private group. Private groups may be used | |
2194 to associate a tunneled session with a particular group of users. | |
2195 For example, it MAY be used to facilitate routing of unregistered IP | |
2196 addresses through a particular interface. This AVP SHOULD be | |
2197 included in the Accounting-Request messages that pertain to the | |
2198 tunneled session. | |
2199 */ | |
2200 dict_avp_data_t adata = { | |
2201 81, /* Code */ | |
2202 0, /* Vendor */ | |
2203 "Tunnel-Private-Group-Id", /* Name */ | |
2204 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2205 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2206 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2207 }; | |
2208 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Private_Group_Id_avp); | |
2209 } | |
2210 | |
2211 /* Tunnel-Assignment-Id */ | |
2212 { | |
2213 /* | |
2214 The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and | |
2215 is used to indicate to the tunnel initiator the particular tunnel to | |
2216 which a session is to be assigned. Some tunneling protocols, such as | |
2217 [PPTP] and [L2TP], allow for sessions between the same two tunnel | |
2218 endpoints to be multiplexed over the same tunnel and also for a given | |
2219 session to use its own dedicated tunnel. This attribute provides a | |
2220 mechanism for Diameter to inform the tunnel initiator (e.g., PAC, | |
2221 LAC) whether to assign the session to a multiplexed tunnel or to a | |
2222 separate tunnel. Furthermore, it allows for sessions sharing | |
2223 multiplexed tunnels to be assigned to different multiplexed tunnels. | |
2224 | |
2225 A particular tunneling implementation may assign differing | |
2226 characteristics to particular tunnels. For example, different | |
2227 tunnels may be assigned different QoS parameters. Such tunnels may | |
2228 be used to carry either individual or multiple sessions. The | |
2229 Tunnel-Assignment-Id attribute thus allows the Diameter server to | |
2230 indicate that a particular session is to be assigned to a tunnel | |
2231 providing an appropriate level of service. It is expected that any | |
2232 QoS-related Diameter tunneling attributes defined in the future | |
2233 accompanying this one will be associated by the tunnel initiator with | |
2234 the Id given by this attribute. In the meantime, any semantic given | |
2235 to a particular Id string is a matter left to local configuration in | |
2236 the tunnel initiator. | |
2237 | |
2238 The Tunnel-Assignment-Id AVP is of significance only to Diameter and | |
2239 the tunnel initiator. The Id it specifies is only intended to be of | |
2240 local use to Diameter and the tunnel initiator. The Id assigned by | |
2241 the tunnel initiator is not conveyed to the tunnel peer. | |
2242 | |
2243 This attribute MAY be included in authorization responses. The | |
2244 tunnel initiator receiving this attribute MAY choose to ignore it and | |
2245 to assign the session to an arbitrary multiplexed or non-multiplexed | |
2246 tunnel between the desired endpoints. This AVP SHOULD also be | |
2247 included in the Accounting-Request messages pertaining to the | |
2248 tunneled session. | |
2249 | |
2250 If a tunnel initiator supports the Tunnel-Assignment-Id AVP, then it | |
2251 should assign a session to a tunnel in the following manner: | |
2252 | |
2253 - If this AVP is present and a tunnel exists between the | |
2254 specified endpoints with the specified Id, then the session | |
2255 should be assigned to that tunnel. | |
2256 | |
2257 - If this AVP is present and no tunnel exists between the | |
2258 specified endpoints with the specified Id, then a new tunnel | |
2259 should be established for the session and the specified Id | |
2260 should be associated with the new tunnel. | |
2261 | |
2262 - If this AVP is not present, then the session is assigned to an | |
2263 unnamed tunnel. If an unnamed tunnel does not yet exist | |
2264 between the specified endpoints, then it is established and | |
2265 used for this session and for subsequent ones established | |
2266 without the Tunnel-Assignment-Id attribute. A tunnel initiator | |
2267 MUST NOT assign a session for which a Tunnel-Assignment-Id AVP | |
2268 was not specified to a named tunnel (i.e., one that was | |
2269 initiated by a session specifying this AVP). | |
2270 | |
2271 Note that the same Id may be used to name different tunnels if these | |
2272 tunnels are between different endpoints. | |
2273 | |
2274 */ | |
2275 dict_avp_data_t adata = { | |
2276 82, /* Code */ | |
2277 0, /* Vendor */ | |
2278 "Tunnel-Assignment-Id", /* Name */ | |
2279 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2280 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2281 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2282 }; | |
2283 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Assignment_Id_avp); | |
2284 } | |
2285 | |
2286 /* Tunnel-Preference */ | |
2287 { | |
2288 /* | |
2289 The Tunnel-Preference AVP (AVP Code 83) is of type Unsigned32 and is | |
2290 used to identify the relative preference assigned to each tunnel when | |
2291 more than one set of tunneling AVPs is returned within separate | |
2292 Grouped-AVP AVPs. It MAY be used in an authorization request as a | |
2293 hint to the server that a specific preference is desired, but the | |
2294 server is not required to honor the hint in the corresponding | |
2295 response. | |
2296 | |
2297 For example, suppose that AVPs describing two tunnels are returned by | |
2298 the server, one with a Tunnel-Type of PPTP and the other with a | |
2299 Tunnel-Type of L2TP. If the tunnel initiator supports only one of | |
2300 the Tunnel-Types returned, it will initiate a tunnel of that type. | |
2301 If, however, it supports both tunnel protocols, it SHOULD use the | |
2302 value of the Tunnel-Preference AVP to decide which tunnel should be | |
2303 started. The tunnel with the lowest numerical value in the Value | |
2304 field of this AVP SHOULD be given the highest preference. The values | |
2305 assigned to two or more instances of the Tunnel-Preference AVP within | |
2306 a given authorization response MAY be identical. In this case, the | |
2307 tunnel initiator SHOULD use locally configured metrics to decide | |
2308 which set of AVPs to use. | |
2309 */ | |
2310 dict_avp_data_t adata = { | |
2311 83, /* Code */ | |
2312 0, /* Vendor */ | |
2313 "Tunnel-Preference", /* Name */ | |
2314 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2315 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2316 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2317 }; | |
2318 CHECK_dict_new( DICT_AVP, &adata , NULL, &Tunnel_Preference_avp); | |
2319 } | |
2320 | |
2321 /* Tunnel-Client-Auth-Id */ | |
2322 { | |
2323 /* | |
2324 The Tunnel-Client-Auth-Id AVP (AVP Code 90) is of type UTF8String and | |
2325 specifies the name used by the tunnel initiator during the | |
2326 authentication phase of tunnel establishment. It MAY be used in an | |
2327 authorization request as a hint to the server that a specific | |
2328 preference is desired, but the server is not required to honor the | |
2329 hint in the corresponding response. This AVP MUST be present in the | |
2330 authorization response if an authentication name other than the | |
2331 default is desired. This AVP SHOULD be included in the Accounting- | |
2332 Request messages pertaining to the tunneled session. | |
2333 */ | |
2334 dict_avp_data_t adata = { | |
2335 90, /* Code */ | |
2336 0, /* Vendor */ | |
2337 "Tunnel-Client-Auth-Id", /* Name */ | |
2338 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2339 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2340 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2341 }; | |
2342 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Client_Auth_Id_avp); | |
2343 } | |
2344 | |
2345 /* Tunnel-Server-Auth-Id */ | |
2346 { | |
2347 /* | |
2348 The Tunnel-Server-Auth-Id AVP (AVP Code 91) is of type UTF8String and | |
2349 specifies the name used by the tunnel terminator during the | |
2350 authentication phase of tunnel establishment. It MAY be used in an | |
2351 authorization request as a hint to the server that a specific | |
2352 preference is desired, but the server is not required to honor the | |
2353 hint in the corresponding response. This AVP MUST be present in the | |
2354 authorization response if an authentication name other than the | |
