Brian Waters | 13d9601 | 2017-12-08 16:53:31 -0600 | [diff] [blame] | 1 | /********************************************************************************************************* |
| 2 | * Software License Agreement (BSD License) * |
| 3 | * Author: Sebastien Decugis <sdecugis@freediameter.net> * |
| 4 | * * |
| 5 | * Copyright (c) 2013, WIDE Project and NICT * |
| 6 | * All rights reserved. * |
| 7 | * * |
| 8 | * Redistribution and use of this software in source and binary forms, with or without modification, are * |
| 9 | * permitted provided that the following conditions are met: * |
| 10 | * * |
| 11 | * * Redistributions of source code must retain the above * |
| 12 | * copyright notice, this list of conditions and the * |
| 13 | * following disclaimer. * |
| 14 | * * |
| 15 | * * Redistributions in binary form must reproduce the above * |
| 16 | * copyright notice, this list of conditions and the * |
| 17 | * following disclaimer in the documentation and/or other * |
| 18 | * materials provided with the distribution. * |
| 19 | * * |
| 20 | * * Neither the name of the WIDE Project or NICT nor the * |
| 21 | * names of its contributors may be used to endorse or * |
| 22 | * promote products derived from this software without * |
| 23 | * specific prior written permission of WIDE Project and * |
| 24 | * NICT. * |
| 25 | * * |
| 26 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * |
| 27 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * |
| 28 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * |
| 29 | * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * |
| 30 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * |
| 31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * |
| 32 | * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * |
| 33 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * |
| 34 | *********************************************************************************************************/ |
| 35 | |
| 36 | /* |
| 37 | * Dictionary definitions of objects specified in Diameter NASREQ (RFC4005). |
| 38 | */ |
| 39 | #include <freeDiameter/extension.h> |
| 40 | |
| 41 | /* The content of this file follows the same structure as dict_base_proto.c */ |
| 42 | |
| 43 | #define CHECK_dict_new( _type, _data, _parent, _ref ) \ |
| 44 | CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) ); |
| 45 | |
| 46 | #define CHECK_dict_search( _type, _criteria, _what, _result ) \ |
| 47 | CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) ); |
| 48 | |
| 49 | struct local_rules_definition { |
| 50 | char *avp_name; |
| 51 | enum rule_position position; |
| 52 | int min; |
| 53 | int max; |
| 54 | }; |
| 55 | |
| 56 | #define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 ) |
| 57 | |
| 58 | #define PARSE_loc_rules( _rulearray, _parent) { \ |
| 59 | int __ar; \ |
| 60 | for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \ |
| 61 | struct dict_rule_data __data = { NULL, \ |
| 62 | (_rulearray)[__ar].position, \ |
| 63 | 0, \ |
| 64 | (_rulearray)[__ar].min, \ |
| 65 | (_rulearray)[__ar].max}; \ |
| 66 | __data.rule_order = RULE_ORDER(__data.rule_position); \ |
| 67 | CHECK_FCT( fd_dict_search( \ |
| 68 | fd_g_config->cnf_dict, \ |
| 69 | DICT_AVP, \ |
| 70 | AVP_BY_NAME, \ |
| 71 | (_rulearray)[__ar].avp_name, \ |
| 72 | &__data.rule_avp, 0 ) ); \ |
| 73 | if ( !__data.rule_avp ) { \ |
| 74 | TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \ |
| 75 | return ENOENT; \ |
| 76 | } \ |
| 77 | CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \ |
| 78 | { \ |
| 79 | TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \ |
| 80 | (_rulearray)[__ar].avp_name ); \ |
| 81 | return EINVAL; \ |
| 82 | } ); \ |
| 83 | } \ |
| 84 | } |
| 85 | |
| 86 | #define enumval_def_u32( _val_, _str_ ) \ |
| 87 | { _str_, { .u32 = _val_ }} |
| 88 | |
| 89 | #define enumval_def_os( _len_, _val_, _str_ ) \ |
| 90 | { _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}} |
| 91 | |
| 92 | |
| 93 | static int dnr_entry(char * conffile) |
| 94 | { |
| 95 | struct dict_object * nasreq; |
| 96 | TRACE_ENTRY("%p", conffile); |
| 97 | |
| 98 | /* No Vendors definitions */ |
| 99 | |
| 100 | /* Applications section */ |
| 101 | { |
| 102 | /* NASREQ (RFC 4005) */ |
| 103 | { |
| 104 | struct dict_application_data data = { 1, "Diameter Network Access Server Application" }; |
| 105 | CHECK_dict_new( DICT_APPLICATION, &data, NULL, &nasreq); |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | /* Derived AVP types section */ |
| 110 | { |
| 111 | /* QoSFilterRule */ |
| 112 | { |
| 113 | /* |
| 114 | The QosFilterRule format is derived from the OctetString AVP Base |
| 115 | Format. It uses the ASCII charset. Packets may be marked or |
| 116 | metered based on the following information: |
| 117 | |
| 118 | Direction (in or out) |
| 119 | Source and destination IP address (possibly masked) |
| 120 | Protocol |
| 121 | Source and destination port (lists or ranges) |
| 122 | DSCP values (no mask or range) |
| 123 | |
| 124 | Rules for the appropriate direction are evaluated in order; the |
| 125 | first matched rule terminates the evaluation. Each packet is |
| 126 | evaluated once. If no rule matches, the packet is treated as best |
| 127 | effort. An access device unable to interpret or apply a QoS rule |
| 128 | SHOULD NOT terminate the session. |
| 129 | |
| 130 | QoSFilterRule filters MUST follow the following format: |
| 131 | |
| 132 | action dir proto from src to dst [options] |
| 133 | |
| 134 | tag - Mark packet with a specific DSCP |
| 135 | [DIFFSERV]. The DSCP option MUST be |
| 136 | included. |
| 137 | meter - Meter traffic. The metering options |
| 138 | MUST be included. |
| 139 | |
| 140 | dir The format is as described under IPFilterRule. |
| 141 | |
| 142 | proto The format is as described under IPFilterRule. |
| 143 | |
| 144 | src and dst The format is as described under IPFilterRule. |
| 145 | |
| 146 | options: |
| 147 | |
| 148 | DSCP <color> |
| 149 | Color values as defined in [DIFFSERV]. Exact |
| 150 | matching of DSCP values is required (no masks or |
| 151 | ranges). |
| 152 | |
| 153 | metering <rate> <color_under> <color_over> |
| 154 | The metering option provides Assured Forwarding, |
| 155 | as defined in [DIFFSERVAF], and MUST be present |
| 156 | if the action is set to meter. The rate option is |
| 157 | the throughput, in bits per second, used |
| 158 | by the access device to mark packets. Traffic |
| 159 | over the rate is marked with the color_over |
| 160 | codepoint, and traffic under the rate is marked |
| 161 | with the color_under codepoint. The color_under |
| 162 | and color_over options contain the drop |
| 163 | preferences and MUST conform to the recommended |
| 164 | codepoint keywords described in [DIFFSERVAF] |
| 165 | (e.g., AF13). |
| 166 | |
| 167 | The metering option also supports the strict |
| 168 | limit on traffic required by Expedited |
| 169 | Forwarding, as defined in [DIFFSERVEF]. The |
| 170 | color_over option may contain the keyword "drop" |
| 171 | to prevent forwarding of traffic that exceeds the |
| 172 | rate parameter. |
| 173 | |
| 174 | The rule syntax is a modified subset of ipfw(8) from FreeBSD, |
| 175 | and the ipfw.c code may provide a useful base for |
| 176 | implementations. |
| 177 | */ |
| 178 | struct dict_type_data data = { AVP_TYPE_OCTETSTRING, "QoSFilterRule" , NULL , NULL }; |
| 179 | CHECK_dict_new( DICT_TYPE, &data , NULL, NULL); |
| 180 | } |
| 181 | |
| 182 | } |
| 183 | |
| 184 | /* AVP section */ |
| 185 | { |
| 186 | struct dict_object * UTF8String_type; |
| 187 | struct dict_object * IPFilterRule_type; |
| 188 | struct dict_object * QoSFilterRule_type; |
| 189 | CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type); |
| 190 | CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "IPFilterRule", &IPFilterRule_type); |
| 191 | CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "QoSFilterRule", &QoSFilterRule_type); |
| 192 | |
| 193 | /******************************** |
| 194 | * NAS Session AVPs * |
| 195 | ********************************/ |
| 196 | /* NAS-Port */ |
| 197 | { |
| 198 | /* |
| 199 | The NAS-Port AVP (AVP Code 5) is of type Unsigned32 and contains the |
| 200 | physical or virtual port number of the NAS which is authenticating |
| 201 | the user. Note that "port" is meant in its sense as a service |
| 202 | connection on the NAS, not as an IP protocol identifier. |
| 203 | |
| 204 | Either NAS-Port or NAS-Port-Id (AVP Code 87) SHOULD be present in |
| 205 | AA-Request (AAR) commands if the NAS differentiates among its ports. |
| 206 | */ |
| 207 | struct dict_avp_data data = { |
| 208 | 5, /* Code */ |
| 209 | 0, /* Vendor */ |
| 210 | "NAS-Port", /* Name */ |
| 211 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 212 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 213 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 214 | }; |
| 215 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 216 | } |
| 217 | |
| 218 | /* NAS-Port-Id */ |
| 219 | { |
| 220 | /* |
| 221 | The NAS-Port-Id AVP (AVP Code 87) is of type UTF8String and consists |
| 222 | of ASCII text identifying the port of the NAS authenticating the |
| 223 | user. Note that "port" is meant in its sense as a service connection |
| 224 | on the NAS, not as an IP protocol identifier. |
| 225 | |
| 226 | Either NAS-Port or NAS-Port-Id SHOULD be present in AA-Request (AAR) |
| 227 | commands if the NAS differentiates among its ports. NAS-Port-Id is |
| 228 | intended for use by NASes that cannot conveniently number their |
| 229 | ports. |
| 230 | */ |
| 231 | struct dict_avp_data data = { |
| 232 | 87, /* Code */ |
| 233 | 0, /* Vendor */ |
| 234 | "NAS-Port-Id", /* Name */ |
| 235 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 236 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 237 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 238 | }; |
| 239 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 240 | } |
| 241 | |
| 242 | /* NAS-Port-Type */ |
| 243 | { |
| 244 | /* |
| 245 | The NAS-Port-Type AVP (AVP Code 61) is of type Enumerated and |
| 246 | contains the type of the port on which the NAS is authenticating the |
| 247 | user. This AVP SHOULD be present if the NAS uses the same NAS-Port |
| 248 | number ranges for different service types concurrently. |
| 249 | |
| 250 | The supported values are defined in [RADIUSTypes]. The following |
| 251 | list is informational and subject to change by the IANA. |
| 252 | |
| 253 | http://www.iana.org/assignments/radius-types |
| 254 | Sub-registry: Values for RADIUS Attribute 61, NAS-Port-Type |
| 255 | Reference: [RFC2865] |
| 256 | |
| 257 | Extract on 2009.06.01: |
| 258 | 0 Async [RFC2865] |
| 259 | 1 Sync [RFC2865] |
| 260 | 2 ISDN Sync [RFC2865] |
| 261 | 3 ISDN Async V.120 [RFC2865] |
| 262 | 4 ISDN Async V.110 [RFC2865] |
| 263 | 5 Virtual [RFC2865] |
| 264 | 6 PIAFS [RFC2865] |
| 265 | 7 HDLC Clear Channel [RFC2865] |
| 266 | 8 X.25 [RFC2865] |
| 267 | 9 X.75 [RFC2865] |
| 268 | 10 G.3 Fax [RFC2865] |
| 269 | 11 SDSL - Symmetric DSL [RFC2865] |
| 270 | 12 ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865] |
| 271 | 13 ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865] |
| 272 | 14 IDSL - ISDN Digital Subscriber Line [RFC2865] |
| 273 | 15 Ethernet [RFC2865] |
| 274 | 16 xDSL - Digital Subscriber Line of unknown type [RFC2865] |
| 275 | 17 Cable [RFC2865] |
| 276 | 18 Wireless - Other [RFC2865] |
| 277 | 19 Wireless - IEEE 802.11 [RFC2865] |
| 278 | 20 Token-Ring [RFC3580] |
| 279 | 21 FDDI [RFC3580] |
| 280 | 22 Wireless - CDMA2000 [McCann] |
| 281 | 23 Wireless - UMTS [McCann] |
| 282 | 24 Wireless - 1X-EV [McCann] |
| 283 | 25 IAPP [IEEE 802.11F][Kerry] |
| 284 | 26 FTTP - Fiber to the Premises [Nyce] |
| 285 | 27 Wireless - IEEE 802.16 [IEEE 802.16] 12 December 2006 |
| 286 | 28 Wireless - IEEE 802.20 [IEEE 802.20] 12 December 2006 |
| 287 | 29 Wireless - IEEE 802.22 [IEEE 802.22] 12 December 2006 |
| 288 | 30 PPPoA - PPP over ATM [RFC4603] |
| 289 | 31 PPPoEoA - PPP over Ethernet over ATM [RFC4603] |
| 290 | 32 PPPoEoE - PPP over Ethernet over Ethernet [RFC4603] |
| 291 | 33 PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603] |
| 292 | 34 PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603] |
| 293 | 35 xPON - Passive Optical Network [Hublet][Yan] 19 June 2007 |
| 294 | */ |
| 295 | |
| 296 | struct dict_object *type; |
| 297 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(NAS-Port-Type)" , NULL, NULL}; |
| 298 | struct dict_enumval_data tvals[] = { |
| 299 | enumval_def_u32( 0, "Async [RFC2865]"), |
| 300 | enumval_def_u32( 1, "Sync [RFC2865]"), |
| 301 | enumval_def_u32( 2, "ISDN Sync [RFC2865]"), |
| 302 | enumval_def_u32( 3, "ISDN Async V.120 [RFC2865]"), |
| 303 | enumval_def_u32( 4, "ISDN Async V.110 [RFC2865]"), |
| 304 | enumval_def_u32( 5, "Virtual [RFC2865]"), |
| 305 | enumval_def_u32( 6, "PIAFS [RFC2865]"), |
| 306 | enumval_def_u32( 7, "HDLC Clear Channel [RFC2865]"), |
| 307 | enumval_def_u32( 8, "X.25 [RFC2865]"), |
| 308 | enumval_def_u32( 9, "X.75 [RFC2865]"), |
| 309 | enumval_def_u32(10, "G.3 Fax [RFC2865]"), |
| 310 | enumval_def_u32(11, "SDSL - Symmetric DSL [RFC2865]"), |
| 311 | enumval_def_u32(12, "ADSL-CAP - Asymmetric DSL, Carrierless Amplitude Phase Modulation [RFC2865]"), |
| 312 | enumval_def_u32(13, "ADSL-DMT - Asymmetric DSL, Discrete Multi-Tone [RFC2865]"), |
| 313 | enumval_def_u32(14, "IDSL - ISDN Digital Subscriber Line [RFC2865]"), |
| 314 | enumval_def_u32(15, "Ethernet [RFC2865]"), |
| 315 | enumval_def_u32(16, "xDSL - Digital Subscriber Line of unknown type [RFC2865]"), |
