Changeset 597:f051e3795dae in freeDiameter for extensions/dict_mip6a/dict_mip6a.c
- Timestamp:
- Nov 17, 2010, 7:56:35 PM (14 years ago)
- Branch:
- default
- Children:
- 598:d46af51c019d, 599:1dade7d4cf2e
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/dict_mip6a/dict_mip6a.c
r595 r597 34 34 *********************************************************************************************************/ 35 35 36 /********************************************************************************************************* 36 /* 37 37 38 The following table complete the one in RFC 5778, page 18. The AVPs are implemented below following the order of this table. 38 39 We try to keep the structure of the grouped AVP by declaring the contained AVPs just before the grouped AVP they depend on. … … 42 43 43 44 MIP6-Feature-Vector 124 5447 Unsigned64 44 User-Name 1 3588 UTF8String implemented in base protocol45 User-Name 1 3588 UTF8String 45 46 Service-Selection 493 5778 UTF8String 46 47 MIP-MN-AAA-SPI 341 5778 Unsigned32 47 48 + MIP-Home-Agent-Address 334 4004 Address 48 ++ Destination-Host 293 3588 DiameterIdentity implemented in base protocol49 ++ Destination-Realm 283 3588 DiameterIdentity implemented in base protocol49 ++ Destination-Host 293 3588 DiameterIdentity 50 ++ Destination-Realm 283 3588 DiameterIdentity 50 51 + MIP-Home-Agent-Host 348 4004 Grouped 51 52 + MIP6-Home-Link-Prefix 125 5447 OctetString … … 76 77 Accounting-Input-Packets 365 4004, 4005 Unsigned64 77 78 Accounting-Output-Packets 366 4004, 4005 Unsigned64 78 Acct-Multi-Session-Id 50 3588 UTF8String implemented in base protocol79 Acct-Multi-Session-Id 50 3588 UTF8String 79 80 Acct-Session-Time 46 2866, 4004 Unsigned32 80 81 MIP6-Feature-Vector ---------------------------------- … … 87 88 MIP-Careof-Address ---------------------------------- 88 89 89 REST OF THE AVPs IN THE MIR & MIA EXCLUDING *[AVP] 90 91 MIP6-Request - Only a few radius AVPs have to be implemented. 92 93 Session-ID 263 3588 (diameter) 94 Auth-Application-Id 258 3588 95 User-Name 1 3588 96 Destination-Realm 283 3588 97 Origin-Host 264 3588 98 Origin-Realm 296 3588 99 Auth-Request-Type 274 3588 100 Destination-Host 293 3588 101 Origin-State-Id 278 3588 102 NAS-Identifier 32 2865 (radius) needed 103 NAS-IP-Address 4 2865 needed 104 NAS-IPv6-Address 95 3162 needed 105 NAS-Port-Type 61 2865 needed 106 Called-Station-Id 30 2865 needed 107 Calling-Station-Id 31 2865 needed 108 MIP6-Feature-Vector ------------ 109 MIP6-Auth-Mode ------------ 110 MIP-MN-AAA-SPI ------------ 111 MIP-MN-HA-SPI ------------ 112 MIP-Mobile-Node-Address ------------ 113 MIP6-Agent-Info ------------ 114 MIP-Careof-Address ------------ 115 MIP-Authenticator ------------ 116 MIP-MAC-Mobility-Data ------------ 117 MIP-Timestamp ------------ 118 QoS-Capability ------------ 119 QoS-Resources ------------ 120 Chargeable-User-Identity ------------ 121 Service-Selection ------------ 122 Authorization-Lifetime 291 3588 123 Auth-Session-State 277 3588 124 Proxy-Info 284 3588 125 Route-Record 282 3588 126 127 MIP6-Answer - All of them are already implemented as base protocol AVPs or implemented earlier. 