src/test/setup/radius-config/freeradius/policy.d/accounting - cord-tester - Gitiles

 # We check for this prefix to determine whether the class
 # value was generated by this server.  It should be changed
 # so that it is globally unique.
 class_value_prefix = 'ai:'

 #
 #	Replacement for the old rlm_acct_unique module
 #
 acct_unique {
 	#
 	#  If we have a class attribute in the format
 	#  'auth_id:[0-9a-f]{32}' it'll have a local value
 	#  (defined by insert_acct_class), this ensures
 	#  uniqueness and suitability.
 	#
 	#  We could just use the Class attribute as
 	#  Acct-Unique-Session-Id, but this may cause problems
 	#  with NAS that carry Class values across between
 	#  multiple linked sessions.  So we rehash class with
 	#  Acct-Session-ID to provide a truely unique session
 	#  identifier.
 	#
 	#  Using a Class/Session-ID combination is more robust
 	#  than using elements in the Accounting-Request,
 	#  which may be subject to change, such as
 	#  NAS-IP-Address, Client-IP-Address and
 	#  NAS-Port-ID/NAS-Port.
 	#
 	#  This policy should ensure that session data is not
 	#  affected if NAS IP addresses change, or the client
 	#  roams to a different 'port' whilst maintaining its
 	#  initial authentication session (Common in a
 	#  wireless environment).
 	#
 	if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
 		update request {
 			Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
 		}
 	}

 	#
 	#  Not All devices respect RFC 2865 when dealing with
 	#  the class attribute, so be prepared to use the
 	#  older style of hashing scheme if a class attribute
 	#  is not included
 	#
 	else {
 		update request {
 			Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
 		 }
 	}
 }

 #
 #	Insert a (hopefully unique) value into class
 #
 insert_acct_class {
 	update reply {
 		Class = "${policy.class_value_prefix}%{md5:%t,%I,%{Packet-Src-Port},%{Packet-Src-IP-Address},%{NAS-IP-Address},%{Calling-Station-ID},%{User-Name}}"
 	}
 }

 #
 #	Merges Acct-[Input|Output]-Octets and Acct-[Input|Output]-Gigawords into Acct-[Input|Output]-Octets64
 #
 acct_counters64.preacct {
 	update request {
 		Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}"
 		Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}"
 	}
 }
	# We check for this prefix to determine whether the class
	# value was generated by this server. It should be changed
	# so that it is globally unique.
	class_value_prefix = 'ai:'

	#
	# Replacement for the old rlm_acct_unique module
	#
	acct_unique {
	#
	# If we have a class attribute in the format
	# 'auth_id:[0-9a-f]{32}' it'll have a local value
	# (defined by insert_acct_class), this ensures
	# uniqueness and suitability.
	#
	# We could just use the Class attribute as
	# Acct-Unique-Session-Id, but this may cause problems
	# with NAS that carry Class values across between
	# multiple linked sessions. So we rehash class with
	# Acct-Session-ID to provide a truely unique session
	# identifier.
	#
	# Using a Class/Session-ID combination is more robust
	# than using elements in the Accounting-Request,
	# which may be subject to change, such as
	# NAS-IP-Address, Client-IP-Address and
	# NAS-Port-ID/NAS-Port.
	#
	# This policy should ensure that session data is not
	# affected if NAS IP addresses change, or the client
	# roams to a different 'port' whilst maintaining its
	# initial authentication session (Common in a
	# wireless environment).
	#
	if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
	update request {
	Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
	}
	}

	#
	# Not All devices respect RFC 2865 when dealing with
	# the class attribute, so be prepared to use the
	# older style of hashing scheme if a class attribute
	# is not included
	#
	else {
	update request {
	Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
	}
	}
	}

	#
	# Insert a (hopefully unique) value into class
	#
	insert_acct_class {
	update reply {
	Class = "${policy.class_value_prefix}%{md5:%t,%I,%{Packet-Src-Port},%{Packet-Src-IP-Address},%{NAS-IP-Address},%{Calling-Station-ID},%{User-Name}}"
	}
	}

	#
	# Merges Acct-[Input\|Output]-Octets and Acct-[Input\|Output]-Gigawords into Acct-[Input\|Output]-Octets64
	#
	acct_counters64.preacct {
	update request {
	Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}"
	Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}"
	}
	}