| 316 | enumval_def_u32(17, "Cable [RFC2865]"), |
| 317 | enumval_def_u32(18, "Wireless - Other [RFC2865]"), |
| 318 | enumval_def_u32(19, "Wireless - IEEE 802.11 [RFC2865]"), |
| 319 | enumval_def_u32(20, "Token-Ring [RFC3580]"), |
| 320 | enumval_def_u32(21, "FDDI [RFC3580]"), |
| 321 | enumval_def_u32(22, "Wireless - CDMA2000 [McCann]"), |
| 322 | enumval_def_u32(23, "Wireless - UMTS [McCann]"), |
| 323 | enumval_def_u32(24, "Wireless - 1X-EV [McCann]"), |
| 324 | enumval_def_u32(25, "IAPP [IEEE 802.11F][Kerry]"), |
| 325 | enumval_def_u32(26, "FTTP - Fiber to the Premises [Nyce]"), |
| 326 | enumval_def_u32(27, "Wireless - IEEE 802.16 [IEEE 802.16]"), |
| 327 | enumval_def_u32(28, "Wireless - IEEE 802.20 [IEEE 802.20]"), |
| 328 | enumval_def_u32(29, "Wireless - IEEE 802.22 [IEEE 802.22]"), |
| 329 | enumval_def_u32(30, "PPPoA - PPP over ATM [RFC4603]"), |
| 330 | enumval_def_u32(31, "PPPoEoA - PPP over Ethernet over ATM [RFC4603]"), |
| 331 | enumval_def_u32(32, "PPPoEoE - PPP over Ethernet over Ethernet [RFC4603]"), |
| 332 | enumval_def_u32(33, "PPPoEoVLAN - PPP over Ethernet over VLAN [RFC4603]"), |
| 333 | enumval_def_u32(34, "PPPoEoQinQ - PPP over Ethernet over IEEE 802.1QinQ [RFC4603]"), |
| 334 | enumval_def_u32(35, "xPON - Passive Optical Network [Hublet][Yan]") |
| 335 | }; |
| 336 | struct dict_avp_data data = { |
| 337 | 61, /* Code */ |
| 338 | 0, /* Vendor */ |
| 339 | "NAS-Port-Type", /* Name */ |
| 340 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 341 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 342 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 343 | }; |
| 344 | int i; |
| 345 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 346 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 347 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 348 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 349 | } |
| 350 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 351 | } |
| 352 | |
| 353 | /* Called-Station-Id */ |
| 354 | { |
| 355 | /* |
| 356 | The Called-Station-Id AVP (AVP Code 30) is of type UTF8String and |
| 357 | allows the NAS to send the ASCII string describing the layer 2 |
| 358 | address the user contacted in the request. For dialup access, this |
| 359 | can be a phone number obtained by using Dialed Number Identification |
| 360 | (DNIS) or a similar technology. Note that this may be different from |
| 361 | the phone number the call comes in on. For use with IEEE 802 access, |
| 362 | the Called-Station-Id MAY contain a MAC address formatted as |
| 363 | described in [RAD802.1X]. It SHOULD only be present in |
| 364 | authentication and/or authorization requests. |
| 365 | |
| 366 | If the Auth-Request-Type AVP is set to authorization-only and the |
| 367 | User-Name AVP is absent, the Diameter Server MAY perform |
| 368 | authorization based on this field. This can be used by a NAS to |
| 369 | request whether a call should be answered based on the DNIS. |
| 370 | */ |
| 371 | struct dict_avp_data data = { |
| 372 | 30, /* Code */ |
| 373 | 0, /* Vendor */ |
| 374 | "Called-Station-Id", /* Name */ |
| 375 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 376 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 377 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 378 | }; |
| 379 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 380 | } |
| 381 | |
| 382 | /* Calling-Station-Id */ |
| 383 | { |
| 384 | /* |
| 385 | The Calling-Station-Id AVP (AVP Code 31) is of type UTF8String and |
| 386 | allows the NAS to send the ASCII string describing the layer 2 |
| 387 | address from which the user connected in the request. For dialup |
| 388 | access, this is the phone number the call came from, using Automatic |
| 389 | Number Identification (ANI) or a similar technology. For use with |
| 390 | IEEE 802 access, the Calling-Station-Id AVP MAY contain a MAC |
| 391 | address, formated as described in [RAD802.1X]. It SHOULD only be |
| 392 | present in authentication and/or authorization requests. |
| 393 | |
| 394 | If the Auth-Request-Type AVP is set to authorization-only and the |
| 395 | User-Name AVP is absent, the Diameter Server MAY perform |
| 396 | authorization based on this field. This can be used by a NAS to |
| 397 | request whether a call should be answered based on the layer 2 |
| 398 | address (ANI, MAC Address, etc.) |
| 399 | */ |
| 400 | struct dict_avp_data data = { |
| 401 | 31, /* Code */ |
| 402 | 0, /* Vendor */ |
| 403 | "Calling-Station-Id", /* Name */ |
| 404 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 405 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 406 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 407 | }; |
| 408 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 409 | } |
| 410 | |
| 411 | /* Connect-Info */ |
| 412 | { |
| 413 | /* |
| 414 | The Connect-Info AVP (AVP Code 77) is of type UTF8String and is sent |
| 415 | in the AA-Request message or ACR STOP message. When sent in the |
| 416 | Access-Request, it indicates the nature of the user's connection. |
| 417 | The connection speed SHOULD be included at the beginning of the first |
| 418 | Connect-Info AVP in the message. If the transmit and receive |
| 419 | connection speeds differ, both may be included in the first AVP with |
| 420 | the transmit speed listed first (the speed the NAS modem transmits |
| 421 | at), then a slash (/), then the receive speed, and then other |
| 422 | optional information. |
| 423 | |
| 424 | For example: "28800 V42BIS/LAPM" or "52000/31200 V90" |
| 425 | |
| 426 | More than one Connect-Info attribute may be present in an |
| 427 | Accounting-Request packet to accommodate expected efforts by the ITU |
| 428 | to have modems report more connection information in a standard |
| 429 | format that might exceed 252 octets. |
| 430 | |
| 431 | If sent in the ACR STOP, this attribute may summarize statistics |
| 432 | relating to session quality. For example, in IEEE 802.11, the |
| 433 | Connect-Info attribute may contain information on the number of link |
| 434 | layer retransmissions. The exact format of this attribute is |
| 435 | implementation specific. |
| 436 | */ |
| 437 | struct dict_avp_data data = { |
| 438 | 77, /* Code */ |
| 439 | 0, /* Vendor */ |
| 440 | "Connect-Info", /* Name */ |
| 441 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 442 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 443 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 444 | }; |
| 445 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 446 | } |
| 447 | |
| 448 | /* Originating-Line-Info */ |
| 449 | { |
| 450 | /* |
| 451 | The Originating-Line-Info AVP (AVP Code 94) is of type OctetString |
| 452 | and is sent by the NAS system to convey information about the origin |
| 453 | of the call from an SS7 system. |
| 454 | |
| 455 | The originating line information (OLI) element indicates the nature |
| 456 | and/or characteristics of the line from which a call originated |
| 457 | (e.g., pay phone, hotel, cellular). Telephone companies are starting |
| 458 | to offer OLI to their customers as an option over Primary Rate |
| 459 | Interface (PRI). Internet Service Providers (ISPs) can use OLI in |
| 460 | addition to Called-Station-Id and Calling-Station-Id attributes to |
| 461 | differentiate customer calls and to define different services. |
| 462 | |
| 463 | The Value field contains two octets (00 - 99). ANSI T1.113 and |
| 464 | BELLCORE 394 can be used for additional information about these |
| 465 | values and their use. For more information on current assignment |
| 466 | values, see [http://www.nanpa.com/number_resource_info/ani_ii_assignments.html]. |
| 467 | |
| 468 | */ |
| 469 | struct dict_object *type; |
| 470 | struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated(Originating-Line-Info)" , NULL, NULL}; |
| 471 | struct dict_enumval_data tvals[] = { |
| 472 | enumval_def_os( 2, "00", "Plain Old Telephone Service (POTS)"), |
| 473 | enumval_def_os( 2, "01", "Multiparty Line (more than 2)"), |
| 474 | enumval_def_os( 2, "02", "ANI Failure"), |
| 475 | enumval_def_os( 2, "06", "Station Level Rating"), |
| 476 | enumval_def_os( 2, "07", "Special Operator Handling Required"), |
| 477 | enumval_def_os( 2, "20", "Automatic Identified Outward Dialing (AIOD)"), |
| 478 | enumval_def_os( 2, "23", "Coin or Non-Coin"), |
| 479 | enumval_def_os( 2, "24", "Toll Free Service (Non-Pay Origination)"), |
| 480 | enumval_def_os( 2, "25", "Toll Free Service (Pay Origination)"), |
| 481 | enumval_def_os( 2, "27", "Toll Free Service (Coin Control Origination)"), |
| 482 | enumval_def_os( 2, "29", "Prison/Inmate Service"), |
| 483 | enumval_def_os( 2, "30", "Intercept (Blank)"), |
| 484 | enumval_def_os( 2, "31", "Intercept (Trouble)"), |
| 485 | enumval_def_os( 2, "32", "Intercept (Regular)"), |
| 486 | enumval_def_os( 2, "34", "Telco Operator Handled Call"), |
| 487 | enumval_def_os( 2, "52", "Outward Wide Area Telecommunications Service (OUTWATS)"), |
| 488 | enumval_def_os( 2, "60", "Telecommunications Relay Service (TRS)(Unrestricted)"), |
| 489 | enumval_def_os( 2, "61", "Cellular/Wireless PCS (Type 1)"), |
| 490 | enumval_def_os( 2, "62", "Cellular/Wireless PCS (Type 2)"), |
| 491 | enumval_def_os( 2, "63", "Cellular/Wireless PCS (Roaming)"), |
| 492 | enumval_def_os( 2, "66", "TRS (Hotel)"), |
| 493 | enumval_def_os( 2, "67", "TRS (Restricted)"), |
| 494 | enumval_def_os( 2, "70", "Pay Station, No Coin Control"), |
| 495 | enumval_def_os( 2, "93", "Access for Private Virtual Network Service") |
| 496 | }; |
| 497 | struct dict_avp_data data = { |
| 498 | 94, /* Code */ |
| 499 | 0, /* Vendor */ |
| 500 | "Originating-Line-Info", /* Name */ |
| 501 | AVP_FLAG_VENDOR, /* Fixed flags */ |
| 502 | 0, /* Fixed flag values */ |
| 503 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 504 | }; |
| 505 | int i; |
| 506 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 507 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 508 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 509 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 510 | } |
| 511 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 512 | } |
| 513 | |
| 514 | /* Reply-Message */ |
| 515 | { |
| 516 | /* |
| 517 | The Reply-Message AVP (AVP Code 18) is of type UTF8String and |
| 518 | contains text that MAY be displayed to the user. When used in an |
| 519 | AA-Answer message with a successful Result-Code AVP, it indicates |
| 520 | success. When found in an AAA message with a Result-Code other than |
| 521 | DIAMETER_SUCCESS, the AVP contains a failure message. |
| 522 | |
| 523 | The Reply-Message AVP MAY indicate dialog text to prompt the user |
| 524 | before another AA-Request attempt. When used in an AA-Answer with a |
| 525 | Result-Code of DIAMETER_MULTI_ROUND_AUTH or in an Re-Auth-Request |
| 526 | message, it MAY contain a dialog text to prompt the user for a |
| 527 | response. |
| 528 | |
| 529 | Multiple Reply-Messages MAY be included, and if any are displayed, |
| 530 | they MUST be displayed in the same order as they appear in the |
| 531 | Diameter message. |
| 532 | */ |
| 533 | struct dict_avp_data data = { |
| 534 | 18, /* Code */ |
| 535 | 0, /* Vendor */ |
| 536 | "Reply-Message", /* Name */ |
| 537 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 538 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 539 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 540 | }; |
| 541 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 542 | } |
| 543 | |
| 544 | /******************************** |
| 545 | * NAS Authentication AVPs * |
| 546 | ********************************/ |
| 547 | /* User-Password */ |
| 548 | { |
| 549 | /* |
| 550 | The User-Password AVP (AVP Code 2) is of type OctetString and |
| 551 | contains the password of the user to be authenticated, or the user's |
| 552 | input in a multi-round authentication exchange. |
| 553 | |
| 554 | The User-Password AVP contains a user password or one-time password |
| 555 | and therefore represents sensitive information. As required in |
| 556 | [BASE], Diameter messages are encrypted by using IPsec or TLS. |
| 557 | Unless this AVP is used for one-time passwords, the User-Password AVP |
| 558 | SHOULD NOT be used in untrusted proxy environments without encrypting |
| 559 | it by using end-to-end security techniques, such as the proposed CMS |
| 560 | Security [DiamCMS]. |
| 561 | |
| 562 | The clear-text password (prior to encryption) MUST NOT be longer than |
| 563 | 128 bytes in length. |
| 564 | */ |
| 565 | struct dict_avp_data data = { |
| 566 | 2, /* Code */ |
| 567 | 0, /* Vendor */ |
| 568 | "User-Password", /* Name */ |
| 569 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 570 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 571 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 572 | }; |
| 573 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 574 | } |
| 575 | |
| 576 | /* Password-Retry */ |
| 577 | { |
| 578 | /* |
| 579 | The Password-Retry AVP (AVP Code 75) is of type Unsigned32 and MAY be |
| 580 | included in the AA-Answer if the Result-Code indicates an |
| 581 | authentication failure. The value of this AVP indicates how many |
| 582 | authentication attempts a user is permitted before being |
| 583 | disconnected. This AVP is primarily intended for use when the |
| 584 | Framed-Protocol AVP (see section 6.10.1) is set to ARAP. |
| 585 | */ |
| 586 | struct dict_avp_data data = { |
| 587 | 75, /* Code */ |
| 588 | 0, /* Vendor */ |
| 589 | "Password-Retry", /* Name */ |