128 129 Session-Id 263 3588 (diameter) 130 Auth-Application-Id 258 3588 131 Result-Code 268 3588 132 Origin-Host 264 3588 133 Origin-Realm 296 3588 134 Auth-Request-Type 274 3588 135 User-Name 1 3588 136 Authorization-Lifetime 291 3588 137 Auth-Session-State 277 3588 138 Error-Message 281 3588 139 Error-Reporting-Host 294 3588 140 Re-Auth-Request-Type 285 3588 141 MIP6-Feature-Vector ------------------- 142 MIP-Agent-Info ------------------- 143 MIP-Mobile-Node-Address ------------------- 144 MIP-MN-HA-MSA ------------------- 145 QoS-Resources ------------------- 146 Chargeable-User-Identity ------------------- 147 Service-Selection ------------------- 148 Origin-State-Id 278 3588 149 Proxy-Info 284 3588 150 Redirect-Host 292 3588 151 Redirect-Host-Usage 261 3588 152 Redirect-Max-Cache-Time 262 3588 153 Failed-AVP 279 3588 154 155 Other AVPs? 156 157 ************************************************************************************************************/ 90 RADIUS AVPs (contained in the MIR/MIA) 91 92 NAS-Identifier 32 2865 radius (see avp) 93 NAS-IP-Address 4 2865 radius (see avp) 94 NAS-IPv6-Address 95 3162 radius (see avp) 95 NAS-Port-Type 61 2865 radius (see avp) 96 Called-Station-Id 30 2865 radius (see avp) 97 Calling-Station-Id 31 2865 radius (see avp) 98 99 100 */ 158 101 159 102 /**************************************************************************************************************************************** … … 161 104 * This table is a copy of the registry named "MIP6 Authentication Mode Registry" and managed by IANA. * 162 105 * source : http://www.iana.org/assignments/aaa-parameters/aaa-parameters.txt * 163 * 106 * up to date on october 2010 * 164 107 * * 165 108 * Value Token Reference * … … 172 115 173 116 /* 174 NOTES TO SELF 175 176 - Reflechir au rangement des avps 177 - Verifier si dans les grouped avps il faut aussi implementer les sous avp 178 - verifier si les avps sont up-to-date, et ecrire la date a laquelle ils sont up-to-date 179 180 - comment on fait pour les namespaces? (typiquement MIP6_AUTH_MN_AAA, RFC5778 page 30) 181 - (pour linstant jai fait un define) 182 183 -RELIRE ! jai peu quil y ait des fautes. surtout celle la. 117 118 NOTES 119 120 check for omissions ! 184 121 185 122 */ … … 240 177 /* Defines if there are any */ 241 178 242 / * New Result-Code for MIP (RFC5778, Section 7.*) */179 //New Result-Code for MIP (RFC5778, Section 7.*) 243 180 #define DIAMETER_SUCCESS_RELOCATE_HA 2009 244 181 #define DIAMETER_ERROR_MIP6_AUTH_MODE 5041 182 183 //Others 245 184 #define MIP6_AUTH_MN_AAA 1 246 185 … … 797 736 } 798 737 799 }800 801 738 ///////////////////////////////////// 802 739 /* Radius AVPs - used in MIR & MIA */ 803 740 ///////////////////////////////////// 804 741 805 /* 806 * 807 * voir MIP6I 808 * 809 NAS-Identifier 32 2865 (radius) 810 NAS-IP-Address 4 2865 811 NAS-IPv6-Address 95 3162 812 NAS-Port-Type 61 2865 813 Called-Station-Id 30 2865 814 Calling-Station-Id 31 2865 815 */ 816 817 742 /* 743 We used the following correspondences for determining the type of the Radius AVPs 744 745 Radius Diameter 746 747 text UTF8Sting 748 string OctetString 749 address Address 750 integer Unsigned32 751 time Time 752 */ 753 754 755 /* NAS-Identifier 32 3575 */ 756 { 757 /* 758 string -> OctetString 759 */ 760 761 struct dict_avp_data data = { 762 32, /* Code */ 763 0, /* Vendor */ 764 "NAS-Identifier", /* Name */ 765 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ 766 AVP_FLAG_MANDATORY, /* Fixed flag values */ 767 AVP_TYPE_OCTETSTRING /* base type of data */ 768 }; 769 770 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); 771 } 772 773 /* NAS-IP-Address 4 3575 */ 774 { 775 /* 776 address -> Address 777 */ 778 779 struct dict_avp_data data = { 780 4, /* Code */ 781 0, /* Vendor */ 782 "NAS-IP-Address", /* Name */ 783 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ 784 AVP_FLAG_MANDATORY, /* Fixed flag values */ 785 AVP_TYPE_OCTETSTRING /* base type of data */ 786 }; 787 788 CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); 789 } 790 791 /* NAS-IPv6-Address 95 3162 */ 792 { 793 /* 794 address -> Address 795 */ 796 797 struct dict_avp_data data = { 798 95, /* Code */ 799 0, /* Vendor */ 800 "NAS-IPv6-Address", /* Name */ 801 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ 802 AVP_FLAG_MANDATORY, /* Fixed flag values */ 803 AVP_TYPE_OCTETSTRING /* base type of data */ 804 }; 805 806 CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); 807 } 808 809 /* NAS-Port-Type 61 2865 */ 810 { 811 /* 812 integer -> Unsigned32 813 814 Value 815 816 The Value field is four octets. "Virtual" refers to a connection 817 to the NAS via some transport protocol, instead of through a 818 physical port. For example, if a user telnetted into a NAS to 819 authenticate himself as an Outbound-User, the Access-Request might 820 include NAS-Port-Type = Virtual as a hint to the RADIUS server 821 that the user was not on a physical port. 822 823 0 Async 824 1 Sync 825 2 ISDN Sync 826 3 ISDN Async V.120 827 4 ISDN Async V.110 828 5 Virtual 829 6 PIAFS 830 7 HDLC Clear Channel 831 8 X.25 832 9 X.75 833 10 G.3 Fax 834 11 SDSL - Symmetric DSL 835 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase 836 Modulation 837 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone 838 14 IDSL - ISDN Digital Subscriber Line 839 15 Ethernet 840 16 xDSL - Digital Subscriber Line of unknown type 841 17 Cable 842 18 Wireless - Other 843 19 Wireless - IEEE 802.11 844 845 PIAFS is a form of wireless ISDN commonly used in Japan, and 846 stands for PHS (Personal Handyphone System) Internet Access Forum 847 Standard (PIAFS). 848 */ 849 850 struct dict_avp_data data = { 851 61, /* Code */ 852 0, /* Vendor */ 853 "NAS-Port-Type", /* Name */ 854 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ 855 AVP_FLAG_MANDATORY, /* Fixed flag values */ 856 AVP_TYPE_UNSIGNED32 /* base type of data */ 857 }; 858 859 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); 860 } 861 862 /* Called-Station-Id 30 2865 */ 863 { 864 /* 865 string -> OctetString 866 */ 867 868 struct dict_avp_data data = { 869 30, /* Code */ 870 0, /* Vendor */ 871 "Called-Station-Id", /* Name */ 872 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ 873 AVP_FLAG_MANDATORY, /* Fixed flag values */ 874 AVP_TYPE_OCTETSTRING /* base type of data */ 875 }; 876 877 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); 878 } 879 /* Calling-Station-Id 31 2865 */ 880 { 881 /* 882 string -> OctetString 883 */ 884 885 struct dict_avp_data data = { 886 31, /* Code */ 887 0, /* Vendor */ 888 "Calling-Station-Id", /* Name */ 889 AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ 890 AVP_FLAG_MANDATORY, /* Fixed flag values */ 891 AVP_TYPE_OCTETSTRING /* base type of data */ 892 }; 893 894 CHECK_dict_new( DICT_AVP, &data , NULL, NULL); 895 } 896 } 897 898 /*******************/ 899 /* Command section */ 900 /*******************/ 901 902 { 903 /* MIP6-Request (MIR) */ 904 { 905 /* 906 907 The MIP6-Request (MIR), indicated by the Command-Code field set to 908 325 and the 'R' bit set in the Command Flags field, is sent by the 909 HA, acting as a Diameter client, in order to request the 910 authentication and authorization of an MN. 911 912 Although the HA provides the Diameter server with replay protection- 913 related information, the HA is responsible for the replay protection. 