2355 default is desired. This AVP SHOULD be included in the Accounting- | |
2356 Request messages pertaining to the tunneled session. | |
2357 */ | |
2358 dict_avp_data_t adata = { | |
2359 91, /* Code */ | |
2360 0, /* Vendor */ | |
2361 "Tunnel-Server-Auth-Id", /* Name */ | |
2362 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2363 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2364 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2365 }; | |
2366 CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, &Tunnel_Server_Auth_Id_avp); | |
2367 } | |
2368 | |
2369 /* Now create the rules for the Tunneling AVP */ | |
2370 { | |
2371 dict_rule_data_t rule_data = { NULL, RULE_REQUIRED, 1, 0, 1, 1 }; | |
2372 | |
2373 rule_data.rule_avp = Tunnel_Type_avp; | |
2374 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2375 | |
2376 rule_data.rule_avp = Tunnel_Medium_Type_avp; | |
2377 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2378 | |
2379 rule_data.rule_avp = Tunnel_Client_Endpoint_avp; | |
2380 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2381 | |
2382 rule_data.rule_avp = Tunnel_Server_Endpoint_avp; | |
2383 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2384 | |
2385 rule_data.rule_position = RULE_OPTIONAL; | |
2386 rule_data.rule_avp = Tunnel_Preference_avp; | |
2387 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2388 | |
2389 rule_data.rule_avp = Tunnel_Client_Auth_Id_avp; | |
2390 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2391 | |
2392 rule_data.rule_avp = Tunnel_Server_Auth_Id_avp; | |
2393 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2394 | |
2395 rule_data.rule_avp = Tunnel_Assignment_Id_avp; | |
2396 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2397 | |
2398 rule_data.rule_avp = Tunnel_Password_avp; | |
2399 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2400 | |
2401 rule_data.rule_avp = Tunnel_Private_Group_Id_avp; | |
2402 CHECK_dict_new( DICT_RULE, &rule_data, Tunneling_avp, NULL); | |
2403 } | |
2404 } | |
2405 | |
2406 /******************************** | |
2407 * NAS Accounting AVPs * | |
2408 ********************************/ | |
2409 /* Accounting-Input-Octets */ | |
2410 { | |
2411 /* | |
2412 The Accounting-Input-Octets AVP (AVP Code 363) is of type Unsigned64 | |
2413 and contains the number of octets received from the user. | |
2414 | |
2415 For NAS usage, this AVP indicates how many octets have been received | |
2416 from the port in the course of this session. It can only be present | |
2417 in ACR messages with an Accounting-Record-Type of INTERIM_RECORD or | |
2418 STOP_RECORD. | |
2419 */ | |
2420 dict_avp_data_t data = { | |
2421 363, /* Code */ | |
2422 0, /* Vendor */ | |
2423 "Accounting-Input-Octets", /* Name */ | |
2424 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2425 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2426 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2427 }; | |
2428 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2429 } | |
2430 | |
2431 /* Accounting-Output-Octets */ | |
2432 { | |
2433 /* | |
2434 The Accounting-Output-Octets AVP (AVP Code 364) is of type Unsigned64 | |
2435 and contains the number of octets sent to the user. | |
2436 | |
2437 For NAS usage, this AVP indicates how many octets have been sent to | |
2438 the port in the course of this session. It can only be present in | |
2439 ACR messages with an Accounting-Record-Type of INTERIM_RECORD or | |
2440 STOP_RECORD. | |
2441 */ | |
2442 dict_avp_data_t data = { | |
2443 364, /* Code */ | |
2444 0, /* Vendor */ | |
2445 "Accounting-Output-Octets", /* Name */ | |
2446 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2447 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2448 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2449 }; | |
2450 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2451 } | |
2452 | |
2453 /* Accounting-Input-Packets */ | |
2454 { | |
2455 /* | |
2456 The Accounting-Input-Packets (AVP Code 365) is of type Unsigned64 and | |
2457 contains the number of packets received from the user. | |
2458 | |
2459 For NAS usage, this AVP indicates how many packets have been received | |
2460 from the port over the course of a session being provided to a Framed | |
2461 User. It can only be present in ACR messages with an Accounting- | |
2462 Record-Type of INTERIM_RECORD or STOP_RECORD. | |
2463 */ | |
2464 dict_avp_data_t data = { | |
2465 365, /* Code */ | |
2466 0, /* Vendor */ | |
2467 "Accounting-Input-Packets", /* Name */ | |
2468 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2469 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2470 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2471 }; | |
2472 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2473 } | |
2474 | |
2475 /* Accounting-Output-Packets */ | |
2476 { | |
2477 /* | |
2478 The Accounting-Output-Packets (AVP Code 366) is of type Unsigned64 | |
2479 and contains the number of IP packets sent to the user. | |
2480 | |
2481 For NAS usage, this AVP indicates how many packets have been sent to | |
2482 the port over the course of a session being provided to a Framed | |
2483 User. It can only be present in ACR messages with an Accounting- | |
2484 Record-Type of INTERIM_RECORD or STOP_RECORD. | |
2485 */ | |
2486 dict_avp_data_t data = { | |
2487 366, /* Code */ | |
2488 0, /* Vendor */ | |
2489 "Accounting-Output-Packets", /* Name */ | |
2490 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2491 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2492 AVP_TYPE_UNSIGNED64 /* base type of data */ | |
2493 }; | |
2494 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2495 } | |
2496 | |
2497 /* Acct-Session-Time */ | |
2498 { | |
2499 /* | |
2500 The Acct-Session-Time AVP (AVP Code 46) is of type Unsigned32 and | |
2501 indicates the length of the current session in seconds. It can only | |
2502 be present in ACR messages with an Accounting-Record-Type of | |
2503 INTERIM_RECORD or STOP_RECORD. | |
2504 */ | |
2505 dict_avp_data_t data = { | |
2506 46, /* Code */ | |
2507 0, /* Vendor */ | |
2508 "Acct-Session-Time", /* Name */ | |
2509 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2510 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2511 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2512 }; | |
2513 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2514 } | |
2515 | |
2516 /* Acct-Authentic */ | |
2517 { | |
2518 /* | |
2519 The Acct-Authentic AVP (AVP Code 45) is of type Enumerated and | |
2520 specifies how the user was authenticated. The supported values are | |
2521 listed in [RADIUSTypes]. | |
2522 Sub-registry: Values for RADIUS Attribute 45, Acct-Authentic | |
2523 Reference: [RFC2866] | |
2524 */ | |
2525 dict_object_t * type; | |
2526 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Acct-Authentic)" , NULL, NULL}; | |
2527 dict_type_enum_data_t tvals[] = { | |
2528 enum_val_def( 1, "RADIUS"), | |
2529 enum_val_def( 2, "Local"), | |
2530 enum_val_def( 3, "Remote"), | |
2531 enum_val_def( 4, "Diameter") | |
2532 }; | |
2533 dict_avp_data_t data = { | |
2534 45, /* Code */ | |
2535 0, /* Vendor */ | |
2536 "Acct-Authentic", /* Name */ | |
2537 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2538 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2539 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2540 }; | |
2541 int i; | |
2542 /* Create the Enumerated type, enumerated values, and the AVP */ | |
2543 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2544 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2545 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
2546 } | |
2547 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
2548 } | |
2549 | |
2550 /* Accounting-Auth-Method */ | |
2551 { | |
2552 /* | |
2553 The Accounting-Auth-Method AVP (AVP Code 406) is of type Enumerated. | |
2554 A NAS MAY include this AVP in an Accounting-Request message to | |
2555 indicate the method used to authenticate the user. (Note that this | |
2556 is equivalent to the RADIUS MS-Acct-Auth-Type VSA attribute). | |
2557 | |
2558 The following values are defined: | |
2559 | |
2560 1 PAP | |
2561 2 CHAP | |
2562 3 MS-CHAP-1 | |
2563 4 MS-CHAP-2 | |
2564 5 EAP | |
2565 7 None | |
2566 */ | |
2567 dict_object_t * type; | |
2568 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Accounting-Auth-Method)" , NULL, NULL}; | |
2569 dict_type_enum_data_t tvals[] = { | |
2570 enum_val_def( 1, "PAP"), | |