| 590 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 591 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 592 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 593 | }; |
| 594 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 595 | } |
| 596 | |
| 597 | /* Prompt */ |
| 598 | { |
| 599 | /* |
| 600 | The Prompt AVP (AVP Code 76) is of type Enumerated and MAY be present |
| 601 | in the AA-Answer message. When present, it is used by the NAS to |
| 602 | determine whether the user's response, when entered, should be |
| 603 | echoed. |
| 604 | |
| 605 | The supported values are listed in http://www.iana.org/assignments/radius-types |
| 606 | Sub-registry: Values for RADIUS Attribute 76, Prompt |
| 607 | Reference: [RFC2869] |
| 608 | */ |
| 609 | struct dict_object *type; |
| 610 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Prompt)" , NULL, NULL}; |
| 611 | struct dict_enumval_data tvals[] = { |
| 612 | enumval_def_u32( 0, "No Echo [RFC2869]"), |
| 613 | enumval_def_u32( 1, "Echo [RFC2869]") |
| 614 | }; |
| 615 | struct dict_avp_data data = { |
| 616 | 76, /* Code */ |
| 617 | 0, /* Vendor */ |
| 618 | "Prompt", /* Name */ |
| 619 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 620 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 621 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 622 | }; |
| 623 | int i; |
| 624 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 625 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 626 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 627 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 628 | } |
| 629 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 630 | } |
| 631 | |
| 632 | /* CHAP-Algorithm */ |
| 633 | { |
| 634 | /* |
| 635 | The CHAP-Algorithm AVP (AVP Code 403) is of type Enumerated and |
| 636 | contains the algorithm identifier used in the computation of the CHAP |
| 637 | response [PPPCHAP]. The following values are currently supported: |
| 638 | |
| 639 | CHAP with MD5 5 |
| 640 | The CHAP response is computed by using the procedure described |
| 641 | in [PPPCHAP]. This algorithm requires that the CHAP-Response |
| 642 | AVP MUST be present in the CHAP-Auth AVP. |
| 643 | */ |
| 644 | struct dict_object *type; |
| 645 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(CHAP-Algorithm)" , NULL, NULL}; |
| 646 | struct dict_enumval_data tvals[] = { |
| 647 | enumval_def_u32( 5, "CHAP with MD5") |
| 648 | }; |
| 649 | struct dict_avp_data adata = { |
| 650 | 403, /* Code */ |
| 651 | 0, /* Vendor */ |
| 652 | "CHAP-Algorithm", /* Name */ |
| 653 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 654 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 655 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 656 | }; |
| 657 | int i; |
| 658 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 659 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 660 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 661 | } |
| 662 | CHECK_dict_new( DICT_AVP, &adata , type, NULL); |
| 663 | } |
| 664 | |
| 665 | /* CHAP-Ident */ |
| 666 | { |
| 667 | /* |
| 668 | The CHAP-Ident AVP (AVP Code 404) is of type OctetString and contains |
| 669 | the 1 octet CHAP Identifier used in the computation of the CHAP |
| 670 | response [PPPCHAP]. |
| 671 | */ |
| 672 | struct dict_avp_data adata = { |
| 673 | 404, /* Code */ |
| 674 | 0, /* Vendor */ |
| 675 | "CHAP-Ident", /* Name */ |
| 676 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 677 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 678 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 679 | }; |
| 680 | CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); |
| 681 | } |
| 682 | |
| 683 | /* CHAP-Response */ |
| 684 | { |
| 685 | /* |
| 686 | The CHAP-Response AVP (AVP Code 405) is of type OctetString and |
| 687 | contains the 16 octet authentication data provided by the user in |
| 688 | response to the CHAP challenge [PPPCHAP]. |
| 689 | */ |
| 690 | struct dict_avp_data adata = { |
| 691 | 405, /* Code */ |
| 692 | 0, /* Vendor */ |
| 693 | "CHAP-Response", /* Name */ |
| 694 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 695 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 696 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 697 | }; |
| 698 | CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); |
| 699 | } |
| 700 | |
| 701 | /* CHAP-Auth */ |
| 702 | { |
| 703 | /* |
| 704 | The CHAP-Auth AVP (AVP Code 402) is of type Grouped and contains the |
| 705 | information necessary to authenticate a user using the PPP |
| 706 | Challenge-Handshake Authentication Protocol (CHAP) [PPPCHAP]. If the |
| 707 | CHAP-Auth AVP is found in a message, the CHAP-Challenge AVP MUST be |
| 708 | present as well. The optional AVPs containing the CHAP response |
| 709 | depend upon the value of the CHAP-Algorithm AVP. The grouped AVP has |
| 710 | the following ABNF grammar: |
| 711 | |
| 712 | CHAP-Auth ::= < AVP Header: 402 > |
| 713 | { CHAP-Algorithm } |
| 714 | { CHAP-Ident } |
| 715 | [ CHAP-Response ] |
| 716 | * [ AVP ] |
| 717 | */ |
| 718 | struct dict_object * avp; |
| 719 | struct dict_avp_data data = { |
| 720 | 402, /* Code */ |
| 721 | 0, /* Vendor */ |
| 722 | "CHAP-Auth", /* Name */ |
| 723 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 724 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 725 | AVP_TYPE_GROUPED /* base type of data */ |
| 726 | }; |
| 727 | struct local_rules_definition rules[] = |
| 728 | { { "CHAP-Algorithm", RULE_REQUIRED, -1, 1 } |
| 729 | ,{ "CHAP-Ident", RULE_REQUIRED, -1, 1 } |
| 730 | ,{ "CHAP-Response", RULE_OPTIONAL, -1, 1 } |
| 731 | }; |
| 732 | |
| 733 | CHECK_dict_new( DICT_AVP, &data , NULL, &avp); |
| 734 | PARSE_loc_rules( rules, avp ); |
| 735 | } |
| 736 | |
| 737 | /* CHAP-Challenge */ |
| 738 | { |
| 739 | /* |
| 740 | The CHAP-Challenge AVP (AVP Code 60) is of type OctetString and |
| 741 | contains the CHAP Challenge sent by the NAS to the CHAP peer |
| 742 | [PPPCHAP]. |
| 743 | */ |
| 744 | struct dict_avp_data data = { |
| 745 | 60, /* Code */ |
| 746 | 0, /* Vendor */ |
| 747 | "CHAP-Challenge", /* Name */ |
| 748 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 749 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 750 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 751 | }; |
| 752 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 753 | } |
| 754 | |
| 755 | /* ARAP-Password */ |
| 756 | { |
| 757 | /* |
| 758 | The ARAP-Password AVP (AVP Code 70) is of type OctetString and is |
| 759 | only present when the Framed-Protocol AVP (see section 6.10.1) is |
| 760 | included in the message and is set to ARAP. This AVP MUST NOT be |
| 761 | present if either the User-Password or the CHAP-Auth AVP is present. |
| 762 | See [RADIUSExt] for more information on the contents of this AVP. |
| 763 | */ |
| 764 | struct dict_avp_data data = { |
| 765 | 70, /* Code */ |
| 766 | 0, /* Vendor */ |
| 767 | "ARAP-Password", /* Name */ |
| 768 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 769 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 770 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 771 | }; |
| 772 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 773 | } |
| 774 | |
| 775 | /* ARAP-Challenge-Response */ |
| 776 | { |
| 777 | /* |
| 778 | The ARAP-Challenge-Response AVP (AVP Code 84) is of type OctetString |
| 779 | and is only present when the Framed-Protocol AVP (see section 6.10.1) |
| 780 | is included in the message and is set to ARAP. This AVP contains an |
| 781 | 8 octet response to the dial-in client's challenge. The RADIUS |
| 782 | server calculates this value by taking the dial-in client's challenge |
| 783 | from the high-order 8 octets of the ARAP-Password AVP and performing |
| 784 | DES encryption on this value with the authenticating user's password |
| 785 | as the key. If the user's password is fewer than 8 octets in length, |
| 786 | the password is padded at the end with NULL octets to a length of 8 |
| 787 | before it is used as a key. |
| 788 | */ |
| 789 | struct dict_avp_data data = { |
| 790 | 84, /* Code */ |
| 791 | 0, /* Vendor */ |
| 792 | "ARAP-Challenge-Response", /* Name */ |
| 793 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 794 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 795 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 796 | }; |
| 797 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 798 | } |
| 799 | |
| 800 | /* ARAP-Security */ |
| 801 | { |
| 802 | /* |
| 803 | The ARAP-Security AVP (AVP Code 73) is of type Unsigned32 and MAY be |
| 804 | present in the AA-Answer message if the Framed-Protocol AVP (see |
| 805 | section 6.10.1) is set to the value of ARAP, and the Result-Code AVP |
| 806 | is set to DIAMETER_MULTI_ROUND_AUTH. See [RADIUSExt] for more |
| 807 | information on the format of this AVP. |
| 808 | */ |
| 809 | struct dict_avp_data data = { |
| 810 | 73, /* Code */ |
| 811 | 0, /* Vendor */ |
| 812 | "ARAP-Security", /* Name */ |
| 813 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 814 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 815 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 816 | }; |
| 817 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 818 | } |
| 819 | |
| 820 | /* ARAP-Security-Data */ |
| 821 | { |
| 822 | /* |
| 823 | The ARAP-Security-Data AVP (AVP Code 74) is of type OctetString and MAY be |
| 824 | present in the AA-Request or AA-Answer message if the Framed-Protocol |
| 825 | AVP is set to the value of ARAP, and the Result-Code AVP is set to |
| 826 | DIAMETER_MULTI_ROUND_AUTH. This AVP contains the security module |
| 827 | challenge or response associated with the ARAP Security Module |
| 828 | specified in ARAP-Security. |
| 829 | */ |
| 830 | struct dict_avp_data data = { |
| 831 | 74, /* Code */ |
| 832 | 0, /* Vendor */ |
| 833 | "ARAP-Security-Data", /* Name */ |
| 834 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 835 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 836 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 837 | }; |
| 838 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 839 | } |
| 840 | |
| 841 | /******************************** |
| 842 | * NAS Authorization AVPs * |
| 843 | ********************************/ |
| 844 | /* Service-Type */ |
| 845 | { |
| 846 | /* |
| 847 | The Service-Type AVP (AVP Code 6) is of type Enumerated and contains |
| 848 | the type of service the user has requested or the type of service to |
| 849 | be provided. One such AVP MAY be present in an authentication and/or |
| 850 | authorization request or response. A NAS is not required to |
| 851 | implement all of these service types. It MUST treat unknown or |
| 852 | unsupported Service-Types received in a response as a failure and end |
| 853 | the session with a DIAMETER_INVALID_AVP_VALUE Result-Code. |
| 854 | |
| 855 | When used in a request, the Service-Type AVP SHOULD be considered a |
| 856 | hint to the server that the NAS believes the user would prefer the |
| 857 | kind of service indicated. The server is not required to honor the |
| 858 | hint. Furthermore, if the service specified by the server is |
| 859 | supported, but not compatible with the current mode of access, the |
| 860 | NAS MUST fail to start the session. The NAS MUST also generate the |
| 861 | appropriate error message(s). |
| 862 | |
| 863 | The following values have been defined for the Service-Type AVP. The |
| 864 | complete list of defined values can be found in [RADIUS] and |
| 865 | [RADIUSTypes]. |
| 866 | |
| 867 | Registry Name: Radius Attribute Values |
| 868 | Reference: [RFC2865][RFC3575] |
| 869 | |
| 870 | Sub-registry: Values for RADIUS Attribute 6, Service-Type |
| 871 | Reference: [RFC2865][RFC3575] |
| 872 | |
| 873 | 1 Login |
| 874 | 2 Framed |
| 875 | 3 Callback Login |
| 876 | 4 Callback Framed |
| 877 | 5 Outbound |
| 878 | 6 Administrative |
| 879 | 7 NAS Prompt |
| 880 | 8 Authenticate Only |
| 881 | 9 Callback NAS Prompt |
| 882 | 10 Call Check |
| 883 | 11 Callback Administrative |
| 884 | 12 Voice [Chiba] |
| 885 | 13 Fax [Chiba] |
| 886 | 14 Modem Relay [Chiba] |
| 887 | 15 IAPP-Register [IEEE 802.11f][Kerry] |
| 888 | 16 IAPP-AP-Check [IEEE 802.11f][Kerry] |
| 889 | 17 Authorize Only [RFC3576] |
| 890 | |
| 891 | The following values are further qualified: |
| 892 | |
| 893 | Login 1 |
| 894 | The user should be connected to a host. The message MAY |
| 895 | include additional AVPs defined in sections 6.16 or 6.17. |
| 896 | |
| 897 | Framed 2 |
| 898 | A Framed Protocol, such as PPP or SLIP, should be started for |
| 899 | the User. The message MAY include additional AVPs defined in |
| 900 | section 6.10, or section 7 for tunneling services. |
| 901 | |
| 902 | Callback Login 3 |
| 903 | The user should be disconnected and called back, then connected |
| 904 | to a host. The message MAY include additional AVPs defined in |
| 905 | this section. |
| 906 | |
| 907 | Callback Framed 4 |
| 908 | The user should be disconnected and called back, and then a |
| 909 | Framed Protocol, such as PPP or SLIP, should be started for the |
| 910 | User. The message MAY include additional AVPs defined in |
| 911 | section 6.10, or in section 7 for tunneling services. |
| 912 | |
| 913 | */ |
| 914 | struct dict_object *type; |
| 915 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Service-Type)" , NULL, NULL}; |
| 916 | struct dict_enumval_data tvals[] = { |
| 917 | enumval_def_u32( 1, "Login"), |
| 918 | enumval_def_u32( 2, "Framed"), |
| 919 | enumval_def_u32( 3, "Callback Login"), |
| 920 | enumval_def_u32( 4, "Callback Framed"), |
| 921 | enumval_def_u32( 5, "Outbound"), |
| 922 | enumval_def_u32( 6, "Administrative"), |
