| /********************************************************************************************************* |
| * Software License Agreement (BSD License) * |
| * Author: Francois Bard <francois@tera.ics.keio.ac.jp> * |
| * * |
| * Copyright (c) 2010, Teraoka Laboratory, Keio University * |
| * All rights reserved. * |
| * * |
| * Redistribution and use of this software in source and binary forms, with or without modification, are * |
| * permitted provided that the following conditions are met: * |
| * * |
| * * Redistributions of source code must retain the above * |
| * copyright notice, this list of conditions and the * |
| * following disclaimer. * |
| * * |
| * * Redistributions in binary form must reproduce the above * |
| * copyright notice, this list of conditions and the * |
| * following disclaimer in the documentation and/or other * |
| * materials provided with the distribution. * |
| * * |
| * * Neither the name of the Teraoka Laboratory nor the * |
| * names of its contributors may be used to endorse or * |
| * promote products derived from this software without * |
| * specific prior written permission of Teraoka Laboratory * |
| * * |
| * * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * |
| * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * |
| * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * |
| * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * |
| * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * |
| * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * |
| * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * |
| * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * |
| *********************************************************************************************************/ |
| |
| /* |
| |
| The following table complete the one in RFC 5778, page 18. The AVPs are implemented below following the order of this table. |
| We try to keep the structure of the grouped AVP by declaring the contained AVPs just before the grouped AVP they depend on. |
| The number of '+' indicates the depth of the contained AVP. |
| |
| DEPTH NAME AVP RFC TYPE NOTES |
| |
| MIP6-Feature-Vector 124 5447 Unsigned64 |
| User-Name 1 3588 UTF8String |
| Service-Selection 493 5778 UTF8String |
| MIP-MN-AAA-SPI 341 5778 Unsigned32 |
| + MIP-Home-Agent-Address 334 4004 Address |
| ++ Destination-Host 293 3588 DiameterIdentity |
| ++ Destination-Realm 283 3588 DiameterIdentity |
| + MIP-Home-Agent-Host 348 4004 Grouped |
| + MIP6-Home-Link-Prefix 125 5447 OctetString |
| MIP6-Agent-Info 486 5447 Grouped |
| + MIP-Replay-Mode 346 4004 Enumerated |
| + MIP-Algorithm-Type 345 4004 Enumerated |
| + MIP-MN-HA-SPI 491 5778 Unsigned32 |
| + MIP-MSA-Lifetime 367 4004 Unsigned32 |
| + MIP-Session-Key 343 4004 OctetString |
| MIP-MN-HA-MSA 492 5778 Grouped different from MIP-MN-to-HA-MSA (331) |
| MIP-Mobile-Node-Address 333 4004 Address |
| MIP-Careof-Address 487 5778 Address |
| MIP-Authenticator 488 5778 OctetString |
| MIP-MAC-Mobility-Data 489 5778 OctetString |
| MIP-Timestamp 490 5778 OctetString |
| Chargeable-User-Identity 89 5778 OctetString |
| MIP6-Auth-Mode 494 5778 Enumerated |
| |
| QoS AVPs (RFC 5777 - implemented in the corresponding dictionary) |
| |
| QoS-Capability 578 5777 Grouped |
| QoS-Resources 508 5777 Grouped |
| |
| ACCOUNTING AVPs (section 6.21) |
| |
| Accounting-Input-Octets 363 4004, 4005 Unsigned64 |
| Accounting-Output-Octets 364 4004, 4005 Unsigned64 |
| Accounting-Input-Packets 365 4004, 4005 Unsigned64 |
| Accounting-Output-Packets 366 4004, 4005 Unsigned64 |
| Acct-Multi-Session-Id 50 3588 UTF8String |
| Acct-Session-Time 46 2866, 4004 Unsigned32 |
| MIP6-Feature-Vector ---------------------------------- |
| MIP-Mobile-Node-Address ---------------------------------- |
| MIP6-Agent-Info ---------------------------------- |
| Chargeable-User-Identity ---------------------------------- |
| Service-Selection ---------------------------------- |
| QoS-Resources ---------------------------------- |