2571 enum_val_def( 2, "CHAP"), | |
2572 enum_val_def( 3, "MS-CHAP-1"), | |
2573 enum_val_def( 4, "MS-CHAP-2"), | |
2574 enum_val_def( 5, "EAP"), | |
2575 enum_val_def( 7, "None") | |
2576 }; | |
2577 dict_avp_data_t data = { | |
2578 406, /* Code */ | |
2579 0, /* Vendor */ | |
2580 "Accounting-Auth-Method", /* Name */ | |
2581 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2582 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2583 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2584 }; | |
2585 int i; | |
2586 /* Create the Enumerated type, enumerated values, and the AVP */ | |
2587 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2588 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2589 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
2590 } | |
2591 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
2592 } | |
2593 | |
2594 /* Acct-Delay-Time */ | |
2595 { | |
2596 /* | |
2597 The Acct-Delay-Time AVP (AVP Code 41) is of type Unsigned32 and | |
2598 indicates the number of seconds the Diameter client has been trying | |
2599 to send the Accounting-Request (ACR). The accounting server may | |
2600 subtract this value from the time when the ACR arrives at the server | |
2601 to calculate the approximate time of the event that caused the ACR to | |
2602 be generated. | |
2603 | |
2604 This AVP is not used for retransmissions at the transport level (TCP | |
2605 or SCTP). Rather, it may be used when an ACR command cannot be | |
2606 transmitted because there is no appropriate peer to transmit it to or | |
2607 was rejected because it could not be delivered. In these cases, the | |
2608 command MAY be buffered and transmitted later, when an appropriate | |
2609 peer-connection is available or after sufficient time has passed that | |
2610 the destination-host may be reachable and operational. If the ACR is | |
2611 resent in this way, the Acct-Delay-Time AVP SHOULD be included. The | |
2612 value of this AVP indicates the number of seconds that elapsed | |
2613 between the time of the first attempt at transmission and the current | |
2614 attempt. | |
2615 */ | |
2616 dict_avp_data_t data = { | |
2617 41, /* Code */ | |
2618 0, /* Vendor */ | |
2619 "Acct-Delay-Time", /* Name */ | |
2620 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2621 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2622 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2623 }; | |
2624 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2625 } | |
2626 | |
2627 /* Acct-Link-Count */ | |
2628 { | |
2629 /* | |
2630 The Acct-Link-Count AVP (AVP Code 51) is of type Unsigned32 and | |
2631 indicates the total number of links that have been active (current or | |
2632 closed) in a given multilink session at the time the accounting | |
2633 record is generated. This AVP MAY be included in Accounting-Requests | |
2634 for any session that may be part of a multilink service. | |
2635 | |
2636 The Acct-Link-Count AVP may be used to make it easier for an | |
2637 accounting server to know when it has all the records for a given | |
2638 multilink service. When the number of Accounting-Requests received | |
2639 with Accounting-Record-Type = STOP_RECORD and with the same Acct- | |
2640 Multi-Session-Id and unique Session-Ids equals the largest value of | |
2641 Acct-Link-Count seen in those Accounting-Requests, all STOP_RECORD | |
2642 Accounting-Requests for that multilink service have been received. | |
2643 | |
2644 The following example, showing eight Accounting-Requests, illustrates | |
2645 how the Acct-Link-Count AVP is used. In the table below, only the | |
2646 relevant AVPs are shown, although additional AVPs containing | |
2647 accounting information will be present in the Accounting-Requests. | |
2648 | |
2649 Acct-Multi- Accounting- Acct- | |
2650 Session-Id Session-Id Record-Type Link-Count | |
2651 -------------------------------------------------------- | |
2652 "...10" "...10" START_RECORD 1 | |
2653 "...10" "...11" START_RECORD 2 | |
2654 "...10" "...11" STOP_RECORD 2 | |
2655 "...10" "...12" START_RECORD 3 | |
2656 "...10" "...13" START_RECORD 4 | |
2657 "...10" "...12" STOP_RECORD 4 | |
2658 "...10" "...13" STOP_RECORD 4 | |
2659 "...10" "...10" STOP_RECORD 4 | |
2660 | |
2661 */ | |
2662 dict_avp_data_t data = { | |
2663 51, /* Code */ | |
2664 0, /* Vendor */ | |
2665 "Acct-Link-Count", /* Name */ | |
2666 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2667 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2668 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2669 }; | |
2670 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2671 } | |
2672 | |
2673 /* Acct-Tunnel-Connection */ | |
2674 { | |
2675 /* | |
2676 The Acct-Tunnel-Connection AVP (AVP Code 68) is of type OctetString | |
2677 and contains the identifier assigned to the tunnel session. This | |
2678 AVP, along with the Tunnel-Client-Endpoint and Tunnel-Server-Endpoint | |
2679 AVPs, may be used to provide a means to uniquely identify a tunnel | |
2680 session for auditing purposes. | |
2681 | |
2682 The format of the identifier in this AVP depends upon the value of | |
2683 the Tunnel-Type AVP. For example, to identify an L2TP tunnel | |
2684 connection fully, the L2TP Tunnel Id and Call Id might be encoded in | |
2685 this field. The exact encoding of this field is implementation | |
2686 dependent. | |
2687 */ | |
2688 dict_avp_data_t data = { | |
2689 68, /* Code */ | |
2690 0, /* Vendor */ | |
2691 "Acct-Tunnel-Connection", /* Name */ | |
2692 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2693 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2694 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2695 }; | |
2696 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2697 } | |
2698 | |
2699 /* Acct-Tunnel-Packets-Lost */ | |
2700 { | |
2701 /* | |
2702 The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32 | |
2703 and contains the number of packets lost on a given link. | |
2704 */ | |
2705 dict_avp_data_t data = { | |
2706 86, /* Code */ | |
2707 0, /* Vendor */ | |
2708 "Acct-Tunnel-Packets-Lost", /* Name */ | |
2709 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2710 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2711 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2712 }; | |
2713 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2714 } | |
2715 | |
2716 /*********************************** | |
2717 * Compatibility with RADIUS AVPs * | |
2718 ***********************************/ | |
2719 /* NAS-Identifier */ | |
2720 { | |
2721 /* | |
2722 The NAS-Identifier AVP (AVP Code 32) [RADIUS] is of type UTF8String | |
2723 and contains the identity of the NAS providing service to the user. | |
2724 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent. | |
2725 When this AVP is present, the Origin-Host AVP identifies the NAS | |
2726 providing service to the user. | |
2727 | |
2728 In RADIUS it would be possible for a rogue NAS to forge the NAS- | |
2729 Identifier attribute. Diameter/RADIUS translation agents SHOULD | |
2730 attempt to check a received NAS-Identifier attribute against the | |
2731 source address of the RADIUS packet, by doing an A/AAAA RR query. If | |
2732 the NAS-Identifier attribute contains an FQDN, then such a query | |
2733 would resolve to an IP address matching the source address. However, | |
2734 the NAS-Identifier attribute is not required to contain an FQDN, so | |
2735 such a query could fail. If it fails, an error should be logged, but | |
2736 no action should be taken, other than a reverse lookup on the source | |
2737 address and insert the resulting FQDN into the Route-Record AVP. | |
2738 | |
2739 Diameter agents and servers SHOULD check whether a NAS-Identifier AVP | |
2740 corresponds to an entry in the Route-Record AVP. If no match is | |
2741 found, then an error is logged, but no other action is taken. | |
2742 */ | |
2743 dict_avp_data_t data = { | |
2744 32, /* Code */ | |
2745 0, /* Vendor */ | |
2746 "NAS-Identifier", /* Name */ | |
2747 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2748 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2749 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2750 }; | |
2751 CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); | |
2752 } | |
2753 | |
2754 /* NAS-IP-Address */ | |
2755 { | |
2756 /* | |
2757 The NAS-IP-Address AVP (AVP Code 4) [RADIUS] is of type OctetString | |