| 923 | enumval_def_u32( 7, "NAS Prompt"), |
| 924 | enumval_def_u32( 8, "Authenticate Only"), |
| 925 | enumval_def_u32( 9, "Callback NAS Prompt"), |
| 926 | enumval_def_u32(10, "Call Check"), |
| 927 | enumval_def_u32(11, "Callback Administrative"), |
| 928 | enumval_def_u32(12, "Voice [Chiba]"), |
| 929 | enumval_def_u32(13, "Fax [Chiba]"), |
| 930 | enumval_def_u32(14, "Modem Relay [Chiba]"), |
| 931 | enumval_def_u32(15, "IAPP-Register [IEEE 802.11f][Kerry]"), |
| 932 | enumval_def_u32(16, "IAPP-AP-Check [IEEE 802.11f][Kerry]"), |
| 933 | enumval_def_u32(17, "Authorize Only [RFC3576]") |
| 934 | }; |
| 935 | struct dict_avp_data data = { |
| 936 | 6, /* Code */ |
| 937 | 0, /* Vendor */ |
| 938 | "Service-Type", /* Name */ |
| 939 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 940 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 941 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 942 | }; |
| 943 | int i; |
| 944 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 945 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 946 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 947 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 948 | } |
| 949 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 950 | } |
| 951 | |
| 952 | /* Callback-Number */ |
| 953 | { |
| 954 | /* |
| 955 | The Callback-Number AVP (AVP Code 19) is of type UTF8String and |
| 956 | contains a dialing string to be used for callback. It MAY be used in |
| 957 | an authentication and/or authorization request as a hint to the |
| 958 | server that a Callback service is desired, but the server is not |
| 959 | required to honor the hint in the corresponding response. |
| 960 | */ |
| 961 | struct dict_avp_data data = { |
| 962 | 19, /* Code */ |
| 963 | 0, /* Vendor */ |
| 964 | "Callback-Number", /* Name */ |
| 965 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 966 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 967 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 968 | }; |
| 969 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 970 | } |
| 971 | |
| 972 | /* Callback-Id */ |
| 973 | { |
| 974 | /* |
| 975 | The Callback-Id AVP (AVP Code 20) is of type UTF8String and contains |
| 976 | the name of a place to be called, to be interpreted by the NAS. This |
| 977 | AVP MAY be present in an authentication and/or authorization |
| 978 | response. |
| 979 | |
| 980 | This AVP is not roaming-friendly as it assumes that the Callback-Id |
| 981 | is configured on the NAS. Using the Callback-Number AVP therefore |
| 982 | preferable. |
| 983 | */ |
| 984 | struct dict_avp_data data = { |
| 985 | 20, /* Code */ |
| 986 | 0, /* Vendor */ |
| 987 | "Callback-Id", /* Name */ |
| 988 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 989 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 990 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 991 | }; |
| 992 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 993 | } |
| 994 | |
| 995 | /* Idle-Timeout */ |
| 996 | { |
| 997 | /* |
| 998 | The Idle-Timeout AVP (AVP Code 28) is of type Unsigned32 and sets the |
| 999 | maximum number of consecutive seconds of idle connection allowable to |
| 1000 | the user before termination of the session or before a prompt is |
| 1001 | issued. The default is none, or system specific. |
| 1002 | */ |
| 1003 | struct dict_avp_data data = { |
| 1004 | 28, /* Code */ |
| 1005 | 0, /* Vendor */ |
| 1006 | "Idle-Timeout", /* Name */ |
| 1007 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1008 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1009 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1010 | }; |
| 1011 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1012 | } |
| 1013 | |
| 1014 | /* Port-Limit */ |
| 1015 | { |
| 1016 | /* |
| 1017 | The Port-Limit AVP (AVP Code 62) is of type Unsigned32 and sets the |
| 1018 | maximum number of ports the NAS provides to the user. It MAY be used |
| 1019 | in an authentication and/or authorization request as a hint to the |
| 1020 | server that multilink PPP [PPPMP] service is desired, but the server |
| 1021 | is not required to honor the hint in the corresponding response. |
| 1022 | */ |
| 1023 | struct dict_avp_data data = { |
| 1024 | 62, /* Code */ |
| 1025 | 0, /* Vendor */ |
| 1026 | "Port-Limit", /* Name */ |
| 1027 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1028 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1029 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1030 | }; |
| 1031 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1032 | } |
| 1033 | |
| 1034 | /* NAS-Filter-Rule */ |
| 1035 | { |
| 1036 | /* |
| 1037 | The NAS-Filter-Rule AVP (AVP Code 400) is of type IPFilterRule and |
| 1038 | provides filter rules that need to be configured on the NAS for the |
| 1039 | user. One or more of these AVPs MAY be present in an authorization |
| 1040 | response. |
| 1041 | */ |
| 1042 | struct dict_avp_data data = { |
| 1043 | 400, /* Code */ |
| 1044 | 0, /* Vendor */ |
| 1045 | "NAS-Filter-Rule", /* Name */ |
| 1046 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1047 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1048 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1049 | }; |
| 1050 | CHECK_dict_new( DICT_AVP, &data , IPFilterRule_type, NULL); |
| 1051 | } |
| 1052 | |
| 1053 | /* Filter-Id */ |
| 1054 | { |
| 1055 | /* |
| 1056 | The Filter-Id AVP (AVP Code 11) is of type UTF8String and contains |
| 1057 | the name of the filter list for this user. Zero or more Filter-Id |
| 1058 | AVPs MAY be sent in an authorization answer. |
| 1059 | |
| 1060 | Identifying a filter list by name allows the filter to be used on |
| 1061 | different NASes without regard to filter-list implementation details. |
| 1062 | However, this AVP is not roaming friendly, as filter naming differs |
| 1063 | from one service provider to another. |
| 1064 | |
| 1065 | In non-RADIUS environments, it is RECOMMENDED that the NAS-Filter- |
| 1066 | Rule AVP be used instead. |
| 1067 | */ |
| 1068 | struct dict_avp_data data = { |
| 1069 | 11, /* Code */ |
| 1070 | 0, /* Vendor */ |
| 1071 | "Filter-Id", /* Name */ |
| 1072 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1073 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1074 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1075 | }; |
| 1076 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 1077 | } |
| 1078 | |
| 1079 | /* Configuration-Token */ |
| 1080 | { |
| 1081 | /* |
| 1082 | The Configuration-Token AVP (AVP Code 78) is of type OctetString and |
| 1083 | is sent by a Diameter Server to a Diameter Proxy Agent or Translation |
| 1084 | Agent in an AA-Answer command to indicate a type of user profile to |
| 1085 | be used. It should not be sent to a Diameter Client (NAS). |
| 1086 | |
| 1087 | The format of the Data field of this AVP is site specific. |
| 1088 | */ |
| 1089 | struct dict_avp_data data = { |
| 1090 | 78, /* Code */ |
| 1091 | 0, /* Vendor */ |
| 1092 | "Configuration-Token", /* Name */ |
| 1093 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1094 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1095 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1096 | }; |
| 1097 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1098 | } |
| 1099 | |
| 1100 | /* QoS-Filter-Rule */ |
| 1101 | { |
| 1102 | /* |
| 1103 | The QoS-Filter-Rule AVP (AVP Code 407) is of type QoSFilterRule and |
| 1104 | provides QoS filter rules that need to be configured on the NAS for |
| 1105 | the user. One or more such AVPs MAY be present in an authorization |
| 1106 | response. |
| 1107 | */ |
| 1108 | struct dict_avp_data data = { |
| 1109 | 407, /* Code */ |
| 1110 | 0, /* Vendor */ |
| 1111 | "QoS-Filter-Rule", /* Name */ |
| 1112 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1113 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1114 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1115 | }; |
| 1116 | CHECK_dict_new( DICT_AVP, &data , QoSFilterRule_type, NULL); |
| 1117 | } |
| 1118 | |
| 1119 | /*** Framed Access Authorization AVPs ***/ |
| 1120 | |
| 1121 | /* Framed-Protocol */ |
| 1122 | { |
| 1123 | /* |
| 1124 | The Framed-Protocol AVP (AVP Code 7) is of type Enumerated and |
| 1125 | contains the framing to be used for framed access. This AVP MAY be |
| 1126 | present in both requests and responses. The supported values are |
| 1127 | listed in [RADIUSTypes]. |
| 1128 | |
| 1129 | Sub-registry: Values for RADIUS Attribute 7, Framed-Protocol |
| 1130 | Reference: [RFC2865] |
| 1131 | */ |
| 1132 | struct dict_object *type; |
| 1133 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Protocol)" , NULL, NULL}; |
| 1134 | struct dict_enumval_data tvals[] = { |
| 1135 | enumval_def_u32( 1, "PPP"), |
| 1136 | enumval_def_u32( 2, "SLIP"), |
| 1137 | enumval_def_u32( 3, "AppleTalk Remote Access Protocol (ARAP)"), |
| 1138 | enumval_def_u32( 4, "Gandalf proprietary SingleLink/MultiLink protocol"), |
| 1139 | enumval_def_u32( 5, "Xylogics proprietary IPX/SLIP"), |
| 1140 | enumval_def_u32( 6, "X.75 Synchronous"), |
| 1141 | enumval_def_u32( 7, "GPRS PDP Context [Moore]") |
| 1142 | }; |
| 1143 | struct dict_avp_data data = { |
| 1144 | 7, /* Code */ |
| 1145 | 0, /* Vendor */ |
| 1146 | "Framed-Protocol", /* Name */ |
| 1147 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1148 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1149 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1150 | }; |
| 1151 | int i; |
| 1152 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 1153 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1154 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1155 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1156 | } |
| 1157 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 1158 | } |
| 1159 | |
| 1160 | /* Framed-Routing */ |
| 1161 | { |
| 1162 | /* |
| 1163 | The Framed-Routing AVP (AVP Code 10) is of type Enumerated and |
| 1164 | contains the routing method for the user when the user is a router to |
| 1165 | a network. This AVP SHOULD only be present in authorization |
| 1166 | responses. The supported values are listed in [RADIUSTypes]. |
| 1167 | |
| 1168 | Sub-registry: Values for RADIUS Attribute 10, Framed-Routing |
| 1169 | Reference: [RFC2865] |
| 1170 | */ |
| 1171 | struct dict_object *type; |
| 1172 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Routing)" , NULL, NULL}; |
| 1173 | struct dict_enumval_data tvals[] = { |
| 1174 | enumval_def_u32( 0, "None"), |
| 1175 | enumval_def_u32( 1, "Send routing packets"), |
| 1176 | enumval_def_u32( 2, "Listen for routing packets"), |
| 1177 | enumval_def_u32( 3, "Send and Listen") |
| 1178 | }; |
| 1179 | struct dict_avp_data data = { |
| 1180 | 10, /* Code */ |
| 1181 | 0, /* Vendor */ |
| 1182 | "Framed-Routing", /* Name */ |
| 1183 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1184 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1185 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1186 | }; |
| 1187 | int i; |
| 1188 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 1189 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1190 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1191 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1192 | } |
| 1193 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 1194 | } |
| 1195 | |
| 1196 | /* Framed-MTU */ |
| 1197 | { |
| 1198 | /* |
| 1199 | The Framed-MTU AVP (AVP Code 12) is of type Unsigned32 and contains |
| 1200 | the Maximum Transmission Unit to be configured for the user, when it |
| 1201 | is not negotiated by some other means (such as PPP). This AVP SHOULD |
| 1202 | only be present in authorization responses. The MTU value MUST be in |
| 1203 | the range from 64 to 65535. |
| 1204 | */ |
| 1205 | struct dict_avp_data data = { |
| 1206 | 12, /* Code */ |
| 1207 | 0, /* Vendor */ |
| 1208 | "Framed-MTU", /* Name */ |
| 1209 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1210 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1211 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1212 | }; |
| 1213 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1214 | } |
| 1215 | |
| 1216 | /* Framed-Compression */ |
| 1217 | { |
| 1218 | /* |
| 1219 | The Framed-Compression AVP (AVP Code 13) is of type Enumerated and |
| 1220 | contains the compression protocol to be used for the link. It MAY be |
| 1221 | used in an authorization request as a hint to the server that a |
| 1222 | specific compression type is desired, but the server is not required |
| 1223 | to honor the hint in the corresponding response. |
| 1224 | |
| 1225 | More than one compression protocol AVP MAY be sent. The NAS is |
| 1226 | responsible for applying the proper compression protocol to the |
| 1227 | appropriate link traffic. |
| 1228 | |
| 1229 | The supported values are listed in [RADIUSTypes]. |
| 1230 | Sub-registry: Values for RADIUS Attribute 13, Framed-Compression |
| 1231 | Reference: [RFC2865] |
| 1232 | */ |
| 1233 | struct dict_object *type; |
| 1234 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Framed-Compression)" , NULL, NULL}; |
| 1235 | struct dict_enumval_data tvals[] = { |
| 1236 | enumval_def_u32( 0, "None"), |
| 1237 | enumval_def_u32( 1, "VJ TCP/IP header compression"), |
| 1238 | enumval_def_u32( 2, "IPX header compression"), |
| 1239 | enumval_def_u32( 3, "Stac-LZS compression") |
| 1240 | }; |
| 1241 | struct dict_avp_data data = { |
| 1242 | 13, /* Code */ |
| 1243 | 0, /* Vendor */ |
| 1244 | "Framed-Compression", /* Name */ |