| QoS-Capability ---------------------------------- |
| MIP-Careof-Address ---------------------------------- |
| |
| RADIUS AVPs (contained in the MIR/MIA) |
| |
| NAS-Identifier 32 2865 radius (see avp) |
| NAS-IP-Address 4 2865 radius (see avp) |
| NAS-IPv6-Address 95 3162 radius (see avp) |
| NAS-Port-Type 61 2865 radius (see avp) |
| Called-Station-Id 30 2865 radius (see avp) |
| Calling-Station-Id 31 2865 radius (see avp) |
| |
| |
| */ |
| |
| /**************************************************************************************************************************************** |
| * * |
| * This table is a copy of the registry named "MIP6 Authentication Mode Registry" and managed by IANA. * |
| * source : http://www.iana.org/assignments/aaa-parameters/aaa-parameters.txt * |
| * up to date on october 2010 * |
| * * |
| * Value Token Reference * |
| * 0 Reserved [RFC5778] * |
| * 1 MIP6_AUTH_MN_AAA [RFC5778] * |
| * 2-4294967295 Unassigned * |
| * * |
| ****************************************************************************************************************************************/ |
| |
| |
| /* |
| |
| NOTES |
| |
| check for omissions ! |
| |
| */ |
| |
| #include <freeDiameter/extension.h> |
| |
| #define CHECK_dict_new( _type, _data, _parent, _ref ) \ |
| CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) ); |
| |
| #define CHECK_dict_search( _type, _criteria, _what, _result ) \ |
| CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) ); |
| |
| struct local_rules_definition { |
| char *avp_name; |
| enum rule_position position; |
| int min; |
| int max; |
| }; |
| |
| #define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 ) |
| |
| #define PARSE_loc_rules( _rulearray, _parent) { \ |
| int __ar; \ |
| for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \ |
| struct dict_rule_data __data = { NULL, \ |
| (_rulearray)[__ar].position, \ |
| 0, \ |
| (_rulearray)[__ar].min, \ |
| (_rulearray)[__ar].max}; \ |
| __data.rule_order = RULE_ORDER(__data.rule_position); \ |
| CHECK_FCT( fd_dict_search( \ |
| fd_g_config->cnf_dict, \ |
| DICT_AVP, \ |
| AVP_BY_NAME, \ |
| (_rulearray)[__ar].avp_name, \ |
| &__data.rule_avp, 0 ) ); \ |
| if ( !__data.rule_avp ) { \ |
| TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \ |
| return ENOENT; \ |
| } \ |
| CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \ |
| { \ |
| TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \ |
| (_rulearray)[__ar].avp_name ); \ |
| return EINVAL; \ |
| } ); \ |
| } \ |
| } |
| |
| #define enumval_def_u32( _val_, _str_ ) \ |
| { _str_, { .u32 = _val_ }} |
| |
| #define enumval_def_os( _len_, _val_, _str_ ) \ |
| { _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}} |
| |
| |
| |
| /* Defines if there are any */ |
| |
| //New Result-Code for MIP (RFC5778, Section 7.*) |
| #define DIAMETER_SUCCESS_RELOCATE_HA 2009 |
| #define DIAMETER_ERROR_MIP6_AUTH_MODE 5041 |
| |
| //Others |
| #define MIP6_AUTH_MN_AAA 1 |
| |
| /* Dictionary */ |
| |
| int dict_mip6a_init(char * conffile) |
| { |
| struct dict_object * mip6a; |
| { |
| struct dict_application_data data = { 8, "Diameter Mobile IPv6 Auth (MIP6A) Application" }; |
| CHECK_dict_new( DICT_APPLICATION, &data , NULL, &mip6a); |
| } |
| |
| /***************/ |
| /* AVP section */ |
| /***************/ |
| { |
| /* Loading all the derived data formats */ |
| |
| struct dict_object * Address_type; |
| struct dict_object * UTF8String_type; |
| struct dict_object * DiameterIdentity_type; |
| struct dict_object * DiameterURI_type; |
| struct dict_object * Time_type; |
| |
| CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Address", &Address_type); |
| CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type); |
| CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterIdentity", &DiameterIdentity_type); |
| CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterURI", &DiameterURI_type); |
| CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Time", &Time_type); |