2758 and contains the IP Address of the NAS providing service to the user. | |
2759 This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent. | |
2760 When this AVP is present, the Origin-Host AVP identifies the NAS | |
2761 providing service to the user. | |
2762 | |
2763 In RADIUS it would be possible for a rogue NAS to forge the NAS-IP- | |
2764 Address attribute value. Diameter/RADIUS translation agents MUST | |
2765 check a received NAS-IP-Address or NAS-IPv6-Address attribute against | |
2766 the source address of the RADIUS packet. If they do not match and | |
2767 the Diameter/RADIUS translation agent does not know whether the | |
2768 packet was sent by a RADIUS proxy or NAS (e.g., no Proxy-State | |
2769 attribute), then by default it is assumed that the source address | |
2770 corresponds to a RADIUS proxy, and that the NAS Address is behind | |
2771 that proxy, potentially with some additional RADIUS proxies in | |
2772 between. The Diameter/RADIUS translation agent MUST insert entries | |
2773 in the Route-Record AVP corresponding to the apparent route. This | |
2774 implies doing a reverse lookup on the source address and NAS-IP- | |
2775 Address or NAS-IPv6-Address attributes to determine the corresponding | |
2776 FQDNs. | |
2777 | |
2778 If the source address and the NAS-IP-Address or NAS-IPv6-Address do | |
2779 not match, and the Diameter/RADIUS translation agent knows that it is | |
2780 talking directly to the NAS (e.g., there are no RADIUS proxies | |
2781 between it and the NAS), then the error should be logged, and the | |
2782 packet MUST be discarded. | |
2783 | |
2784 Diameter agents and servers MUST check whether the NAS-IP-Address AVP | |
2785 corresponds to an entry in the Route-Record AVP. This is done by | |
2786 doing a reverse lookup (PTR RR) for the NAS-IP-Address to retrieve | |
2787 the corresponding FQDN, and by checking for a match with the Route- | |
2788 Record AVP. If no match is found, then an error is logged, but no | |
2789 other action is taken. | |
2790 */ | |
2791 dict_avp_data_t data = { | |
2792 4, /* Code */ | |
2793 0, /* Vendor */ | |
2794 "NAS-IP-Address", /* Name */ | |
2795 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2796 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2797 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2798 }; | |
2799 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2800 } | |
2801 | |
2802 /* NAS-IPv6-Address */ | |
2803 { | |
2804 /* | |
2805 The NAS-IPv6-Address AVP (AVP Code 95) [RADIUSIPv6] is of type | |
2806 OctetString and contains the IPv6 Address of the NAS providing | |
2807 service to the user. This AVP SHOULD only be added by a | |
2808 RADIUS/Diameter Translation Agent. When this AVP is present, the | |
2809 Origin-Host AVP identifies the NAS providing service to the user. | |
2810 | |
2811 In RADIUS it would be possible for a rogue NAS to forge the NAS- | |
2812 IPv6-Address attribute. Diameter/RADIUS translation agents MUST | |
2813 check a received NAS-IPv6-Address attribute against the source | |
2814 address of the RADIUS packet. If they do not match and the | |
2815 Diameter/RADIUS translation agent does not know whether the packet | |
2816 was sent by a RADIUS proxy or NAS (e.g., no Proxy-State attribute), | |
2817 then by default it is assumed that the source address corresponds to | |
2818 a RADIUS proxy, and that the NAS-IPv6-Address is behind that proxy, | |
2819 potentially with some additional RADIUS proxies in between. The | |
2820 Diameter/RADIUS translation agent MUST insert entries in the Route- | |
2821 Record AVP corresponding to the apparent route. This implies doing a | |
2822 reverse lookup on the source address and NAS-IPv6-Address attributes | |
2823 to determine the corresponding FQDNs. | |
2824 | |
2825 If the source address and the NAS-IPv6-Address do not match, and the | |
2826 Diameter/RADIUS translation agent knows that it is talking directly | |
2827 to the NAS (e.g., there are no RADIUS proxies between it and the | |
2828 NAS), then the error should be logged, and the packet MUST be | |
2829 discarded. | |
2830 | |
2831 Diameter agents and servers MUST check whether the NAS-IPv6-Address | |
2832 AVP corresponds to an entry in the Route-Record AVP. This is done by | |
2833 doing a reverse lookup (PTR RR) for the NAS-IPv6-Address to retrieve | |
2834 the corresponding FQDN, and by checking for a match with the Record- | |
2835 Route AVP. If no match is found, then an error is logged, but no | |
2836 other action is taken. | |
2837 */ | |
2838 dict_avp_data_t data = { | |
2839 95, /* Code */ | |
2840 0, /* Vendor */ | |
2841 "NAS-IPv6-Address", /* Name */ | |
2842 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2843 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2844 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2845 }; | |
2846 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2847 } | |
2848 | |
2849 /* State */ | |
2850 { | |
2851 /* | |
2852 The State AVP (AVP Code 24) [RADIUS] is of type OctetString and has | |
2853 two uses in the Diameter NAS application. | |
2854 | |
2855 The State AVP MAY be sent by a Diameter Server to a NAS in an AA- | |
2856 Response command that contains a Result-Code of | |
2857 DIAMETER_MULTI_ROUND_AUTH. If so, the NAS MUST return it unmodified | |
2858 in the subsequent AA-Request command. | |
2859 | |
2860 The State AVP MAY also be sent by a Diameter Server to a NAS in an | |
2861 AA-Response command that also includes a Termination-Action AVP with | |
2862 the value of AA-REQUEST. If the NAS performs the Termination-Action | |
2863 by sending a new AA-Request command upon termination of the current | |
2864 service, it MUST return the State AVP unmodified in the new request | |
2865 command. | |
2866 | |
2867 In either usage, the NAS MUST NOT interpret the AVP locally. Usage | |
2868 of the State AVP is implementation dependent. | |
2869 */ | |
2870 dict_avp_data_t data = { | |
2871 24, /* Code */ | |
2872 0, /* Vendor */ | |
2873 "State", /* Name */ | |
2874 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2875 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2876 AVP_TYPE_OCTETSTRING /* base type of data */ | |
2877 }; | |
2878 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); | |
2879 } | |
2880 | |
2881 /* Termination-Cause mapping */ | |
2882 { | |
2883 | |
2884 dict_object_t * type; | |
2885 dict_type_enum_data_t tvals[] = { | |
2886 enum_val_def(11, "[RADIUS] User Request"), | |
2887 enum_val_def(12, "[RADIUS] Lost Carrier"), | |
2888 enum_val_def(13, "[RADIUS] Lost Service"), | |
2889 enum_val_def(14, "[RADIUS] Idle Timeout"), | |
2890 enum_val_def(15, "[RADIUS] Session Timeout"), | |
2891 enum_val_def(16, "[RADIUS] Admin Reset"), | |
2892 enum_val_def(17, "[RADIUS] Admin Reboot"), | |
2893 enum_val_def(18, "[RADIUS] Port Error"), | |
2894 enum_val_def(19, "[RADIUS] NAS Error"), | |
2895 enum_val_def(20, "[RADIUS] NAS Request"), | |
2896 enum_val_def(21, "[RADIUS] NAS Reboot"), | |
2897 enum_val_def(22, "[RADIUS] Port Unneeded"), | |
2898 enum_val_def(23, "[RADIUS] Port Preempted"), | |
2899 enum_val_def(24, "[RADIUS] Port Suspended"), | |
2900 enum_val_def(25, "[RADIUS] Service Unavailable"), | |
2901 enum_val_def(26, "[RADIUS] Callback"), | |
2902 enum_val_def(27, "[RADIUS] User Error"), | |
2903 enum_val_def(28, "[RADIUS] Host Request"), | |
2904 enum_val_def(29, "[RADIUS] Supplicant Restart"), | |
2905 enum_val_def(30, "[RADIUS] Reauthentication Failure"), | |
2906 enum_val_def(31, "[RADIUS] Port Reinit"), | |
2907 enum_val_def(32, "[RADIUS] Port Disabled") | |
2908 }; | |
2909 int i; | |
2910 | |
2911 CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Enumerated(Termination-Cause)", &type); | |
2912 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2913 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
2914 } | |
2915 | |
2916 } | |
2917 | |
2918 /* Origin-AAA-Protocol */ | |
2919 { | |
2920 /* | |
2921 The Origin-AAA-Protocol AVP (AVP Code 408) is of the type Enumerated | |
2922 and should be inserted in a Diameter message translated by a gateway | |
2923 system from another AAA protocol, such as RADIUS. It identifies the | |
2924 source protocol of the message to the Diameter system receiving the | |
2925 message. | |
2926 | |
2927 The supported values are: | |
2928 | |
2929 1 RADIUS | |
2930 */ | |
2931 dict_object_t * type; | |
2932 dict_type_data_t tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Origin-AAA-Protocol)" , NULL, NULL}; | |