| 1245 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1246 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1247 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1248 | }; |
| 1249 | int i; |
| 1250 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 1251 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1252 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1253 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1254 | } |
| 1255 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 1256 | } |
| 1257 | |
| 1258 | /*** IP Access Authorization AVPs ***/ |
| 1259 | |
| 1260 | /* Framed-IP-Address */ |
| 1261 | { |
| 1262 | /* |
| 1263 | The Framed-IP-Address AVP (AVP Code 8) [RADIUS] is of type |
| 1264 | OctetString and contains an IPv4 address of the type specified in the |
| 1265 | attribute value to be configured for the user. It MAY be used in an |
| 1266 | authorization request as a hint to the server that a specific address |
| 1267 | is desired, but the server is not required to honor the hint in the |
| 1268 | corresponding response. |
| 1269 | |
| 1270 | Two values have special significance: 0xFFFFFFFF and 0xFFFFFFFE. The |
| 1271 | value 0xFFFFFFFF indicates that the NAS should allow the user to |
| 1272 | select an address (i.e., negotiated). The value 0xFFFFFFFE indicates |
| 1273 | that the NAS should select an address for the user (e.g., assigned |
| 1274 | from a pool of addresses kept by the NAS). |
| 1275 | */ |
| 1276 | struct dict_avp_data data = { |
| 1277 | 8, /* Code */ |
| 1278 | 0, /* Vendor */ |
| 1279 | "Framed-IP-Address", /* Name */ |
| 1280 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1281 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1282 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1283 | }; |
| 1284 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1285 | } |
| 1286 | |
| 1287 | /* Framed-IP-Netmask */ |
| 1288 | { |
| 1289 | /* |
| 1290 | The Framed-IP-Netmask AVP (AVP Code 9) is of type OctetString and |
| 1291 | contains the four octets of the IPv4 netmask to be configured for the |
| 1292 | user when the user is a router to a network. It MAY be used in an |
| 1293 | authorization request as a hint to the server that a specific netmask |
| 1294 | is desired, but the server is not required to honor the hint in the |
| 1295 | corresponding response. This AVP MUST be present in a response if |
| 1296 | the request included this AVP with a value of 0xFFFFFFFF. |
| 1297 | */ |
| 1298 | struct dict_avp_data data = { |
| 1299 | 9, /* Code */ |
| 1300 | 0, /* Vendor */ |
| 1301 | "Framed-IP-Netmask", /* Name */ |
| 1302 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1303 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1304 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1305 | }; |
| 1306 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1307 | } |
| 1308 | |
| 1309 | /* Framed-Route */ |
| 1310 | { |
| 1311 | /* |
| 1312 | The Framed-Route AVP (AVP Code 22) is of type UTF8String and contains |
| 1313 | the ASCII routing information to be configured for the user on the |
| 1314 | NAS. Zero or more of these AVPs MAY be present in an authorization |
| 1315 | response. |
| 1316 | |
| 1317 | The string MUST contain a destination prefix in dotted quad form |
| 1318 | optionally followed by a slash and a decimal length specifier stating |
| 1319 | how many high-order bits of the prefix should be used. This is |
| 1320 | followed by a space, a gateway address in dotted quad form, a space, |
| 1321 | and one or more metrics separated by spaces; for example, |
| 1322 | |
| 1323 | "192.168.1.0/24 192.168.1.1 1". |
| 1324 | |
| 1325 | The length specifier may be omitted, in which case it should default |
| 1326 | to 8 bits for class A prefixes, to 16 bits for class B prefixes, and |
| 1327 | to 24 bits for class C prefixes; for example, |
| 1328 | |
| 1329 | "192.168.1.0 192.168.1.1 1". |
| 1330 | |
| 1331 | Whenever the gateway address is specified as "0.0.0.0" the IP address |
| 1332 | of the user SHOULD be used as the gateway address. |
| 1333 | */ |
| 1334 | struct dict_avp_data data = { |
| 1335 | 22, /* Code */ |
| 1336 | 0, /* Vendor */ |
| 1337 | "Framed-Route", /* Name */ |
| 1338 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1339 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1340 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1341 | }; |
| 1342 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 1343 | } |
| 1344 | |
| 1345 | /* Framed-Pool */ |
| 1346 | { |
| 1347 | /* |
| 1348 | The Framed-Pool AVP (AVP Code 88) is of type OctetString and contains |
| 1349 | the name of an assigned address pool that SHOULD be used to assign an |
| 1350 | address for the user. If a NAS does not support multiple address |
| 1351 | pools, the NAS SHOULD ignore this AVP. Address pools are usually |
| 1352 | used for IP addresses but can be used for other protocols if the NAS |
| 1353 | supports pools for those protocols. |
| 1354 | |
| 1355 | Although specified as type OctetString for compatibility with RADIUS |
| 1356 | [RADIUSExt], the encoding of the Data field SHOULD also conform to |
| 1357 | the rules for the UTF8String Data Format. |
| 1358 | */ |
| 1359 | struct dict_avp_data data = { |
| 1360 | 88, /* Code */ |
| 1361 | 0, /* Vendor */ |
| 1362 | "Framed-Pool", /* Name */ |
| 1363 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1364 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1365 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1366 | }; |
| 1367 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1368 | } |
| 1369 | |
| 1370 | /* Framed-Interface-Id */ |
| 1371 | { |
| 1372 | /* |
| 1373 | The Framed-Interface-Id AVP (AVP Code 96) is of type Unsigned64 and |
| 1374 | contains the IPv6 interface identifier to be configured for the user. |
| 1375 | It MAY be used in authorization requests as a hint to the server that |
| 1376 | a specific interface id is desired, but the server is not required to |
| 1377 | honor the hint in the corresponding response. |
| 1378 | */ |
| 1379 | struct dict_avp_data data = { |
| 1380 | 96, /* Code */ |
| 1381 | 0, /* Vendor */ |
| 1382 | "Framed-Interface-Id", /* Name */ |
| 1383 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1384 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1385 | AVP_TYPE_UNSIGNED64 /* base type of data */ |
| 1386 | }; |
| 1387 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1388 | } |
| 1389 | |
| 1390 | /* Framed-IPv6-Prefix */ |
| 1391 | { |
| 1392 | /* |
| 1393 | The Framed-IPv6-Prefix AVP (AVP Code 97) is of type OctetString and |
| 1394 | contains the IPv6 prefix to be configured for the user. One or more |
| 1395 | AVPs MAY be used in authorization requests as a hint to the server |
| 1396 | that specific IPv6 prefixes are desired, but the server is not |
| 1397 | required to honor the hint in the corresponding response. |
| 1398 | */ |
| 1399 | struct dict_avp_data data = { |
| 1400 | 97, /* Code */ |
| 1401 | 0, /* Vendor */ |
| 1402 | "Framed-IPv6-Prefix", /* Name */ |
| 1403 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1404 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1405 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1406 | }; |
| 1407 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1408 | } |
| 1409 | |
| 1410 | /* Framed-IPv6-Route */ |
| 1411 | { |
| 1412 | /* |
| 1413 | The Framed-IPv6-Route AVP (AVP Code 99) is of type UTF8String and |
| 1414 | contains the ASCII routing information to be configured for the user |
| 1415 | on the NAS. Zero or more of these AVPs MAY be present in an |
| 1416 | authorization response. |
| 1417 | |
| 1418 | The string MUST contain an IPv6 address prefix followed by a slash |
| 1419 | and a decimal length specifier stating how many high order bits of |
| 1420 | the prefix should be used. This is followed by a space, a gateway |
| 1421 | address in hexadecimal notation, a space, and one or more metrics |
| 1422 | separated by spaces; for example, |
| 1423 | |
| 1424 | "2000:0:0:106::/64 2000::106:a00:20ff:fe99:a998 1". |
| 1425 | |
| 1426 | Whenever the gateway address is the IPv6 unspecified address, the IP |
| 1427 | address of the user SHOULD be used as the gateway address, such as |
| 1428 | in: |
| 1429 | |
| 1430 | "2000:0:0:106::/64 :: 1". |
| 1431 | */ |
| 1432 | struct dict_avp_data data = { |
| 1433 | 99, /* Code */ |
| 1434 | 0, /* Vendor */ |
| 1435 | "Framed-IPv6-Route", /* Name */ |
| 1436 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1437 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1438 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1439 | }; |
| 1440 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 1441 | } |
| 1442 | |
| 1443 | /* Framed-IPv6-Pool */ |
| 1444 | { |
| 1445 | /* |
| 1446 | The Framed-IPv6-Pool AVP (AVP Code 100) is of type OctetString and |
| 1447 | contains the name of an assigned pool that SHOULD be used to assign |
| 1448 | an IPv6 prefix for the user. If the access device does not support |
| 1449 | multiple prefix pools, it MUST ignore this AVP. |
| 1450 | |
| 1451 | Although specified as type OctetString for compatibility with RADIUS |
| 1452 | [RADIUSIPv6], the encoding of the Data field SHOULD also conform to |
| 1453 | the rules for the UTF8String Data Format. |
| 1454 | */ |
| 1455 | struct dict_avp_data data = { |
| 1456 | 100, /* Code */ |
| 1457 | 0, /* Vendor */ |
| 1458 | "Framed-IPv6-Pool", /* Name */ |
| 1459 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1460 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1461 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1462 | }; |
| 1463 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1464 | } |
| 1465 | |
| 1466 | /*** IPX Access ***/ |
| 1467 | |
| 1468 | /* Framed-IPX-Network */ |
| 1469 | { |
| 1470 | /* |
| 1471 | The Framed-IPX-Network AVP (AVP Code 23) is of type Unsigned32 and |
| 1472 | contains the IPX Network number to be configured for the user. It |
| 1473 | MAY be used in an authorization request as a hint to the server that |
| 1474 | a specific address is desired, but the server is not required to |
| 1475 | honor the hint in the corresponding response. |
| 1476 | |
| 1477 | Two addresses have special significance: 0xFFFFFFFF and 0xFFFFFFFE. |
| 1478 | The value 0xFFFFFFFF indicates that the NAS should allow the user to |
| 1479 | select an address (i.e., Negotiated). The value 0xFFFFFFFE indicates |
| 1480 | that the NAS should select an address for the user (e.g., assign it |
| 1481 | from a pool of one or more IPX networks kept by the NAS). |
| 1482 | */ |
| 1483 | struct dict_avp_data data = { |
| 1484 | 23, /* Code */ |
| 1485 | 0, /* Vendor */ |
| 1486 | "Framed-IPX-Network", /* Name */ |
| 1487 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1488 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1489 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1490 | }; |
| 1491 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1492 | } |
| 1493 | |
| 1494 | /*** AppleTalk Network Access ***/ |
| 1495 | |
| 1496 | /* Framed-AppleTalk-Link */ |
| 1497 | { |
| 1498 | /* |
| 1499 | The Framed-AppleTalk-Link AVP (AVP Code 37) is of type Unsigned32 and |
| 1500 | contains the AppleTalk network number that should be used for the |
| 1501 | serial link to the user, which is another AppleTalk router. This AVP |
| 1502 | MUST only be present in an authorization response and is never used |
| 1503 | when the user is not another router. |
| 1504 | |
| 1505 | Despite the size of the field, values range from 0 to 65,535. The |
| 1506 | special value of 0 indicates an unnumbered serial link. A value of 1 |
| 1507 | to 65,535 means that the serial line between the NAS and the user |
| 1508 | should be assigned that value as an AppleTalk network number. |
| 1509 | */ |
| 1510 | struct dict_avp_data data = { |
| 1511 | 37, /* Code */ |
| 1512 | 0, /* Vendor */ |
| 1513 | "Framed-AppleTalk-Link", /* Name */ |
| 1514 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1515 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1516 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1517 | }; |
| 1518 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1519 | } |
| 1520 | |
| 1521 | /* Framed-AppleTalk-Network */ |
| 1522 | { |
| 1523 | /* |
| 1524 | The Framed-AppleTalk-Network AVP (AVP Code 38) is of type Unsigned32 |
| 1525 | and contains the AppleTalk Network number that the NAS should probe |
| 1526 | to allocate an AppleTalk node for the user. This AVP MUST only be |
| 1527 | present in an authorization response and is never used when the user |
| 1528 | is not another router. Multiple instances of this AVP indicate that |
| 1529 | the NAS may probe, using any of the network numbers specified. |
| 1530 | |
| 1531 | Despite the size of the field, values range from 0 to 65,535. The |
| 1532 | special value 0 indicates that the NAS should assign a network for |
| 1533 | the user, using its default cable range. A value between 1 and |
| 1534 | 65,535 (inclusive) indicates to the AppleTalk Network that the NAS |
| 1535 | should probe to find an address for the user. |
| 1536 | */ |
| 1537 | struct dict_avp_data data = { |
| 1538 | 38, /* Code */ |
| 1539 | 0, /* Vendor */ |
| 1540 | "Framed-AppleTalk-Network", /* Name */ |
| 1541 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1542 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1543 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1544 | }; |
| 1545 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1546 | } |
| 1547 | |
| 1548 | /* Framed-AppleTalk-Zone */ |
| 1549 | { |
| 1550 | /* |