914 915 The message format is shown below. 916 917 <MIP6-Request> ::= < Diameter Header: 325, REQ, PXY > 918 < Session-ID > 919 { Auth-Application-Id } 920 { User-Name } 921 { Destination-Realm } 922 { Origin-Host } 923 { Origin-Realm } 924 { Auth-Request-Type } 925 [ Destination-Host ] 926 [ Origin-State-Id ] 927 [ NAS-Identifier ] 928 [ NAS-IP-Address ] 929 [ NAS-IPv6-Address ] 930 [ NAS-Port-Type ] 931 [ Called-Station-Id ] 932 [ Calling-Station-Id ] 933 [ MIP6-Feature-Vector ] 934 { MIP6-Auth-Mode } 935 [ MIP-MN-AAA-SPI ] 936 [ MIP-MN-HA-SPI ] 937 1*2{ MIP-Mobile-Node-Address } 938 { MIP6-Agent-Info } 939 { MIP-Careof-Address } 940 [ MIP-Authenticator ] 941 [ MIP-MAC-Mobility-Data ] 942 [ MIP-Timestamp ] 943 [ QoS-Capability ] 944 * [ QoS-Resources ] 945 [ Chargeable-User-Identity ] 946 [ Service-Selection ] 947 [ Authorization-Lifetime ] 948 [ Auth-Session-State ] 949 * [ Proxy-Info ] 950 * [ Route-Record ] 951 * [ AVP ] 952 953 If the MN is both authenticated and authorized for the mobility 954 service, then the Auth-Request-Type AVP is set to the value 955 AUTHORIZE_AUTHENTICATE. This is the case when the MIP6-Auth-Mode is 956 set to the value MIP6_AUTH_MN_AAA. 957 958 */ 959 struct dict_object * cmd; 960 struct dict_cmd_data data = { 961 325, /* Code */ 962 "MIP6-Request", /* Name */ 963 CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */ 964 CMD_FLAG_PROXIABLE /* Fixed flag values */ 965 }; 966 struct local_rules_definition rules[] = 967 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } 968 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } 969 ,{ "User-Name", RULE_REQUIRED, -1, 1 } 970 ,{ "Destination-Realm", RULE_REQUIRED, -1, 1 } 971 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } 972 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } 973 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } 974 ,{ "Destination-Host", RULE_OPTIONAL, -1, 1 } 975 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } 976 ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } 977 ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } 978 ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } 979 ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } 980 ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } 981 ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } 982 ,{ "MIP6-Feature-Vector", RULE_OPTIONAL, -1, 1 } 983 ,{ "MIP6-Auth-Mode", RULE_OPTIONAL, -1, 1 } 984 ,{ "MIP-MN-AAA-SPI", RULE_OPTIONAL, -1, 1 } 985 ,{ "MIP-MN-HA-SPI", RULE_OPTIONAL, -1, 1 } 986 ,{ "MIP-Mobile-Node-Address", RULE_OPTIONAL, 1, 2 } 987 ,{ "MIP6-Agent-Info", RULE_OPTIONAL, -1, 1 } 988 ,{ "MIP-Careof-Address", RULE_OPTIONAL, -1, 1 } 989 ,{ "MIP-Authenticator", RULE_OPTIONAL, -1, 1 } 990 ,{ "MIP-MAC-Mobility-Data", RULE_OPTIONAL, -1, 1 } 991 ,{ "MIP-Timestamp", RULE_OPTIONAL, -1, 1 } 992 ,{ "QoS-Capability", RULE_OPTIONAL, -1, 1 } 993 ,{ "QoS-Resources", RULE_OPTIONAL, -1, -1 } 994 ,{ "Chargeable-User-Identity", RULE_OPTIONAL, -1, 1 } 995 ,{ "Service-Selection", RULE_OPTIONAL, -1, 1 } 996 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } 997 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } 998 ,{ "Proxy-Info", RULE_OPTIONAL, -1, -1 } 999 ,{ "Route-Record", RULE_OPTIONAL, -1, -1 } 1000 }; 1001 1002 CHECK_dict_new( DICT_COMMAND, &data , mip6i, &cmd); 1003 PARSE_loc_rules( rules, cmd ); 1004 } 1005 1006 /* MIP6-Answer (MIA) */ 1007 { 1008 /* 1009 1010 The MIP6-Answer (MIA) message, indicated by the Command-Code field 1011 set to 325 and the 'R' bit cleared in the Command Flags field, is 1012 sent by the Diameter server in response to the MIP6-Request message. 