2933 dict_type_enum_data_t tvals[] = { | |
2934 enum_val_def( 1, "RADIUS") | |
2935 }; | |
2936 dict_avp_data_t data = { | |
2937 408, /* Code */ | |
2938 0, /* Vendor */ | |
2939 "Origin-AAA-Protocol", /* Name */ | |
2940 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ | |
2941 AVP_FLAG_MANDATORY, /* Fixed flag values */ | |
2942 AVP_TYPE_UNSIGNED32 /* base type of data */ | |
2943 }; | |
2944 int i; | |
2945 /* Create the Enumerated type, enumerated values, and the AVP */ | |
2946 CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); | |
2947 for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { | |
2948 CHECK_dict_new( DICT_TYPE_ENUM, &tvals[i], type, NULL); | |
2949 } | |
2950 CHECK_dict_new( DICT_AVP, &data , type, NULL); | |
2951 } | |
2952 | |
2953 } | |
2954 | |
2955 /********************/ | |
2956 /* Commands section */ | |
2957 /********************/ | |
2958 { | |
2959 /* To avoid defining global variables for all the AVP that we use here, we do search the dictionary in each sub-block. | |
2960 * This is far from optimal, but the code is clearer like this, and the time it requires at execution is not noticeable. | |
2961 */ | |
2962 | |
2963 /* AA-Request (AAR) Command */ | |
2964 { | |
2965 /* | |
2966 The AA-Request (AAR), which is indicated by setting the Command-Code | |
2967 field to 265 and the 'R' bit in the Command Flags field, is used to | |
2968 request authentication and/or authorization for a given NAS user. | |
2969 The type of request is identified through the Auth-Request-Type AVP | |
2970 [BASE]. The recommended value for most RADIUS interoperabily | |
2971 situations is AUTHORIZE_AUTHENTICATE. | |
2972 | |
2973 If Authentication is requested, the User-Name attribute SHOULD be | |
2974 present, as well as any additional authentication AVPs that would | |
2975 carry the password information. A request for authorization SHOULD | |
2976 only include the information from which the authorization will be | |
2977 performed, such as the User-Name, Called-Station-Id, or Calling- | |
2978 Station-Id AVPs. All requests SHOULD contain AVPs uniquely | |
2979 identifying the source of the call, such as Origin-Host and NAS-Port. | |
2980 Certain networks MAY use different AVPs for authorization purposes. | |
2981 A request for authorization will include some AVPs defined in section | |
2982 6. | |
2983 | |
2984 It is possible for a single session to be authorized first and then | |
2985 for an authentication request to follow. | |
2986 | |
2987 This AA-Request message MAY be the result of a multi-round | |
2988 authentication exchange, which occurs when the AA-Answer message is | |
2989 received with the Result-Code AVP set to DIAMETER_MULTI_ROUND_AUTH. | |
2990 A subsequent AAR message SHOULD be sent, with the User-Password AVP | |
2991 that includes the user's response to the prompt, and MUST include any | |
2992 State AVPs that were present in the AAA message. | |
2993 | |
2994 Message Format | |
2995 <AA-Request> ::= < Diameter Header: 265, REQ, PXY > | |
2996 < Session-Id > | |
2997 { Auth-Application-Id } | |
2998 { Origin-Host } | |
2999 { Origin-Realm } | |
3000 { Destination-Realm } | |
3001 { Auth-Request-Type } | |
3002 [ Destination-Host ] | |
3003 [ NAS-Identifier ] | |
3004 [ NAS-IP-Address ] | |
3005 [ NAS-IPv6-Address ] | |
3006 [ NAS-Port ] | |
3007 [ NAS-Port-Id ] | |
3008 [ NAS-Port-Type ] | |
3009 [ Origin-AAA-Protocol ] | |
3010 [ Origin-State-Id ] | |
3011 [ Port-Limit ] | |
3012 [ User-Name ] | |
3013 [ User-Password ] | |
3014 [ Service-Type ] | |
3015 [ State ] | |
3016 [ Authorization-Lifetime ] | |
3017 [ Auth-Grace-Period ] | |
3018 [ Auth-Session-State ] | |
3019 [ Callback-Number ] | |
3020 [ Called-Station-Id ] | |
3021 [ Calling-Station-Id ] | |
3022 [ Originating-Line-Info ] | |
3023 [ Connect-Info ] | |
3024 [ CHAP-Auth ] | |
3025 [ CHAP-Challenge ] | |
3026 * [ Framed-Compression ] | |
3027 [ Framed-Interface-Id ] | |
3028 [ Framed-IP-Address ] | |
3029 * [ Framed-IPv6-Prefix ] | |
3030 [ Framed-IP-Netmask ] | |
3031 [ Framed-MTU ] | |
3032 [ Framed-Protocol ] | |
3033 [ ARAP-Password ] | |
3034 [ ARAP-Security ] | |
3035 * [ ARAP-Security-Data ] | |
3036 * [ Login-IP-Host ] | |
3037 * [ Login-IPv6-Host ] | |
3038 [ Login-LAT-Group ] | |
3039 [ Login-LAT-Node ] | |
3040 [ Login-LAT-Port ] | |
3041 [ Login-LAT-Service ] | |
3042 * [ Tunneling ] | |
3043 * [ Proxy-Info ] | |
3044 * [ Route-Record ] | |
3045 * [ AVP ] | |
3046 */ | |
3047 dict_object_t * cmd; | |
3048 dict_cmd_data_t data = { | |
3049 265, /* Code */ | |
3050 "AA-Request", /* Name */ | |
3051 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_RETRANSMIT | CMD_FLAG_ERROR, /* Fixed flags */ | |
3052 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE /* Fixed flag values */ | |
3053 }; | |
3054 loc_rules_def_t rules[] = { { "Session-Id", RULE_FIXED_HEAD, -1, 1, 1 } | |
3055 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1, 1 } | |
3056 ,{ "Origin-Host", RULE_REQUIRED, -1, 1, 1 } | |
3057 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1, 1 } | |
3058 ,{ "Destination-Realm", RULE_REQUIRED, -1, 1, 1 } | |
3059 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1, 1 } | |
3060 ,{ "Destination-Host", RULE_OPTIONAL, -1, 1, 1 } | |
3061 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 } | |
3062 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3063 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3064 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3065 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3066 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3067 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3068 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3069 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1, 1 } | |
3070 ,{ "User-Name", RULE_OPTIONAL, -1, 1, 1 } | |
3071 ,{ "User-Password", RULE_OPTIONAL, -1, 1, 1 } | |
3072 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3073 ,{ "State", RULE_OPTIONAL, -1, 1, 1 } | |
3074 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 } | |
3075 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1, 1 } | |
3076 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1, 1 } | |
3077 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1, 1 } | |
3078 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3079 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3080 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 } | |
3081 ,{ "Connect-Info", RULE_OPTIONAL, -1, 1, 1 } | |
3082 ,{ "CHAP-Auth", RULE_OPTIONAL, -1, 1, 1 } | |
3083 ,{ "CHAP-Challenge", RULE_OPTIONAL, -1, 1, 1 } | |
3084 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1, 1 } | |
3085 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3086 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3087 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1, 1 } | |
3088 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1, 1 } | |
3089 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1, 1 } | |
3090 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3091 ,{ "ARAP-Password", RULE_OPTIONAL, -1, 1, 1 } | |
3092 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1, 1 } | |
3093 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1, 1 } | |
3094 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1, 1 } | |
3095 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1, 1 } | |
3096 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1, 1 } | |
3097 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1, 1 } | |
3098 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3099 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1, 1 } | |
3100 ,{ "Tunneling", RULE_OPTIONAL, -1,-1, 1 } | |
3101 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1, 0 } | |
3102 ,{ "Route-Record", RULE_OPTIONAL, -1,-1, 0 } | |
3103 }; | |
3104 | |
3105 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd); | |
3106 PARSE_loc_rules( rules, cmd ); | |
3107 } | |
3108 | |
3109 /* AA-Answer (AAA) Command */ | |
3110 { | |
3111 /* | |
3112 The AA-Answer (AAA) message is indicated by setting the Command-Code | |
3113 field to 265 and clearing the 'R' bit in the Command Flags field. It | |
3114 is sent in response to the AA-Request (AAR) message. If | |
3115 authorization was requested, a successful response will include the | |
3116 authorization AVPs appropriate for the service being provided, as | |
3117 defined in section 6. | |
3118 | |