| |
| /////////////////////////////////////////// |
| /* AVPs for Mobile IPv6 Auth Application */ |
| /////////////////////////////////////////// |
| |
| /* MIP6-Feature-Vector - RFC 5447 */ |
| { |
| /* |
| |
| */ |
| |
| struct dict_avp_data data = { |
| 124, /* Code */ |
| 0, /* Vendor */ |
| "MIP6-Feature-Vector", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED64 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* User-Name - RFC 3588 */ |
| |
| /* |
| Implemented in the base protocol |
| */ |
| |
| /* Service-Selection - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| |
| struct dict_avp_data data = { |
| 493, /* Code */ |
| 0, /* Vendor */ |
| "Service-Selection", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| } |
| |
| /* MIP-MN-AAA-SPI - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| |
| struct dict_avp_data data = { |
| 341, /* Code */ |
| 0, /* Vendor */ |
| "MIP-MN-AAA-SPI", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED32 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* Destination-Host - Base Protocol */ |
| |
| /* |
| Implemented in the base protocol |
| */ |
| |
| /* Destination-Realm - Base Protocol */ |
| |
| /* |
| Implemented in the base protocol |
| */ |
| |
| /* MIP-Home-Agent-Address - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| |
| struct dict_avp_data data = { |
| 334, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Home-Agent-Address", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); |
| } |
| |
| /* MIP-Home-Agent-Host - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_object * avp; |
| struct dict_avp_data data = { |
| 348, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Home-Agent-Host", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_GROUPED /* base type of data */ |
| }; |
| |
| struct local_rules_definition rules[] = |
| { { "Destination-Realm", RULE_REQUIRED, -1, 1 } |
| ,{ "Destination-Host", RULE_REQUIRED, -1, 1 } |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, &avp); |
| PARSE_loc_rules( rules, avp ); |
| } |
| |
| /* MIP6-Home-Link-Prefix - RFC 5447 */ |
| { |
| /* |
| |
| */ |
| |
| struct dict_avp_data data = { |
| 125, /* Code */ |
| 0, /* Vendor */ |
| "MIP6-Home-Link-Prefix", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* MIP6-Agent-Info - RFC 5447*/ |
| { |
| /* |
| |
| */ |
| struct dict_object * avp; |
| struct dict_avp_data data = { |
| 486, /* Code */ |
| 0, /* Vendor */ |
| "MIP6-Agent-Info", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_GROUPED /* base type of data */ |
| }; |
| |
| struct local_rules_definition rules[] = |
| { { "MIP-Home-Agent-Address", RULE_OPTIONAL, -1, 2 } |
| ,{ "MIP-Home-Agent-Host", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP6-Home-Link-Prefix", RULE_OPTIONAL, -1, 1 } |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, &avp); |
| PARSE_loc_rules( rules, avp ); |
| } |
| |
| /* MIP-Replay-Mode - RFC 5778 & 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_object * type; |
| struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(MIP-Replay-Mode)", NULL, NULL, NULL }; |
| struct dict_enumval_data t_0 = { "None", { .i32 = 1 }}; |
| struct dict_enumval_data t_1 = { "Timestamp", { .i32 = 2 }}; |
| struct dict_avp_data data = { |
| 346, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Replay-Mode", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_INTEGER32 /* base type of data */ |
| }; |
| |
| /* Create the Enumerated type, and then the AVP */ |
| CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| CHECK_dict_new( DICT_ENUMVAL, &t_0 , type, NULL); |
| CHECK_dict_new( DICT_ENUMVAL, &t_1 , type, NULL); |
| CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| } |
| |
| /* MIP-Algorithm-Type - RFC 5778 & 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_object * type; |
| struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(MIP-Algorithm-Type)", NULL, NULL, NULL }; |