| 1551 | The Framed-AppleTalk-Zone AVP (AVP Code 39) is of type OctetString |
| 1552 | and contains the AppleTalk Default Zone to be used for this user. |
| 1553 | This AVP MUST only be present in an authorization response. Multiple |
| 1554 | instances of this AVP in the same message are not allowed. |
| 1555 | |
| 1556 | The codification of this field's allowed range is outside the scope |
| 1557 | of this specification. |
| 1558 | */ |
| 1559 | struct dict_avp_data data = { |
| 1560 | 39, /* Code */ |
| 1561 | 0, /* Vendor */ |
| 1562 | "Framed-AppleTalk-Zone", /* Name */ |
| 1563 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1564 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1565 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1566 | }; |
| 1567 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1568 | } |
| 1569 | |
| 1570 | /*** AppleTalk Remote Access [RFC2869] ***/ |
| 1571 | |
| 1572 | /* ARAP-Features */ |
| 1573 | { |
| 1574 | /* |
| 1575 | The ARAP-Features AVP (AVP Code 71) is of type OctetString and MAY be |
| 1576 | present in the AA-Accept message if the Framed-Protocol AVP is set to |
| 1577 | the value of ARAP. See [RADIUSExt] for more information about the |
| 1578 | format of this AVP. |
| 1579 | */ |
| 1580 | struct dict_avp_data data = { |
| 1581 | 71, /* Code */ |
| 1582 | 0, /* Vendor */ |
| 1583 | "ARAP-Features", /* Name */ |
| 1584 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1585 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1586 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1587 | }; |
| 1588 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1589 | } |
| 1590 | |
| 1591 | /* ARAP-Zone-Access */ |
| 1592 | { |
| 1593 | /* |
| 1594 | The ARAP-Zone-Access AVP (AVP Code 72) is of type Enumerated and MAY |
| 1595 | be present in the AA-Accept message if the Framed-Protocol AVP is set |
| 1596 | to the value of ARAP. |
| 1597 | |
| 1598 | The supported values are listed in [RADIUSTypes] and defined in |
| 1599 | [RADIUSExt]. |
| 1600 | Sub-registry: Values for RADIUS Attribute 72, ARAP-Zone-Access |
| 1601 | Reference: [RFC2869] |
| 1602 | */ |
| 1603 | struct dict_object *type; |
| 1604 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(ARAP-Zone-Access)" , NULL, NULL}; |
| 1605 | struct dict_enumval_data tvals[] = { |
| 1606 | enumval_def_u32( 1, "Only allow access to default zone [RFC2869]"), |
| 1607 | enumval_def_u32( 2, "Use zone filter inclusively [RFC2869]"), |
| 1608 | enumval_def_u32( 3, "Not used [RFC2869]"), |
| 1609 | enumval_def_u32( 4, "Use zone filter exclusively [RFC2869]") |
| 1610 | }; |
| 1611 | struct dict_avp_data data = { |
| 1612 | 72, /* Code */ |
| 1613 | 0, /* Vendor */ |
| 1614 | "ARAP-Zone-Access", /* Name */ |
| 1615 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1616 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1617 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1618 | }; |
| 1619 | int i; |
| 1620 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 1621 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1622 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1623 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1624 | } |
| 1625 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 1626 | } |
| 1627 | |
| 1628 | /*** Non-Framed Access Authorization AVPs ***/ |
| 1629 | |
| 1630 | /* Login-IP-Host */ |
| 1631 | { |
| 1632 | /* |
| 1633 | The Login-IP-Host AVP (AVP Code 14) [RADIUS] is of type OctetString |
| 1634 | and contains the IPv4 address of a host with which to connect the |
| 1635 | user when the Login-Service AVP is included. It MAY be used in an |
| 1636 | AA-Request command as a hint to the Diameter Server that a specific |
| 1637 | host is desired, but the Diameter Server is not required to honor the |
| 1638 | hint in the AA-Answer. |
| 1639 | |
| 1640 | Two addresses have special significance: all ones and 0. The value |
| 1641 | of all ones indicates that the NAS SHOULD allow the user to select an |
| 1642 | address. The value 0 indicates that the NAS SHOULD select a host to |
| 1643 | connect the user to. |
| 1644 | */ |
| 1645 | struct dict_object *type; |
| 1646 | uint32_t allzeros = 0; |
| 1647 | uint32_t allones = (uint32_t) -1; |
| 1648 | struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated(Login-IP-Host)" , NULL, NULL}; |
| 1649 | struct dict_enumval_data tvals[] = { |
| 1650 | enumval_def_os( 4, &allzeros, "(0) NAS selects the host"), |
| 1651 | enumval_def_os( 4, &allones , "(1) User selects the address") |
| 1652 | }; |
| 1653 | struct dict_avp_data data = { |
| 1654 | 14, /* Code */ |
| 1655 | 0, /* Vendor */ |
| 1656 | "Login-IP-Host", /* Name */ |
| 1657 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1658 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1659 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1660 | }; |
| 1661 | int i; |
| 1662 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 1663 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1664 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1665 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1666 | } |
| 1667 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 1668 | } |
| 1669 | |
| 1670 | /* Login-IPv6-Host */ |
| 1671 | { |
| 1672 | /* |
| 1673 | The Login-IPv6-Host AVP (AVP Code 98) [RADIUSIPv6] is of type |
| 1674 | OctetString and contains the IPv6 address of a host with which to |
| 1675 | connect the user when the Login-Service AVP is included. It MAY be |
| 1676 | used in an AA-Request command as a hint to the Diameter Server that a |
| 1677 | specific host is desired, but the Diameter Server is not required to |
| 1678 | honor the hint in the AA-Answer. |
| 1679 | |
| 1680 | Two addresses have special significance: |
| 1681 | |
| 1682 | 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF and 0. The value |
| 1683 | 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF indicates that the NAS SHOULD |
| 1684 | allow the user to select an address. The value 0 indicates that the |
| 1685 | NAS SHOULD select a host to connect the user to. |
| 1686 | |
| 1687 | */ |
| 1688 | struct dict_object *type; |
| 1689 | unsigned char allzeros[16]; |
| 1690 | unsigned char allones[16]; |
| 1691 | struct dict_type_data tdata = { AVP_TYPE_OCTETSTRING, "Enumerated(Login-IPv6-Host)" , NULL, NULL}; |
| 1692 | struct dict_enumval_data tvals[] = { |
| 1693 | enumval_def_os( 16, &allzeros, "(0) NAS selects the host"), |
| 1694 | enumval_def_os( 16, &allones , "(1) User selects the address") |
| 1695 | }; |
| 1696 | struct dict_avp_data data = { |
| 1697 | 98, /* Code */ |
| 1698 | 0, /* Vendor */ |
| 1699 | "Login-IPv6-Host", /* Name */ |
| 1700 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1701 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1702 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1703 | }; |
| 1704 | int i; |
| 1705 | memset(allzeros, 0, sizeof(allzeros)); |
| 1706 | memset(allones, 0xff, sizeof(allones)); |
| 1707 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 1708 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1709 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1710 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1711 | } |
| 1712 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 1713 | } |
| 1714 | |
| 1715 | /* Login-Service */ |
| 1716 | { |
| 1717 | /* |
| 1718 | The Login-Service AVP (AVP Code 15) is of type Enumerated and |
| 1719 | contains the service that should be used to connect the user to the |
| 1720 | login host. This AVP SHOULD only be present in authorization |
| 1721 | responses. |
| 1722 | |
| 1723 | The supported values are listed in [RADIUSTypes]. |
| 1724 | Sub-registry: Values for RADIUS Attribute 15, Login-Service |
| 1725 | Reference: [RFC2865] |
| 1726 | */ |
| 1727 | struct dict_object *type; |
| 1728 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Login-Service)" , NULL, NULL}; |
| 1729 | struct dict_enumval_data tvals[] = { |
| 1730 | enumval_def_u32( 0, "Telnet"), |
| 1731 | enumval_def_u32( 1, "Rlogin"), |
| 1732 | enumval_def_u32( 2, "TCP Clear"), |
| 1733 | enumval_def_u32( 3, "PortMaster (proprietary)"), |
| 1734 | enumval_def_u32( 4, "LAT"), |
| 1735 | enumval_def_u32( 5, "X25-PAD"), |
| 1736 | enumval_def_u32( 6, "X25-T3POS"), |
| 1737 | enumval_def_u32( 8, "TCP Clear Quiet (suppresses any NAS-generated connect string)") |
| 1738 | }; |
| 1739 | struct dict_avp_data data = { |
| 1740 | 15, /* Code */ |
| 1741 | 0, /* Vendor */ |
| 1742 | "Login-Service", /* Name */ |
| 1743 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1744 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1745 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1746 | }; |
| 1747 | int i; |
| 1748 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 1749 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1750 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1751 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1752 | } |
| 1753 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 1754 | } |
| 1755 | |
| 1756 | /*** TCP Services ***/ |
| 1757 | |
| 1758 | /* Login-TCP-Port */ |
| 1759 | { |
| 1760 | /* |
| 1761 | The Login-TCP-Port AVP (AVP Code 16) is of type Unsigned32 and |
| 1762 | contains the TCP port with which the user is to be connected when the |
| 1763 | Login-Service AVP is also present. This AVP SHOULD only be present |
| 1764 | in authorization responses. The value MUST NOT be greater than |
| 1765 | 65,535. |
| 1766 | */ |
| 1767 | struct dict_avp_data data = { |
| 1768 | 16, /* Code */ |
| 1769 | 0, /* Vendor */ |
| 1770 | "Login-TCP-Port", /* Name */ |
| 1771 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1772 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1773 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1774 | }; |
| 1775 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1776 | } |
| 1777 | |
| 1778 | /*** LAT Services ***/ |
| 1779 | |
| 1780 | /* Login-LAT-Service */ |
| 1781 | { |
| 1782 | /* |
| 1783 | The Login-LAT-Service AVP (AVP Code 34) is of type OctetString and |
| 1784 | contains the system with which the user is to be connected by LAT. |
| 1785 | It MAY be used in an authorization request as a hint to the server |
| 1786 | that a specific service is desired, but the server is not required to |
| 1787 | honor the hint in the corresponding response. This AVP MUST only be |
| 1788 | present in the response if the Login-Service AVP states that LAT is |
| 1789 | desired. |
| 1790 | |
| 1791 | Administrators use this service attribute when dealing with clustered |
| 1792 | systems, such as a VAX or Alpha cluster. In these environments, |
| 1793 | several different time-sharing hosts share the same resources (disks, |
| 1794 | printers, etc.), and administrators often configure each host to |
| 1795 | offer access (service) to each of the shared resources. In this |
| 1796 | case, each host in the cluster advertises its services through LAT |
| 1797 | broadcasts. |
| 1798 | |
| 1799 | Sophisticated users often know which service providers (machines) are |
| 1800 | faster and tend to use a node name when initiating a LAT connection. |
| 1801 | Some administrators want particular users to use certain machines as |
| 1802 | a primitive form of load balancing (although LAT knows how to do load |
| 1803 | balancing itself). |
| 1804 | |
| 1805 | The String field contains the identity of the LAT service to use. |
| 1806 | The LAT Architecture allows this string to contain $ (dollar), - |
| 1807 | (hyphen), . (period), _ (underscore), numerics, upper- and lowercase |
| 1808 | alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. |
| 1809 | All LAT string comparisons are case insensitive. |
| 1810 | */ |
| 1811 | struct dict_avp_data data = { |
| 1812 | 34, /* Code */ |
| 1813 | 0, /* Vendor */ |
| 1814 | "Login-LAT-Service", /* Name */ |
| 1815 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1816 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1817 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1818 | }; |
| 1819 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1820 | } |
| 1821 | |
| 1822 | /* Login-LAT-Node */ |
| 1823 | { |
| 1824 | /* |
| 1825 | The Login-LAT-Node AVP (AVP Code 35) is of type OctetString and |
| 1826 | contains the Node with which the user is to be automatically |
| 1827 | connected by LAT. It MAY be used in an authorization request as a |
| 1828 | hint to the server that a specific LAT node is desired, but the |
| 1829 | server is not required to honor the hint in the corresponding |
| 1830 | response. This AVP MUST only be present in a response if the Login- |
| 1831 | Service-Type AVP is set to LAT. |
| 1832 | |
| 1833 | The String field contains the identity of the LAT service to use. |
| 1834 | The LAT Architecture allows this string to contain $ (dollar), - |
| 1835 | (hyphen), . (period), _ (underscore), numerics, upper- and lowercase |
| 1836 | alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. |
| 1837 | All LAT string comparisons are case insensitive. |
| 1838 | */ |
| 1839 | struct dict_avp_data data = { |
| 1840 | 35, /* Code */ |
| 1841 | 0, /* Vendor */ |
| 1842 | "Login-LAT-Node", /* Name */ |
| 1843 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1844 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1845 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1846 | }; |
| 1847 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1848 | } |
| 1849 | |
| 1850 | /* Login-LAT-Group */ |
| 1851 | { |
| 1852 | /* |
| 1853 | The Login-LAT-Group AVP (AVP Code 36) is of type OctetString and |
| 1854 | contains a string identifying the LAT group codes this user is |