3119 For authentication exchanges requiring more than a single round trip, | |
3120 the server MUST set the Result-Code AVP to DIAMETER_MULTI_ROUND_AUTH. | |
3121 An AAA message with this result code MAY include one Reply-Message or | |
3122 more and MAY include zero or one State AVPs. | |
3123 | |
3124 If the Reply-Message AVP was present, the network access server | |
3125 SHOULD send the text to the user's client to display to the user, | |
3126 instructing the client to prompt the user for a response. For | |
3127 example, this capability can be achieved in PPP via PAP. If the | |
3128 access client is unable to prompt the user for a new response, it | |
3129 MUST treat the AA-Answer (AAA) with the Reply-Message AVP as an error | |
3130 and deny access. | |
3131 | |
3132 Message Format | |
3133 | |
3134 <AA-Answer> ::= < Diameter Header: 265, PXY > | |
3135 < Session-Id > | |
3136 { Auth-Application-Id } | |
3137 { Auth-Request-Type } | |
3138 { Result-Code } | |
3139 { Origin-Host } | |
3140 { Origin-Realm } | |
3141 [ User-Name ] | |
3142 [ Service-Type ] | |
3143 * [ Class ] | |
3144 * [ Configuration-Token ] | |
3145 [ Acct-Interim-Interval ] | |
3146 [ Error-Message ] | |
3147 [ Error-Reporting-Host ] | |
3148 * [ Failed-AVP ] | |
3149 [ Idle-Timeout ] | |
3150 [ Authorization-Lifetime ] | |
3151 [ Auth-Grace-Period ] | |
3152 [ Auth-Session-State ] | |
3153 [ Re-Auth-Request-Type ] | |
3154 [ Multi-Round-Time-Out ] | |
3155 [ Session-Timeout ] | |
3156 [ State ] | |
3157 * [ Reply-Message ] | |
3158 [ Origin-AAA-Protocol ] | |
3159 [ Origin-State-Id ] | |
3160 * [ Filter-Id ] | |
3161 [ Password-Retry ] | |
3162 [ Port-Limit ] | |
3163 [ Prompt ] | |
3164 [ ARAP-Challenge-Response ] | |
3165 [ ARAP-Features ] | |
3166 [ ARAP-Security ] | |
3167 * [ ARAP-Security-Data ] | |
3168 [ ARAP-Zone-Access ] | |
3169 [ Callback-Id ] | |
3170 [ Callback-Number ] | |
3171 [ Framed-Appletalk-Link ] | |
3172 * [ Framed-Appletalk-Network ] | |
3173 [ Framed-Appletalk-Zone ] | |
3174 * [ Framed-Compression ] | |
3175 [ Framed-Interface-Id ] | |
3176 [ Framed-IP-Address ] | |
3177 * [ Framed-IPv6-Prefix ] | |
3178 [ Framed-IPv6-Pool ] | |
3179 * [ Framed-IPv6-Route ] | |
3180 [ Framed-IP-Netmask ] | |
3181 * [ Framed-Route ] | |
3182 [ Framed-Pool ] | |
3183 [ Framed-IPX-Network ] | |
3184 [ Framed-MTU ] | |
3185 [ Framed-Protocol ] | |
3186 [ Framed-Routing ] | |
3187 * [ Login-IP-Host ] | |
3188 * [ Login-IPv6-Host ] | |
3189 [ Login-LAT-Group ] | |
3190 [ Login-LAT-Node ] | |
3191 [ Login-LAT-Port ] | |
3192 [ Login-LAT-Service ] | |
3193 [ Login-Service ] | |
3194 [ Login-TCP-Port ] | |
3195 * [ NAS-Filter-Rule ] | |
3196 * [ QoS-Filter-Rule ] | |
3197 * [ Tunneling ] | |
3198 * [ Redirect-Host ] | |
3199 [ Redirect-Host-Usage ] | |
3200 [ Redirect-Max-Cache-Time ] | |
3201 * [ Proxy-Info ] | |
3202 * [ AVP ] | |
3203 */ | |
3204 dict_object_t * cmd; | |
3205 dict_cmd_data_t data = { | |
3206 265, /* Code */ | |
3207 "AA-Answer", /* Name */ | |
3208 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE, /* Fixed flags */ | |
3209 CMD_FLAG_PROXIABLE /* Fixed flag values */ | |
3210 }; | |
3211 loc_rules_def_t rules[] = { { "Session-Id", RULE_FIXED_HEAD, -1, 1, 1 } | |
3212 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1, 1 } | |
3213 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1, 1 } | |
3214 ,{ "Result-Code", RULE_REQUIRED, -1, 1, 1 } | |
3215 ,{ "Origin-Host", RULE_REQUIRED, -1, 1, 1 } | |
3216 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1, 1 } | |
3217 ,{ "User-Name", RULE_OPTIONAL, -1, 1, 1 } | |
3218 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3219 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 } | |
3220 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1, 1 } | |
3221 ,{ "Acct-Interim-Interval", RULE_OPTIONAL, -1, 1, 1 } | |
3222 ,{ "Error-Message", RULE_OPTIONAL, -1, 1, 1 } | |
3223 ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1, 1 } | |
3224 ,{ "Failed-AVP", RULE_OPTIONAL, -1,-1, 1 } | |
3225 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1, 1 } | |
3226 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 } | |
3227 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1, 1 } | |
3228 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1, 1 } | |
3229 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3230 ,{ "Multi-Round-Time-Out", RULE_OPTIONAL, -1, 1, 1 } | |
3231 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1, 1 } | |
3232 ,{ "State", RULE_OPTIONAL, -1, 1, 1 } | |
3233 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 } | |
3234 ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3235 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3236 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1, 1 } | |
3237 ,{ "Password-Retry", RULE_OPTIONAL, -1, 1, 1 } | |
3238 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1, 1 } | |
3239 ,{ "Prompt", RULE_OPTIONAL, -1, 1, 1 } | |
3240 ,{ "ARAP-Challenge-Response", RULE_OPTIONAL, -1, 1, 1 } | |
3241 ,{ "ARAP-Features", RULE_OPTIONAL, -1, 1, 1 } | |
3242 ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1, 1 } | |
3243 ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1, 1 } | |
3244 ,{ "ARAP-Zone-Access", RULE_OPTIONAL, -1, 1, 1 } | |
3245 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3246 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1, 1 } | |
3247 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1, 1 } | |
3248 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1,-1, 1 } | |
3249 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1, 1 } | |
3250 ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1, 1 } | |
3251 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1,-1, 1 } | |
3252 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3253 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1, 1 } | |
3254 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1, 1 } | |
3255 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1, 1 } | |
3256 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1,-1, 1 } | |
3257 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1, 1 } | |
3258 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1, 1 } | |
3259 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1, 1 } | |
3260 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1, 1 } | |
3261 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3262 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1, 1 } | |
3263 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1, 1 } | |
3264 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1, 1 } | |
3265 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1, 1 } | |
3266 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1, 1 } | |
3267 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3268 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1, 1 } | |
3269 ,{ "Login-Service", RULE_OPTIONAL, -1, 1, 1 } | |
3270 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3271 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 } | |
3272 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 } | |
3273 ,{ "Tunneling", RULE_OPTIONAL, -1,-1, 1 } | |
3274 ,{ "Redirect-Host", RULE_OPTIONAL, -1,-1, 1 } | |
3275 ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1, 1 } | |
3276 ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1, 1 } | |
3277 ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1, 0 } | |
3278 }; | |
3279 | |
3280 CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd); | |
3281 PARSE_loc_rules( rules, cmd ); | |
3282 } | |
3283 | |
3284 /* Re-Auth-Request */ | |
3285 { | |
3286 /* | |
3287 Add additional rules of the ABNF (compared to Base definition): | |
3288 | |
3289 <RA-Request> ::= < Diameter Header: 258, REQ, PXY > | |
3290 < Session-Id > | |
3291 { Origin-Host } | |
3292 { Origin-Realm } | |
3293 { Destination-Realm } | |
3294 { Destination-Host } | |
3295 { Auth-Application-Id } | |
3296 { Re-Auth-Request-Type } | |
3297 [ User-Name ] | |
3298 [ Origin-AAA-Protocol ] | |
3299 [ Origin-State-Id ] | |
3300 [ NAS-Identifier ] | |
3301 [ NAS-IP-Address ] | |
3302 [ NAS-IPv6-Address ] | |
3303 [ NAS-Port ] | |
3304 [ NAS-Port-Id ] | |
3305 [ NAS-Port-Type ] | |
3306 [ Service-Type ] | |
3307 [ Framed-IP-Address ] | |
3308 [ Framed-IPv6-Prefix ] | |
3309 [ Framed-Interface-Id ] | |
3310 [ Called-Station-Id ] | |
3311 [ Calling-Station-Id ] | |
3312 [ Originating-Line-Info ] | |
3313 [ Acct-Session-Id ] | |