| struct dict_enumval_data t_2 = { "HMAC-SHA-1 [HMAC]", { .i32 = 2 }}; |
| struct dict_avp_data data = { |
| 345, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Algorithm-Type", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_INTEGER32 /* base type of data */ |
| }; |
| |
| /* Create the Enumerated type, and then the AVP */ |
| CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| CHECK_dict_new( DICT_ENUMVAL, &t_2 , type, NULL); |
| CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| } |
| |
| /* MIP-MN-HA-SPI - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 491, /* Code */ |
| 0, /* Vendor */ |
| "MIP-MN-HA-SPI", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED32 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* MIP-MSA-Lifetime - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 367, /* Code */ |
| 0, /* Vendor */ |
| "MIP-MSA-Lifetime", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED32 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* MIP-Session-Key - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 343, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Session-Key", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* MIP-MN-HA-MSA - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_object * avp; |
| struct dict_avp_data data = { |
| 492, /* Code */ |
| 0, /* Vendor */ |
| "MIP-MN-HA-MSA", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_GROUPED /* base type of data */ |
| }; |
| |
| struct local_rules_definition rules[] = |
| { { "MIP-Session-Key", RULE_REQUIRED, -1, 1 } |
| ,{ "MIP-MSA-Lifetime", RULE_REQUIRED, -1, 1 } |
| ,{ "MIP-MN-HA-SPI", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-Algorithm-Type", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-Replay-Mode", RULE_OPTIONAL, -1, 1 } |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, &avp); |
| PARSE_loc_rules( rules, avp ); |
| } |
| |
| /* MIP-Mobile-Node-Address - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| |
| struct dict_avp_data data = { |
| 333, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Mobile-Node-Address", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); |
| } |
| |
| /* MIP-Careof-Address - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 487, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Careof-Address", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); |
| } |
| |
| /* MIP-Authenticator - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 488, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Authenticator", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* MIP-MAC-Mobility-Data - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 489, /* Code */ |
| 0, /* Vendor */ |
| "MIP-MAC-Mobility-Data", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* MIP-Timestamp - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 490, /* Code */ |
| 0, /* Vendor */ |
| "MIP-Timestamp", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* Chargeable-User-Identity - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 89, /* Code */ |
| 0, /* Vendor */ |
| "Chargeable-User-Identity", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* MIP6-Auth-Mode - RFC 5778 */ |
| { |
| /* |
| |
| */ |
| struct dict_object * type; |
| struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(MIP6-Auth-Mode)", NULL, NULL, NULL }; |
| struct dict_enumval_data t_0 = { "None", { .i32 = MIP6_AUTH_MN_AAA }}; |
| struct dict_avp_data data = { |
| 494, /* Code */ |
| 0, /* Vendor */ |
| "MIP6-Auth-Mode", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_INTEGER32 /* base type of data */ |
| }; |
| |
| /* Create the Enumerated type, and then the AVP */ |
| CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| CHECK_dict_new( DICT_ENUMVAL, &t_0 , type, NULL); |
| CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| } |
| |
| ////////////// |
| /* QoS AVPs */ |
| ////////////// |
| |
| /* QoS-Capability */ |
| |
| /* |
| Implemented in RFC 5777 |
| */ |
| |