| 1855 | authorized to use. It MAY be used in an authorization request as a |
| 1856 | hint to the server that a specific group is desired, but the server |
| 1857 | is not required to honor the hint in the corresponding response. |
| 1858 | This AVP MUST only be present in a response if the Login-Service-Type |
| 1859 | AVP is set to LAT. |
| 1860 | |
| 1861 | LAT supports 256 different group codes, which LAT uses as a form of |
| 1862 | access rights. LAT encodes the group codes as a 256-bit bitmap. |
| 1863 | |
| 1864 | Administrators can assign one or more of the group code bits at the |
| 1865 | LAT service provider; it will only accept LAT connections that have |
| 1866 | these group codes set in the bitmap. The administrators assign a |
| 1867 | bitmap of authorized group codes to each user. LAT gets these from |
| 1868 | the operating system and uses them in its requests to the service |
| 1869 | providers. |
| 1870 | |
| 1871 | The codification of the range of allowed usage of this field is |
| 1872 | outside the scope of this specification. |
| 1873 | */ |
| 1874 | struct dict_avp_data data = { |
| 1875 | 36, /* Code */ |
| 1876 | 0, /* Vendor */ |
| 1877 | "Login-LAT-Group", /* Name */ |
| 1878 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1879 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1880 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1881 | }; |
| 1882 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1883 | } |
| 1884 | |
| 1885 | /* Login-LAT-Port */ |
| 1886 | { |
| 1887 | /* |
| 1888 | The Login-LAT-Port AVP (AVP Code 63) is of type OctetString and |
| 1889 | contains the Port with which the user is to be connected by LAT. It |
| 1890 | MAY be used in an authorization request as a hint to the server that |
| 1891 | a specific port is desired, but the server is not required to honor |
| 1892 | the hint in the corresponding response. This AVP MUST only be |
| 1893 | present in a response if the Login-Service-Type AVP is set to LAT. |
| 1894 | |
| 1895 | The String field contains the identity of the LAT service to use. |
| 1896 | The LAT Architecture allows this string to contain $ (dollar), - |
| 1897 | (hyphen), . (period), _ (underscore), numerics, upper- and lower-case |
| 1898 | alphabetics, and the ISO Latin-1 character set extension [ISOLatin]. |
| 1899 | All LAT string comparisons are case insensitive. |
| 1900 | */ |
| 1901 | struct dict_avp_data data = { |
| 1902 | 63, /* Code */ |
| 1903 | 0, /* Vendor */ |
| 1904 | "Login-LAT-Port", /* Name */ |
| 1905 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1906 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1907 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 1908 | }; |
| 1909 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 1910 | } |
| 1911 | |
| 1912 | /******************************** |
| 1913 | * NAS Tunneling AVPs * |
| 1914 | ********************************/ |
| 1915 | /* Tunnel-Type */ |
| 1916 | { |
| 1917 | /* |
| 1918 | The Tunnel-Type AVP (AVP Code 64) is of type Enumerated and contains |
| 1919 | the tunneling protocol(s) to be used (in the case of a tunnel |
| 1920 | initiator) or in use (in the case of a tunnel terminator). It MAY be |
| 1921 | used in an authorization request as a hint to the server that a |
| 1922 | specific tunnel type is desired, but the server is not required to |
| 1923 | honor the hint in the corresponding response. |
| 1924 | |
| 1925 | The Tunnel-Type AVP SHOULD also be included in Accounting-Request |
| 1926 | messages. |
| 1927 | |
| 1928 | A tunnel initiator is not required to implement any of these tunnel |
| 1929 | types. If a tunnel initiator receives a response that contains only |
| 1930 | unknown or unsupported Tunnel-Types, the tunnel initiator MUST behave |
| 1931 | as though a response were received with the Result-Code indicating a |
| 1932 | failure. |
| 1933 | |
| 1934 | The supported values are listed in [RADIUSTypes]. |
| 1935 | Sub-registry: Values for RADIUS Attribute 64, Tunnel-Type |
| 1936 | Reference: [RFC2868] |
| 1937 | */ |
| 1938 | struct dict_object *type; |
| 1939 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Type)" , NULL, NULL}; |
| 1940 | struct dict_enumval_data tvals[] = { |
| 1941 | enumval_def_u32( 1, "Point-to-Point Tunneling Protocol (PPTP) [RFC2868]"), |
| 1942 | enumval_def_u32( 2, "Layer Two Forwarding (L2F) [RFC2868]"), |
| 1943 | enumval_def_u32( 3, "Layer Two Tunneling Protocol (L2TP) [RFC2868]"), |
| 1944 | enumval_def_u32( 4, "Ascend Tunnel Management Protocol (ATMP) [RFC2868]"), |
| 1945 | enumval_def_u32( 5, "Virtual Tunneling Protocol (VTP) [RFC2868]"), |
| 1946 | enumval_def_u32( 6, "IP Authentication Header in the Tunnel-mode (AH) [RFC2868]"), |
| 1947 | enumval_def_u32( 7, "IP-in-IP Encapsulation (IP-IP) [RFC2868]"), |
| 1948 | enumval_def_u32( 8, "Minimal IP-in-IP Encapsulation (MIN-IP-IP) [RFC2868]"), |
| 1949 | enumval_def_u32( 9, "IP Encapsulating Security Payload in the Tunnel-mode (ESP) [RFC2868]"), |
| 1950 | enumval_def_u32(10, "Generic Route Encapsulation (GRE) [RFC2868]"), |
| 1951 | enumval_def_u32(11, "Bay Dial Virtual Services (DVS) [RFC2868]"), |
| 1952 | enumval_def_u32(12, "IP-in-IP Tunneling [RFC2868]"), |
| 1953 | enumval_def_u32(13, "Virtual LANs (VLAN) [RFC3580]") |
| 1954 | }; |
| 1955 | struct dict_avp_data adata = { |
| 1956 | 64, /* Code */ |
| 1957 | 0, /* Vendor */ |
| 1958 | "Tunnel-Type", /* Name */ |
| 1959 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 1960 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 1961 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 1962 | }; |
| 1963 | int i; |
| 1964 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 1965 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 1966 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 1967 | } |
| 1968 | CHECK_dict_new( DICT_AVP, &adata , type, NULL); |
| 1969 | } |
| 1970 | |
| 1971 | /* Tunnel-Medium-Type */ |
| 1972 | { |
| 1973 | /* |
| 1974 | The Tunnel-Medium-Type AVP (AVP Code 65) is of type Enumerated and |
| 1975 | contains the transport medium to use when creating a tunnel for |
| 1976 | protocols (such as L2TP) that can operate over multiple transports. |
| 1977 | It MAY be used in an authorization request as a hint to the server |
| 1978 | that a specific medium is desired, but the server is not required to |
| 1979 | honor the hint in the corresponding response. |
| 1980 | |
| 1981 | The supported values are listed in [RADIUSTypes]. |
| 1982 | Sub-registry: Values for RADIUS Attribute 65, Tunnel-Medium-Type |
| 1983 | Reference: [RFC2868] |
| 1984 | */ |
| 1985 | struct dict_object *type; |
| 1986 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Tunnel-Medium-Type)" , NULL, NULL}; |
| 1987 | struct dict_enumval_data tvals[] = { |
| 1988 | enumval_def_u32( 1, "IPv4 (IP version 4) [RFC2868]"), |
| 1989 | enumval_def_u32( 2, "IPv6 (IP version 6) [RFC2868]"), |
| 1990 | enumval_def_u32( 3, "NSAP [RFC2868]"), |
| 1991 | enumval_def_u32( 4, "HDLC (8-bit multidrop) [RFC2868]"), |
| 1992 | enumval_def_u32( 5, "BBN 1822 [RFC2868]"), |
| 1993 | enumval_def_u32( 6, "802 (includes all 802 media plus Ethernet \"canonical format\") [RFC2868]"), |
| 1994 | enumval_def_u32( 7, "E.163 (POTS) [RFC2868]"), |
| 1995 | enumval_def_u32( 8, "E.164 (SMDS, Frame Relay, ATM) [RFC2868]"), |
| 1996 | enumval_def_u32( 9, "F.69 (Telex) [RFC2868]"), |
| 1997 | enumval_def_u32(10, "X.121 (X.25, Frame Relay) [RFC2868]"), |
| 1998 | enumval_def_u32(11, "IPX [RFC2868]"), |
| 1999 | enumval_def_u32(12, "Appletalk [RFC2868]"), |
| 2000 | enumval_def_u32(13, "Decnet IV [RFC2868]"), |
| 2001 | enumval_def_u32(14, "Banyan Vines [RFC2868]"), |
| 2002 | enumval_def_u32(15, "E.164 with NSAP format subaddress [RFC2868]") |
| 2003 | }; |
| 2004 | struct dict_avp_data adata = { |
| 2005 | 65, /* Code */ |
| 2006 | 0, /* Vendor */ |
| 2007 | "Tunnel-Medium-Type", /* Name */ |
| 2008 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2009 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2010 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2011 | }; |
| 2012 | int i; |
| 2013 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 2014 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 2015 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 2016 | } |
| 2017 | CHECK_dict_new( DICT_AVP, &adata , type, NULL); |
| 2018 | } |
| 2019 | |
| 2020 | /* Tunnel-Client-Endpoint */ |
| 2021 | { |
| 2022 | /* |
| 2023 | The Tunnel-Client-Endpoint AVP (AVP Code 66) is of type UTF8String |
| 2024 | and contains the address of the initiator end of the tunnel. It MAY |
| 2025 | be used in an authorization request as a hint to the server that a |
| 2026 | specific endpoint is desired, but the server is not required to honor |
| 2027 | the hint in the corresponding response. |
| 2028 | |
| 2029 | This AVP SHOULD be included in the corresponding Accounting-Request |
| 2030 | messages, in which case it indicates the address from which the |
| 2031 | tunnel was initiated. This AVP, along with the Tunnel-Server- |
| 2032 | Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally |
| 2033 | unique means to identify a tunnel for accounting and auditing |
| 2034 | purposes. |
| 2035 | |
| 2036 | If Tunnel-Medium-Type is IPv4 (1), then this string is either the |
| 2037 | fully qualified domain name (FQDN) of the tunnel client machine, or a |
| 2038 | "dotted-decimal" IP address. Implementations MUST support the |
| 2039 | dotted-decimal format and SHOULD support the FQDN format for IP |
| 2040 | addresses. |
| 2041 | |
| 2042 | If Tunnel-Medium-Type is IPv6 (2), then this string is either the |
| 2043 | FQDN of the tunnel client machine, or a text representation of the |
| 2044 | address in either the preferred or alternate form [IPv6Addr]. |
| 2045 | Conforming implementations MUST support the preferred form and SHOULD |
| 2046 | support both the alternate text form and the FQDN format for IPv6 |
| 2047 | addresses. |
| 2048 | |
| 2049 | If Tunnel-Medium-Type is neither IPv4 nor IPv6, then this string is a |
| 2050 | tag referring to configuration data local to the Diameter client that |
| 2051 | describes the interface or medium-specific client address to use. |
| 2052 | */ |
| 2053 | struct dict_avp_data adata = { |
| 2054 | 66, /* Code */ |
| 2055 | 0, /* Vendor */ |
| 2056 | "Tunnel-Client-Endpoint", /* Name */ |
| 2057 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2058 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2059 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2060 | }; |
| 2061 | CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); |
| 2062 | } |
| 2063 | |
| 2064 | /* Tunnel-Server-Endpoint */ |
| 2065 | { |
| 2066 | /* |
| 2067 | The Tunnel-Server-Endpoint AVP (AVP Code 67) is of type UTF8String |
| 2068 | and contains the address of the server end of the tunnel. It MAY be |
| 2069 | used in an authorization request as a hint to the server that a |
| 2070 | specific endpoint is desired, but the server is not required to honor |
| 2071 | the hint in the corresponding response. |
| 2072 | |
| 2073 | This AVP SHOULD be included in the corresponding Accounting-Request |
| 2074 | messages, in which case it indicates the address from which the |
| 2075 | tunnel was initiated. This AVP, along with the Tunnel-Client- |
| 2076 | Endpoint and Session-Id AVP [BASE], MAY be used to provide a globally |
| 2077 | unique means to identify a tunnel for accounting and auditing |
| 2078 | purposes. |
| 2079 | |
| 2080 | If Tunnel-Medium-Type is IPv4 (1), then this string is either the |
| 2081 | fully qualified domain name (FQDN) of the tunnel server machine, or a |
| 2082 | "dotted-decimal" IP address. Implementations MUST support the |
| 2083 | dotted-decimal format and SHOULD support the FQDN format for IP |
| 2084 | addresses. |
| 2085 | |
| 2086 | If Tunnel-Medium-Type is IPv6 (2), then this string is either the |
| 2087 | FQDN of the tunnel server machine, or a text representation of the |
| 2088 | address in either the preferred or alternate form [IPv6Addr]. |
| 2089 | Implementations MUST support the preferred form and SHOULD support |
| 2090 | both the alternate text form and the FQDN format for IPv6 addresses. |
| 2091 | |
| 2092 | If Tunnel-Medium-Type is not IPv4 or IPv6, this string is a tag |
| 2093 | referring to configuration data local to the Diameter client that |
| 2094 | describes the interface or medium-specific server address to use. |
| 2095 | */ |
| 2096 | struct dict_avp_data adata = { |
| 2097 | 67, /* Code */ |
| 2098 | 0, /* Vendor */ |
| 2099 | "Tunnel-Server-Endpoint", /* Name */ |
| 2100 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2101 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2102 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2103 | }; |
| 2104 | CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); |
| 2105 | } |
| 2106 | |
| 2107 | /* Tunnel-Password */ |
| 2108 | { |
| 2109 | /* |
| 2110 | The Tunnel-Password AVP (AVP Code 69) is of type OctetString and may |
| 2111 | contain a password to be used to authenticate to a remote server. |
| 2112 | The Tunnel-Password AVP contains sensitive information. This value |
| 2113 | is not protected in the same manner as RADIUS [RADTunnels]. |
| 2114 | |
| 2115 | As required in [BASE], Diameter messages are encrypted by using IPsec |
| 2116 | or TLS. The Tunnel-Password AVP SHOULD NOT be used in untrusted |
| 2117 | proxy environments without encrypting it by using end-to-end security |
| 2118 | techniques, such as CMS Security [DiamCMS]. |
| 2119 | */ |
| 2120 | struct dict_avp_data adata = { |