3314 [ Acct-Multi-Session-Id ] | |
3315 [ State ] | |
3316 * [ Class ] | |
3317 [ Reply-Message ] | |
3318 * [ Proxy-Info ] | |
3319 * [ Route-Record ] | |
3320 * [ AVP ] | |
3321 */ | |
3322 dict_object_t * cmd; | |
3323 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3324 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 } | |
3325 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3326 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3327 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3328 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3329 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3330 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3331 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3332 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1, 1 } | |
3333 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3334 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3335 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3336 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 } | |
3337 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3338 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3339 ,{ "State", RULE_OPTIONAL, -1, 1, 1 } | |
3340 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 } | |
3341 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 } | |
3342 }; | |
3343 | |
3344 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Request", &cmd); | |
3345 PARSE_loc_rules( rules, cmd ); | |
3346 } | |
3347 | |
3348 /* Re-Auth-Answer */ | |
3349 { | |
3350 /* | |
3351 Add additional rules of the ABNF (compared to Base definition): | |
3352 | |
3353 | |
3354 <RA-Answer> ::= < Diameter Header: 258, PXY > | |
3355 < Session-Id > | |
3356 { Result-Code } | |
3357 { Origin-Host } | |
3358 { Origin-Realm } | |
3359 [ User-Name ] | |
3360 [ Origin-AAA-Protocol ] | |
3361 [ Origin-State-Id ] | |
3362 [ Error-Message ] | |
3363 [ Error-Reporting-Host ] | |
3364 * [ Failed-AVP ] | |
3365 * [ Redirected-Host ] | |
3366 [ Redirected-Host-Usage ] | |
3367 [ Redirected-Host-Cache-Time ] | |
3368 [ Service-Type ] | |
3369 * [ Configuration-Token ] | |
3370 [ Idle-Timeout ] | |
3371 [ Authorization-Lifetime ] | |
3372 [ Auth-Grace-Period ] | |
3373 [ Re-Auth-Request-Type ] | |
3374 [ State ] | |
3375 * [ Class ] | |
3376 * [ Reply-Message ] | |
3377 [ Prompt ] | |
3378 * [ Proxy-Info ] | |
3379 * [ AVP ] | |
3380 */ | |
3381 dict_object_t * cmd; | |
3382 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3383 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3384 ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1, 1 } | |
3385 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1, 1 } | |
3386 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 } | |
3387 ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1, 1 } | |
3388 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3389 ,{ "State", RULE_OPTIONAL, -1, 1, 1 } | |
3390 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 } | |
3391 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 } | |
3392 ,{ "Prompt", RULE_OPTIONAL, -1, 1, 1 } | |
3393 }; | |
3394 | |
3395 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Answer", &cmd); | |
3396 PARSE_loc_rules( rules, cmd ); | |
3397 } | |
3398 | |
3399 /* Session-Termination-Request */ | |
3400 { | |
3401 /* | |
3402 Add additional rules of the ABNF (compared to Base definition): | |
3403 | |
3404 | |
3405 <ST-Request> ::= < Diameter Header: 275, REQ, PXY > | |
3406 < Session-Id > | |
3407 { Origin-Host } | |
3408 { Origin-Realm } | |
3409 { Destination-Realm } | |
3410 { Auth-Application-Id } | |
3411 { Termination-Cause } | |
3412 [ User-Name ] | |
3413 [ Destination-Host ] | |
3414 * [ Class ] | |
3415 [ Origin-AAA-Protocol ] | |
3416 [ Origin-State-Id ] | |
3417 * [ Proxy-Info ] | |
3418 * [ Route-Record ] | |
3419 * [ AVP ] | |
3420 */ | |
3421 dict_object_t * cmd; | |
3422 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3423 }; | |
3424 | |
3425 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Request", &cmd); | |
3426 PARSE_loc_rules( rules, cmd ); | |
3427 } | |
3428 | |
3429 /* Session-Termination-Answer */ | |
3430 { | |
3431 /* | |
3432 Add additional rules of the ABNF (compared to Base definition): | |
3433 | |
3434 <ST-Answer> ::= < Diameter Header: 275, PXY > | |
3435 < Session-Id > | |
3436 { Result-Code } | |
3437 { Origin-Host } | |
3438 { Origin-Realm } | |
3439 [ User-Name ] | |
3440 * [ Class ] | |
3441 [ Error-Message ] | |
3442 [ Error-Reporting-Host ] | |
3443 * [ Failed-AVP ] | |
3444 [ Origin-AAA-Protocol ] | |
3445 [ Origin-State-Id ] | |
3446 * [ Redirect-Host ] | |
3447 [ Redirect-Host-Usase ] | |
3448 [ Redirect-Max-Cache-Time ] | |
3449 * [ Proxy-Info ] | |
3450 * [ AVP ] | |
3451 */ | |
3452 dict_object_t * cmd; | |
3453 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3454 }; | |
3455 | |
3456 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Answer", &cmd); | |
3457 PARSE_loc_rules( rules, cmd ); | |
3458 } | |
3459 | |
3460 /* Abort-Session-Request */ | |
3461 { | |
3462 /* | |
3463 Add additional rules of the ABNF (compared to Base definition): | |
3464 | |
3465 <AS-Request> ::= < Diameter Header: 274, REQ, PXY > | |
3466 < Session-Id > | |
3467 { Origin-Host } | |
3468 { Origin-Realm } | |
3469 { Destination-Realm } | |
3470 { Destination-Host } | |
3471 { Auth-Application-Id } | |
3472 [ User-Name ] | |
3473 [ Origin-AAA-Protocol ] | |
3474 [ Origin-State-Id ] | |
3475 [ NAS-Identifier ] | |
3476 [ NAS-IP-Address ] | |
3477 [ NAS-IPv6-Address ] | |
3478 [ NAS-Port ] | |
3479 [ NAS-Port-Id ] | |
3480 [ NAS-Port-Type ] | |
3481 [ Service-Type ] | |
3482 [ Framed-IP-Address ] | |
3483 [ Framed-IPv6-Prefix ] | |
3484 [ Framed-Interface-Id ] | |
3485 [ Called-Station-Id ] | |
3486 [ Calling-Station-Id ] | |
3487 [ Originating-Line-Info ] | |
3488 [ Acct-Session-Id ] | |
3489 [ Acct-Multi-Session-Id ] | |
3490 [ State ] | |
3491 * [ Class ] | |
3492 * [ Reply-Message ] | |
3493 * [ Proxy-Info ] | |
3494 * [ Route-Record ] | |
3495 * [ AVP ] | |
3496 | |
3497 */ | |
3498 dict_object_t * cmd; | |
3499 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3500 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 } | |
3501 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3502 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3503 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3504 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3505 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3506 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3507 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3508 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1, 1 } | |
3509 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3510 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3511 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3512 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 } | |
3513 ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3514 ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3515 ,{ "State", RULE_OPTIONAL, -1, 1, 1 } | |
3516 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 } | |
3517 ,{ "Reply-Message", RULE_OPTIONAL, -1,-1, 1 } | |
3518 }; | |
3519 | |
3520 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Request", &cmd); | |
3521 PARSE_loc_rules( rules, cmd ); | |
3522 } | |
3523 | |
3524 /* Abort-Session-Answer */ | |
3525 { | |
3526 /* | |
3527 Add additional rules of the ABNF (compared to Base definition): | |
3528 | |
3529 <AS-Answer> ::= < Diameter Header: 274, PXY > | |
3530 < Session-Id > | |
3531 { Result-Code } | |
3532 { Origin-Host } | |
3533 { Origin-Realm } | |
3534 [ User-Name ] | |
3535 [ Origin-AAA-Protocol ] | |
3536 [ Origin-State-Id ] | |
3537 [ State] | |
3538 [ Error-Message ] | |
3539 [ Error-Reporting-Host ] | |
3540 * [ Failed-AVP ] | |
3541 * [ Redirected-Host ] | |
3542 [ Redirected-Host-Usage ] | |
3543 [ Redirected-Max-Cache-Time ] | |
3544 * [ Proxy-Info ] | |
3545 * [ AVP ] | |
3546 */ | |
3547 dict_object_t * cmd; | |
3548 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3549 ,{ "State", RULE_REQUIRED, -1, 1, 1 } | |
3550 }; | |
3551 | |
3552 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Answer", &cmd); | |
3553 PARSE_loc_rules( rules, cmd ); | |
3554 } | |
3555 | |
3556 /* Accounting-Request */ | |
3557 { | |
3558 /* | |
3559 Add additional rules of the ABNF (compared to Base definition): | |
3560 | |