1013 1014 The User-Name AVP MAY be included in the MIA if it is present in the 1015 MIR. The Result-Code AVP MAY contain one of the values defined in 1016 Section 7, in addition to the values defined in [RFC3588]. 1017 1018 An MIA message with the Result-Code AVP set to DIAMETER_SUCCESS MUST 1019 include the MIP-Mobile-Node-Address AVP. 1020 1021 The message format is shown below. 1022 1023 <MIP6-Answer> ::= < Diameter Header: 325, PXY > 1024 < Session-Id > 1025 { Auth-Application-Id } 1026 { Result-Code } 1027 { Origin-Host } 1028 { Origin-Realm } 1029 { Auth-Request-Type } 1030 [ User-Name ] 1031 [ Authorization-Lifetime ] 1032 [ Auth-Session-State ] 1033 [ Error-Message ] 1034 [ Error-Reporting-Host ] 1035 [ Re-Auth-Request-Type ] 1036 [ MIP6-Feature-Vector ] 1037 [ MIP-Agent-Info ] 1038 *2[ MIP-Mobile-Node-Address ] 1039 [ MIP-MN-HA-MSA ] 1040 * [ QoS-Resources ] 1041 [ Chargeable-User-Identity ] 1042 [ Service-Selection ] 1043 [ Origin-State-Id ] 1044 * [ Proxy-Info ] 1045 * [ Redirect-Host ] 1046 [ Redirect-Host-Usage ] 1047 [ Redirect-Max-Cache-Time ] 1048 * [ Failed-AVP ] 1049 * [ AVP ] 1050 1051 */ 1052 struct dict_object * cmd; 1053 struct dict_cmd_data data = { 1054 325, /* Code */ 1055 "MIP6-Answer", /* Name */ 1056 CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */ 1057 CMD_FLAG_PROXIABLE /* Fixed flag values */ 1058 }; 1059 struct local_rules_definition rules[] = 1060 { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } 1061 ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } 1062 ,{ "Result-Code", RULE_REQUIRED, -1, 1 } 1063 ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } 1064 ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } 1065 ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } 1066 ,{ "User-Name", RULE_OPTIONAL, -1, 1 } 1067 ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } 1068 ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } 1069 ,{ "Error-Message", RULE_OPTIONAL, -1, 1 } 1070 ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1 } 1071 ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 } 1072 ,{ "MIP6-Feature-Vector", RULE_OPTIONAL, -1, 1 } 1073 ,{ "MIP-Agent-Info", RULE_OPTIONAL, -1, 1 } 1074 ,{ "MIP-Mobile-Node-Address", RULE_OPTIONAL, -1, 2 } 1075 ,{ "MIP-MN-HA-MSA", RULE_OPTIONAL, -1, 1 } 1076 ,{ "QoS-Resources", RULE_OPTIONAL, -1, -1 } 1077 ,{ "Chargeable-User-Identity", RULE_OPTIONAL, -1, 1 } 1078 ,{ "Service-Selection", RULE_OPTIONAL, -1, 1 } 1079 ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } 1080 ,{ "Proxy-Info", RULE_OPTIONAL, -1, -1 } 1081 ,{ "Redirect-Host", RULE_OPTIONAL, -1, -1 } 1082 ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1 } 1083 ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1 } 1084 ,{ "Failed-AVP", RULE_OPTIONAL, -1, -1 } 1085 }; 1086 1087 CHECK_dict_new( DICT_COMMAND, &data , mip6i, &cmd); 1088 PARSE_loc_rules( rules, cmd ); 1089 } 1090 } 818 1091 TRACE_DEBUG(INFO, "Dictionary Extension 'Diameter Mobile IPv6 Auth (MIP6A)' initialized"); 819 1092 return 0;
Note: See TracChangeset
for help on using the changeset viewer.