| /* QoS-Resources */ |
| |
| /* |
| Implemented in RFC 5777 |
| */ |
| |
| ///////////////////// |
| /* Accounting AVPs */ |
| ///////////////////// |
| |
| /* Accounting-Input-Octets - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 363, /* Code */ |
| 0, /* Vendor */ |
| "Accounting-Input-Octets", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED64 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* Accounting-Output-Octets - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 364, /* Code */ |
| 0, /* Vendor */ |
| "Accounting-Output-Octets", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED64 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* Accounting-Input-Packets - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 365, /* Code */ |
| 0, /* Vendor */ |
| "Accounting-Input-Packets", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED64 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* Accounting-Output-Packets - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 366, /* Code */ |
| 0, /* Vendor */ |
| "Accounting-Output-Packets", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED64 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* Acct-Multi-Session-Id - RFC 3588 */ |
| |
| /* |
| Implemented in the base protocol |
| */ |
| |
| /* Acct-Session-Time - RFC 4004 */ |
| { |
| /* |
| |
| */ |
| struct dict_avp_data data = { |
| 46, /* Code */ |
| 0, /* Vendor */ |
| "Acct-Session-Time", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED32 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| ///////////////////////////////////// |
| /* Radius AVPs - used in MIR & MIA */ |
| ///////////////////////////////////// |
| |
| /* |
| We used the following correspondences for determining the type of the Radius AVPs |
| |
| Radius Diameter |
| |
| text UTF8Sting |
| string OctetString |
| address Address |
| integer Unsigned32 |
| time Time |
| */ |
| |
| |
| /* NAS-Identifier 32 3575 */ |
| { |
| /* |
| string -> OctetString |
| */ |
| |
| struct dict_avp_data data = { |
| 32, /* Code */ |
| 0, /* Vendor */ |
| "NAS-Identifier", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* NAS-IP-Address 4 3575 */ |
| { |
| /* |
| address -> Address |
| */ |
| |
| struct dict_avp_data data = { |
| 4, /* Code */ |
| 0, /* Vendor */ |
| "NAS-IP-Address", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); |
| } |
| |
| /* NAS-IPv6-Address 95 3162 */ |
| { |
| /* |
| address -> Address |
| */ |
| |
| struct dict_avp_data data = { |
| 95, /* Code */ |
| 0, /* Vendor */ |
| "NAS-IPv6-Address", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , Address_type, NULL); |
| } |
| |
| /* NAS-Port-Type 61 2865 */ |
| { |
| /* |
| integer -> Unsigned32 |
| |
| Value |
| |
| The Value field is four octets. "Virtual" refers to a connection |
| to the NAS via some transport protocol, instead of through a |
| physical port. For example, if a user telnetted into a NAS to |
| authenticate himself as an Outbound-User, the Access-Request might |
| include NAS-Port-Type = Virtual as a hint to the RADIUS server |
| that the user was not on a physical port. |
| |
| 0 Async |
| 1 Sync |
| 2 ISDN Sync |
| 3 ISDN Async V.120 |
| 4 ISDN Async V.110 |
| 5 Virtual |
| 6 PIAFS |
| 7 HDLC Clear Channel |
| 8 X.25 |
| 9 X.75 |
| 10 G.3 Fax |
| 11 SDSL - Symmetric DSL |
| 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase |
| Modulation |
| 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone |
| 14 IDSL - ISDN Digital Subscriber Line |
| 15 Ethernet |
| 16 xDSL - Digital Subscriber Line of unknown type |
| 17 Cable |
| 18 Wireless - Other |
| 19 Wireless - IEEE 802.11 |
| |
| PIAFS is a form of wireless ISDN commonly used in Japan, and |
| stands for PHS (Personal Handyphone System) Internet Access Forum |
| Standard (PIAFS). |
| */ |
| |
| struct dict_avp_data data = { |
| 61, /* Code */ |
| 0, /* Vendor */ |
| "NAS-Port-Type", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_UNSIGNED32 /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| |