3561 <AC-Request> ::= < Diameter Header: 271, REQ, PXY > | |
3562 < Session-Id > | |
3563 { Origin-Host } | |
3564 { Origin-Realm } | |
3565 { Destination-Realm } | |
3566 { Accounting-Record-Type } | |
3567 { Accounting-Record-Number } | |
3568 [ Acct-Application-Id ] | |
3569 [ Vendor-Specific-Application-Id ] | |
3570 [ User-Name ] | |
3571 [ Accounting-Sub-Session-Id ] | |
3572 [ Acct-Session-Id ] | |
3573 [ Acct-Multi-Session-Id ] | |
3574 [ Origin-AAA-Protocol ] | |
3575 [ Origin-State-Id ] | |
3576 [ Destination-Host ] | |
3577 [ Event-Timestamp ] | |
3578 [ Acct-Delay-Time ] | |
3579 [ NAS-Identifier ] | |
3580 [ NAS-IP-Address ] | |
3581 [ NAS-IPv6-Address ] | |
3582 [ NAS-Port ] | |
3583 [ NAS-Port-Id ] | |
3584 [ NAS-Port-Type ] | |
3585 * [ Class ] | |
3586 [ Service-Type ] | |
3587 [ Termination-Cause ] | |
3588 [ Accounting-Input-Octets ] | |
3589 [ Accounting-Input-Packets ] | |
3590 [ Accounting-Output-Octets ] | |
3591 [ Accounting-Output-Packets ] | |
3592 [ Acct-Authentic ] | |
3593 [ Accounting-Auth-Method ] | |
3594 [ Acct-Link-Count ] | |
3595 [ Acct-Session-Time ] | |
3596 [ Acct-Tunnel-Connection ] | |
3597 [ Acct-Tunnel-Packets-Lost ] | |
3598 [ Callback-Id ] | |
3599 [ Callback-Number ] | |
3600 [ Called-Station-Id ] | |
3601 [ Calling-Station-Id ] | |
3602 * [ Connection-Info ] | |
3603 [ Originating-Line-Info ] | |
3604 [ Authorization-Lifetime ] | |
3605 [ Session-Timeout ] | |
3606 [ Idle-Timeout ] | |
3607 [ Port-Limit ] | |
3608 [ Accounting-Realtime-Required ] | |
3609 [ Acct-Interim-Interval ] | |
3610 * [ Filter-Id ] | |
3611 * [ NAS-Filter-Rule ] | |
3612 * [ Qos-Filter-Rule ] | |
3613 [ Framed-AppleTalk-Link ] | |
3614 [ Framed-AppleTalk-Network ] | |
3615 [ Framed-AppleTalk-Zone ] | |
3616 [ Framed-Compression ] | |
3617 [ Framed-Interface-Id ] | |
3618 [ Framed-IP-Address ] | |
3619 [ Framed-IP-Netmask ] | |
3620 * [ Framed-IPv6-Prefix ] | |
3621 [ Framed-IPv6-Pool ] | |
3622 * [ Framed-IPv6-Route ] | |
3623 [ Framed-IPX-Network ] | |
3624 [ Framed-MTU ] | |
3625 [ Framed-Pool ] | |
3626 [ Framed-Protocol ] | |
3627 * [ Framed-Route ] | |
3628 [ Framed-Routing ] | |
3629 * [ Login-IP-Host ] | |
3630 * [ Login-IPv6-Host ] | |
3631 [ Login-LAT-Group ] | |
3632 [ Login-LAT-Node ] | |
3633 [ Login-LAT-Port ] | |
3634 [ Login-LAT-Service ] | |
3635 [ Login-Service ] | |
3636 [ Login-TCP-Port ] | |
3637 * [ Tunneling ] | |
3638 * [ Proxy-Info ] | |
3639 * [ Route-Record ] | |
3640 * [ AVP ] | |
3641 */ | |
3642 dict_object_t * cmd; | |
3643 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3644 ,{ "Acct-Delay-Time", RULE_OPTIONAL, -1, 1, 1 } | |
3645 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1, 1 } | |
3646 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3647 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3648 ,{ "NAS-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3649 ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3650 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3651 ,{ "Class", RULE_OPTIONAL, -1,-1, 1 } | |
3652 ,{ "Service-Type", RULE_OPTIONAL, -1, 1, 1 } | |
3653 ,{ "Termination-Cause", RULE_OPTIONAL, -1, 1, 1 } | |
3654 ,{ "Accounting-Input-Octets", RULE_OPTIONAL, -1, 1, 1 } | |
3655 ,{ "Accounting-Input-Packets", RULE_OPTIONAL, -1, 1, 1 } | |
3656 ,{ "Accounting-Output-Octets", RULE_OPTIONAL, -1, 1, 1 } | |
3657 ,{ "Accounting-Output-Packets", RULE_OPTIONAL, -1, 1, 1 } | |
3658 ,{ "Acct-Authentic", RULE_OPTIONAL, -1, 1, 1 } | |
3659 ,{ "Accounting-Auth-Method", RULE_OPTIONAL, -1, 1, 1 } | |
3660 ,{ "Acct-Link-Count", RULE_OPTIONAL, -1, 1, 1 } | |
3661 ,{ "Acct-Session-Time", RULE_OPTIONAL, -1, 1, 1 } | |
3662 ,{ "Acct-Tunnel-Connection", RULE_OPTIONAL, -1, 1, 1 } | |
3663 ,{ "Acct-Tunnel-Packets-Lost", RULE_OPTIONAL, -1, 1, 1 } | |
3664 ,{ "Callback-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3665 ,{ "Callback-Number", RULE_OPTIONAL, -1, 1, 1 } | |
3666 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3667 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3668 ,{ "Connect-Info", RULE_OPTIONAL, -1,-1, 1 } | |
3669 ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1, 1 } | |
3670 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1, 1 } | |
3671 ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1, 1 } | |
3672 ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1, 1 } | |
3673 ,{ "Port-Limit", RULE_OPTIONAL, -1, 1, 1 } | |
3674 ,{ "Filter-Id", RULE_OPTIONAL, -1,-1, 1 } | |
3675 ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 } | |
3676 ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1, 1 } | |
3677 ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1, 1 } | |
3678 ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1, 1, 1 } | |
3679 ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1, 1 } | |
3680 ,{ "Framed-Compression", RULE_OPTIONAL, -1, 1, 1 } | |
3681 ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1, 1 } | |
3682 ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1, 1 } | |
3683 ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1, 1 } | |
3684 ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1, 1 } | |
3685 ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1, 1 } | |
3686 ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1, 1 } | |
3687 ,{ "Framed-Route", RULE_OPTIONAL, -1,-1, 1 } | |
3688 ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1, 1 } | |
3689 ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1, 1 } | |
3690 ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1, 1 } | |
3691 ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3692 ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1, 1 } | |
3693 ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1, 1 } | |
3694 ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1, 1 } | |
3695 ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1, 1 } | |
3696 ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1, 1 } | |
3697 ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3698 ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1, 1 } | |
3699 ,{ "Login-Service", RULE_OPTIONAL, -1, 1, 1 } | |
3700 ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1, 1 } | |
3701 ,{ "Tunneling", RULE_OPTIONAL, -1,-1, 1 } | |
3702 }; | |
3703 | |
3704 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Request", &cmd); | |
3705 PARSE_loc_rules( rules, cmd ); | |
3706 } | |
3707 | |
3708 /* Accounting-Answer */ | |
3709 { | |
3710 /* | |
3711 Add additional rules of the ABNF (compared to Base definition): | |
3712 | |
3713 <AC-Answer> ::= < Diameter Header: 271, PXY > | |
3714 < Session-Id > | |
3715 { Result-Code } | |
3716 { Origin-Host } | |
3717 { Origin-Realm } | |
3718 { Accounting-Record-Type } | |
3719 { Accounting-Record-Number } | |
3720 [ Acct-Application-Id ] | |
3721 [ Vendor-Specific-Application-Id ] | |
3722 [ User-Name ] | |
3723 [ Accounting-Sub-Session-Id ] | |
3724 [ Acct-Session-Id ] | |
3725 [ Acct-Multi-Session-Id ] | |
3726 [ Event-Timestamp ] | |
3727 [ Error-Message ] | |
3728 [ Error-Reporting-Host ] | |
3729 * [ Failed-AVP ] | |
3730 [ Origin-AAA-Protocol ] | |
3731 [ Origin-State-Id ] | |
3732 [ NAS-Identifier ] | |
3733 [ NAS-IP-Address ] | |
3734 [ NAS-IPv6-Address ] | |
3735 [ NAS-Port ] | |
3736 [ NAS-Port-Id ] | |
3737 [ NAS-Port-Type ] | |
3738 [ Service-Type ] | |
3739 [ Termination-Cause ] | |
3740 [ Accounting-Realtime-Required ] | |
3741 [ Acct-Interim-Interval ] | |
3742 * [ Class ] | |
3743 * [ Proxy-Info ] | |
3744 * [ Route-Record ] | |
3745 * [ AVP ] | |
3746 | |
3747 */ | |
3748 dict_object_t * cmd; | |
3749 loc_rules_def_t rules[] = { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1, 1 } | |
3750 ,{ "NAS-Identifier", RULE_REQUIRED, -1, 1, 1 } | |
3751 ,{ "NAS-IP-Address", RULE_REQUIRED, -1, 1, 1 } | |
3752 ,{ "NAS-IPv6-Address", RULE_REQUIRED, -1, 1, 1 } | |
3753 ,{ "NAS-Port", RULE_REQUIRED, -1, 1, 1 } | |
3754 ,{ "NAS-Port-Id", RULE_REQUIRED, -1, 1, 1 } | |
3755 ,{ "NAS-Port-Type", RULE_REQUIRED, -1, 1, 1 } | |
3756 ,{ "Service-Type", RULE_REQUIRED, -1, 1, 1 } | |
3757 ,{ "Termination-Cause", RULE_REQUIRED, -1, 1, 1 } | |
3758 }; | |
3759 | |
3760 CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Answer", &cmd); | |
3761 PARSE_loc_rules( rules, cmd ); | |
3762 } | |
3763 } | |
3764 | |
3765 TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for NASREQ' initialized"); | |
3766 return 0; | |
3767 } | |
3768 | |
3769 EXTENSION_API_INIT(API_MODULE_DICTIONARY | API_MODULE_LOG, entry, "dict_nasreq"); |