| /* Called-Station-Id 30 2865 */ |
| { |
| /* |
| string -> OctetString |
| */ |
| |
| struct dict_avp_data data = { |
| 30, /* Code */ |
| 0, /* Vendor */ |
| "Called-Station-Id", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| /* Calling-Station-Id 31 2865 */ |
| { |
| /* |
| string -> OctetString |
| */ |
| |
| struct dict_avp_data data = { |
| 31, /* Code */ |
| 0, /* Vendor */ |
| "Calling-Station-Id", /* Name */ |
| AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| AVP_TYPE_OCTETSTRING /* base type of data */ |
| }; |
| |
| CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| } |
| } |
| |
| /*******************/ |
| /* Command section */ |
| /*******************/ |
| |
| { |
| /* MIP6-Request (MIR) */ |
| { |
| /* |
| |
| The MIP6-Request (MIR), indicated by the Command-Code field set to |
| 325 and the 'R' bit set in the Command Flags field, is sent by the |
| HA, acting as a Diameter client, in order to request the |
| authentication and authorization of an MN. |
| |
| Although the HA provides the Diameter server with replay protection- |
| related information, the HA is responsible for the replay protection. |
| |
| The message format is shown below. |
| |
| <MIP6-Request> ::= < Diameter Header: 325, REQ, PXY > |
| < Session-ID > |
| { Auth-Application-Id } |
| { User-Name } |
| { Destination-Realm } |
| { Origin-Host } |
| { Origin-Realm } |
| { Auth-Request-Type } |
| [ Destination-Host ] |
| [ Origin-State-Id ] |
| [ NAS-Identifier ] |
| [ NAS-IP-Address ] |
| [ NAS-IPv6-Address ] |
| [ NAS-Port-Type ] |
| [ Called-Station-Id ] |
| [ Calling-Station-Id ] |
| [ MIP6-Feature-Vector ] |
| { MIP6-Auth-Mode } |
| [ MIP-MN-AAA-SPI ] |
| [ MIP-MN-HA-SPI ] |
| 1*2{ MIP-Mobile-Node-Address } |
| { MIP6-Agent-Info } |
| { MIP-Careof-Address } |
| [ MIP-Authenticator ] |
| [ MIP-MAC-Mobility-Data ] |
| [ MIP-Timestamp ] |
| [ QoS-Capability ] |
| * [ QoS-Resources ] |
| [ Chargeable-User-Identity ] |
| [ Service-Selection ] |
| [ Authorization-Lifetime ] |
| [ Auth-Session-State ] |
| * [ Proxy-Info ] |
| * [ Route-Record ] |
| * [ AVP ] |
| |
| If the MN is both authenticated and authorized for the mobility |
| service, then the Auth-Request-Type AVP is set to the value |
| AUTHORIZE_AUTHENTICATE. This is the case when the MIP6-Auth-Mode is |
| set to the value MIP6_AUTH_MN_AAA. |
| |
| */ |
| struct dict_object * cmd; |
| struct dict_cmd_data data = { |
| 325, /* Code */ |
| "MIP6-Request", /* Name */ |
| CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */ |
| CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE /* Fixed flag values */ |
| }; |
| struct local_rules_definition rules[] = |
| { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } |
| ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } |
| ,{ "User-Name", RULE_REQUIRED, -1, 1 } |
| ,{ "Destination-Realm", RULE_REQUIRED, -1, 1 } |
| ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } |
| ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } |
| ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } |
| ,{ "Destination-Host", RULE_OPTIONAL, -1, 1 } |
| ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } |
| ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } |
| ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } |
| ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } |
| ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } |
| ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } |
| ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP6-Feature-Vector", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP6-Auth-Mode", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-MN-AAA-SPI", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-MN-HA-SPI", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-Mobile-Node-Address", RULE_OPTIONAL, 1, 2 } |
| ,{ "MIP6-Agent-Info", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-Careof-Address", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-Authenticator", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-MAC-Mobility-Data", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-Timestamp", RULE_OPTIONAL, -1, 1 } |
| ,{ "QoS-Capability", RULE_OPTIONAL, -1, 1 } |
| ,{ "QoS-Resources", RULE_OPTIONAL, -1, -1 } |
| ,{ "Chargeable-User-Identity", RULE_OPTIONAL, -1, 1 } |
| ,{ "Service-Selection", RULE_OPTIONAL, -1, 1 } |
| ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } |
| ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } |
| ,{ "Proxy-Info", RULE_OPTIONAL, -1, -1 } |
| ,{ "Route-Record", RULE_OPTIONAL, -1, -1 } |
| }; |
| |
| CHECK_dict_new( DICT_COMMAND, &data, mip6a, &cmd); |
| PARSE_loc_rules( rules, cmd ); |
| } |
| |
| /* MIP6-Answer (MIA) */ |
| { |
| /* |
| |
| The MIP6-Answer (MIA) message, indicated by the Command-Code field |
| set to 325 and the 'R' bit cleared in the Command Flags field, is |
| sent by the Diameter server in response to the MIP6-Request message. |
| |
| The User-Name AVP MAY be included in the MIA if it is present in the |
| MIR. The Result-Code AVP MAY contain one of the values defined in |
| Section 7, in addition to the values defined in [RFC3588]. |
| |
| An MIA message with the Result-Code AVP set to DIAMETER_SUCCESS MUST |
| include the MIP-Mobile-Node-Address AVP. |
| |
| The message format is shown below. |
| |
| <MIP6-Answer> ::= < Diameter Header: 325, PXY > |
| < Session-Id > |
| { Auth-Application-Id } |
| { Result-Code } |
| { Origin-Host } |
| { Origin-Realm } |
| { Auth-Request-Type } |
| [ User-Name ] |
| [ Authorization-Lifetime ] |
| [ Auth-Session-State ] |
| [ Error-Message ] |
| [ Error-Reporting-Host ] |
| [ Re-Auth-Request-Type ] |
| [ MIP6-Feature-Vector ] |
| [ MIP6-Agent-Info ] |
| *2[ MIP-Mobile-Node-Address ] |
| [ MIP-MN-HA-MSA ] |
| * [ QoS-Resources ] |
| [ Chargeable-User-Identity ] |
| [ Service-Selection ] |
| [ Origin-State-Id ] |
| * [ Proxy-Info ] |
| * [ Redirect-Host ] |
| [ Redirect-Host-Usage ] |
| [ Redirect-Max-Cache-Time ] |
| * [ Failed-AVP ] |
| * [ AVP ] |
| |
| */ |
| struct dict_object * cmd; |
| struct dict_cmd_data data = { |
| 325, /* Code */ |
| "MIP6-Answer", /* Name */ |
| CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */ |
| CMD_FLAG_PROXIABLE /* Fixed flag values */ |
| }; |
| struct local_rules_definition rules[] = |
| { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } |
| ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } |
| ,{ "Result-Code", RULE_REQUIRED, -1, 1 } |
| ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } |
| ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } |
| ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } |
| ,{ "User-Name", RULE_OPTIONAL, -1, 1 } |
| ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } |
| ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } |
| ,{ "Error-Message", RULE_OPTIONAL, -1, 1 } |
| ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1 } |
| ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP6-Feature-Vector", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP6-Agent-Info", RULE_OPTIONAL, -1, 1 } |
| ,{ "MIP-Mobile-Node-Address", RULE_OPTIONAL, -1, 2 } |
| ,{ "MIP-MN-HA-MSA", RULE_OPTIONAL, -1, 1 } |
| ,{ "QoS-Resources", RULE_OPTIONAL, -1, -1 } |
| ,{ "Chargeable-User-Identity", RULE_OPTIONAL, -1, 1 } |
| ,{ "Service-Selection", RULE_OPTIONAL, -1, 1 } |
| ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } |
| ,{ "Proxy-Info", RULE_OPTIONAL, -1, -1 } |
| ,{ "Redirect-Host", RULE_OPTIONAL, -1, -1 } |
| ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1 } |
| ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1 } |
| ,{ "Failed-AVP", RULE_OPTIONAL, -1, -1 } |
| }; |
| |
| CHECK_dict_new( DICT_COMMAND, &data, mip6a, &cmd); |
| PARSE_loc_rules( rules, cmd ); |
| } |
| } |
| LOG_D( "Dictionary Extension 'Diameter Mobile IPv6 Auth (MIP6A)' initialized"); |
| return 0; |
| } |
| EXTENSION_ENTRY("dict_mip6a", dict_mip6a_init, "dict_rfc5777"); |