| 2121 | 69, /* Code */ |
| 2122 | 0, /* Vendor */ |
| 2123 | "Tunnel-Password", /* Name */ |
| 2124 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2125 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2126 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2127 | }; |
| 2128 | CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); |
| 2129 | } |
| 2130 | |
| 2131 | /* Tunnel-Private-Group-Id */ |
| 2132 | { |
| 2133 | /* |
| 2134 | The Tunnel-Private-Group-Id AVP (AVP Code 81) is of type OctetString |
| 2135 | and contains the group Id for a particular tunneled session. The |
| 2136 | Tunnel-Private-Group-Id AVP MAY be included in an authorization |
| 2137 | request if the tunnel initiator can predetermine the group resulting |
| 2138 | from a particular connection. It SHOULD be included in the |
| 2139 | authorization response if this tunnel session is to be treated as |
| 2140 | belonging to a particular private group. Private groups may be used |
| 2141 | to associate a tunneled session with a particular group of users. |
| 2142 | For example, it MAY be used to facilitate routing of unregistered IP |
| 2143 | addresses through a particular interface. This AVP SHOULD be |
| 2144 | included in the Accounting-Request messages that pertain to the |
| 2145 | tunneled session. |
| 2146 | */ |
| 2147 | struct dict_avp_data adata = { |
| 2148 | 81, /* Code */ |
| 2149 | 0, /* Vendor */ |
| 2150 | "Tunnel-Private-Group-Id", /* Name */ |
| 2151 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2152 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2153 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2154 | }; |
| 2155 | CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); |
| 2156 | } |
| 2157 | |
| 2158 | /* Tunnel-Assignment-Id */ |
| 2159 | { |
| 2160 | /* |
| 2161 | The Tunnel-Assignment-Id AVP (AVP Code 82) is of type OctetString and |
| 2162 | is used to indicate to the tunnel initiator the particular tunnel to |
| 2163 | which a session is to be assigned. Some tunneling protocols, such as |
| 2164 | [PPTP] and [L2TP], allow for sessions between the same two tunnel |
| 2165 | endpoints to be multiplexed over the same tunnel and also for a given |
| 2166 | session to use its own dedicated tunnel. This attribute provides a |
| 2167 | mechanism for Diameter to inform the tunnel initiator (e.g., PAC, |
| 2168 | LAC) whether to assign the session to a multiplexed tunnel or to a |
| 2169 | separate tunnel. Furthermore, it allows for sessions sharing |
| 2170 | multiplexed tunnels to be assigned to different multiplexed tunnels. |
| 2171 | |
| 2172 | A particular tunneling implementation may assign differing |
| 2173 | characteristics to particular tunnels. For example, different |
| 2174 | tunnels may be assigned different QoS parameters. Such tunnels may |
| 2175 | be used to carry either individual or multiple sessions. The |
| 2176 | Tunnel-Assignment-Id attribute thus allows the Diameter server to |
| 2177 | indicate that a particular session is to be assigned to a tunnel |
| 2178 | providing an appropriate level of service. It is expected that any |
| 2179 | QoS-related Diameter tunneling attributes defined in the future |
| 2180 | accompanying this one will be associated by the tunnel initiator with |
| 2181 | the Id given by this attribute. In the meantime, any semantic given |
| 2182 | to a particular Id string is a matter left to local configuration in |
| 2183 | the tunnel initiator. |
| 2184 | |
| 2185 | The Tunnel-Assignment-Id AVP is of significance only to Diameter and |
| 2186 | the tunnel initiator. The Id it specifies is only intended to be of |
| 2187 | local use to Diameter and the tunnel initiator. The Id assigned by |
| 2188 | the tunnel initiator is not conveyed to the tunnel peer. |
| 2189 | |
| 2190 | This attribute MAY be included in authorization responses. The |
| 2191 | tunnel initiator receiving this attribute MAY choose to ignore it and |
| 2192 | to assign the session to an arbitrary multiplexed or non-multiplexed |
| 2193 | tunnel between the desired endpoints. This AVP SHOULD also be |
| 2194 | included in the Accounting-Request messages pertaining to the |
| 2195 | tunneled session. |
| 2196 | |
| 2197 | If a tunnel initiator supports the Tunnel-Assignment-Id AVP, then it |
| 2198 | should assign a session to a tunnel in the following manner: |
| 2199 | |
| 2200 | - If this AVP is present and a tunnel exists between the |
| 2201 | specified endpoints with the specified Id, then the session |
| 2202 | should be assigned to that tunnel. |
| 2203 | |
| 2204 | - If this AVP is present and no tunnel exists between the |
| 2205 | specified endpoints with the specified Id, then a new tunnel |
| 2206 | should be established for the session and the specified Id |
| 2207 | should be associated with the new tunnel. |
| 2208 | |
| 2209 | - If this AVP is not present, then the session is assigned to an |
| 2210 | unnamed tunnel. If an unnamed tunnel does not yet exist |
| 2211 | between the specified endpoints, then it is established and |
| 2212 | used for this session and for subsequent ones established |
| 2213 | without the Tunnel-Assignment-Id attribute. A tunnel initiator |
| 2214 | MUST NOT assign a session for which a Tunnel-Assignment-Id AVP |
| 2215 | was not specified to a named tunnel (i.e., one that was |
| 2216 | initiated by a session specifying this AVP). |
| 2217 | |
| 2218 | Note that the same Id may be used to name different tunnels if these |
| 2219 | tunnels are between different endpoints. |
| 2220 | |
| 2221 | */ |
| 2222 | struct dict_avp_data adata = { |
| 2223 | 82, /* Code */ |
| 2224 | 0, /* Vendor */ |
| 2225 | "Tunnel-Assignment-Id", /* Name */ |
| 2226 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2227 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2228 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2229 | }; |
| 2230 | CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); |
| 2231 | } |
| 2232 | |
| 2233 | /* Tunnel-Preference */ |
| 2234 | { |
| 2235 | /* |
| 2236 | The Tunnel-Preference AVP (AVP Code 83) is of type Unsigned32 and is |
| 2237 | used to identify the relative preference assigned to each tunnel when |
| 2238 | more than one set of tunneling AVPs is returned within separate |
| 2239 | Grouped-AVP AVPs. It MAY be used in an authorization request as a |
| 2240 | hint to the server that a specific preference is desired, but the |
| 2241 | server is not required to honor the hint in the corresponding |
| 2242 | response. |
| 2243 | |
| 2244 | For example, suppose that AVPs describing two tunnels are returned by |
| 2245 | the server, one with a Tunnel-Type of PPTP and the other with a |
| 2246 | Tunnel-Type of L2TP. If the tunnel initiator supports only one of |
| 2247 | the Tunnel-Types returned, it will initiate a tunnel of that type. |
| 2248 | If, however, it supports both tunnel protocols, it SHOULD use the |
| 2249 | value of the Tunnel-Preference AVP to decide which tunnel should be |
| 2250 | started. The tunnel with the lowest numerical value in the Value |
| 2251 | field of this AVP SHOULD be given the highest preference. The values |
| 2252 | assigned to two or more instances of the Tunnel-Preference AVP within |
| 2253 | a given authorization response MAY be identical. In this case, the |
| 2254 | tunnel initiator SHOULD use locally configured metrics to decide |
| 2255 | which set of AVPs to use. |
| 2256 | */ |
| 2257 | struct dict_avp_data adata = { |
| 2258 | 83, /* Code */ |
| 2259 | 0, /* Vendor */ |
| 2260 | "Tunnel-Preference", /* Name */ |
| 2261 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2262 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2263 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2264 | }; |
| 2265 | CHECK_dict_new( DICT_AVP, &adata , NULL, NULL); |
| 2266 | } |
| 2267 | |
| 2268 | /* Tunnel-Client-Auth-Id */ |
| 2269 | { |
| 2270 | /* |
| 2271 | The Tunnel-Client-Auth-Id AVP (AVP Code 90) is of type UTF8String and |
| 2272 | specifies the name used by the tunnel initiator during the |
| 2273 | authentication phase of tunnel establishment. It MAY be used in an |
| 2274 | authorization request as a hint to the server that a specific |
| 2275 | preference is desired, but the server is not required to honor the |
| 2276 | hint in the corresponding response. This AVP MUST be present in the |
| 2277 | authorization response if an authentication name other than the |
| 2278 | default is desired. This AVP SHOULD be included in the Accounting- |
| 2279 | Request messages pertaining to the tunneled session. |
| 2280 | */ |
| 2281 | struct dict_avp_data adata = { |
| 2282 | 90, /* Code */ |
| 2283 | 0, /* Vendor */ |
| 2284 | "Tunnel-Client-Auth-Id", /* Name */ |
| 2285 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2286 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2287 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2288 | }; |
| 2289 | CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); |
| 2290 | } |
| 2291 | |
| 2292 | /* Tunnel-Server-Auth-Id */ |
| 2293 | { |
| 2294 | /* |
| 2295 | The Tunnel-Server-Auth-Id AVP (AVP Code 91) is of type UTF8String and |
| 2296 | specifies the name used by the tunnel terminator during the |
| 2297 | authentication phase of tunnel establishment. It MAY be used in an |
| 2298 | authorization request as a hint to the server that a specific |
| 2299 | preference is desired, but the server is not required to honor the |
| 2300 | hint in the corresponding response. This AVP MUST be present in the |
| 2301 | authorization response if an authentication name other than the |
| 2302 | default is desired. This AVP SHOULD be included in the Accounting- |
| 2303 | Request messages pertaining to the tunneled session. |
| 2304 | */ |
| 2305 | struct dict_avp_data adata = { |
| 2306 | 91, /* Code */ |
| 2307 | 0, /* Vendor */ |
| 2308 | "Tunnel-Server-Auth-Id", /* Name */ |
| 2309 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2310 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2311 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2312 | }; |
| 2313 | CHECK_dict_new( DICT_AVP, &adata , UTF8String_type, NULL); |
| 2314 | } |
| 2315 | |
| 2316 | /* Tunneling */ |
| 2317 | { |
| 2318 | /* |
| 2319 | The Tunneling AVP (AVP Code 401) is of type Grouped and contains the |
| 2320 | following AVPs, used to describe a compulsory tunnel service: |
| 2321 | [RADTunnels], [RADTunlAcct]. Its data field has the following ABNF |
| 2322 | grammar: |
| 2323 | |
| 2324 | Tunneling ::= < AVP Header: 401 > |
| 2325 | { Tunnel-Type } |
| 2326 | { Tunnel-Medium-Type } |
| 2327 | { Tunnel-Client-Endpoint } |
| 2328 | { Tunnel-Server-Endpoint } |
| 2329 | [ Tunnel-Preference ] |
| 2330 | [ Tunnel-Client-Auth-Id ] |
| 2331 | [ Tunnel-Server-Auth-Id ] |
| 2332 | [ Tunnel-Assignment-Id ] |
| 2333 | [ Tunnel-Password ] |
| 2334 | [ Tunnel-Private-Group-Id ] |
| 2335 | */ |
| 2336 | struct dict_object * avp; |
| 2337 | struct dict_avp_data data = { |
| 2338 | 401, /* Code */ |
| 2339 | 0, /* Vendor */ |
| 2340 | "Tunneling", /* Name */ |
| 2341 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2342 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2343 | AVP_TYPE_GROUPED /* base type of data */ |
| 2344 | }; |
| 2345 | struct local_rules_definition rules[] = |
| 2346 | { { "Tunnel-Type", RULE_REQUIRED, -1, 1 } |
| 2347 | ,{ "Tunnel-Medium-Type", RULE_OPTIONAL, -1, 1 } |
| 2348 | ,{ "Tunnel-Client-Endpoint", RULE_OPTIONAL, -1, 1 } |
| 2349 | ,{ "Tunnel-Server-Endpoint", RULE_OPTIONAL, -1, 1 } |
| 2350 | ,{ "Tunnel-Preference", RULE_OPTIONAL, -1, 1 } |
| 2351 | ,{ "Tunnel-Client-Auth-Id", RULE_OPTIONAL, -1, 1 } |
| 2352 | ,{ "Tunnel-Server-Auth-Id", RULE_OPTIONAL, -1, 1 } |
| 2353 | ,{ "Tunnel-Assignment-Id", RULE_OPTIONAL, -1, 1 } |
| 2354 | ,{ "Tunnel-Password", RULE_OPTIONAL, -1, 1 } |
| 2355 | ,{ "Tunnel-Private-Group-Id", RULE_OPTIONAL, -1, 1 } |
| 2356 | }; |
| 2357 | |
| 2358 | CHECK_dict_new( DICT_AVP, &data , NULL, &avp); |
| 2359 | PARSE_loc_rules( rules, avp ); |
| 2360 | } |
| 2361 | |
| 2362 | /******************************** |
| 2363 | * NAS Accounting AVPs * |
| 2364 | ********************************/ |
| 2365 | /* Accounting-Input-Octets */ |
| 2366 | { |
| 2367 | /* |
| 2368 | The Accounting-Input-Octets AVP (AVP Code 363) is of type Unsigned64 |
| 2369 | and contains the number of octets received from the user. |
| 2370 | |
| 2371 | For NAS usage, this AVP indicates how many octets have been received |
| 2372 | from the port in the course of this session. It can only be present |
| 2373 | in ACR messages with an Accounting-Record-Type of INTERIM_RECORD or |
| 2374 | STOP_RECORD. |
| 2375 | */ |
| 2376 | struct dict_avp_data data = { |
| 2377 | 363, /* Code */ |
| 2378 | 0, /* Vendor */ |
| 2379 | "Accounting-Input-Octets", /* Name */ |
| 2380 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2381 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2382 | AVP_TYPE_UNSIGNED64 /* base type of data */ |
| 2383 | }; |
| 2384 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2385 | } |
| 2386 | |
| 2387 | /* Accounting-Output-Octets */ |
| 2388 | { |
| 2389 | /* |
| 2390 | The Accounting-Output-Octets AVP (AVP Code 364) is of type Unsigned64 |
| 2391 | and contains the number of octets sent to the user. |
| 2392 | |
| 2393 | For NAS usage, this AVP indicates how many octets have been sent to |
| 2394 | the port in the course of this session. It can only be present in |
| 2395 | ACR messages with an Accounting-Record-Type of INTERIM_RECORD or |
| 2396 | STOP_RECORD. |
| 2397 | */ |
| 2398 | struct dict_avp_data data = { |
| 2399 | 364, /* Code */ |
| 2400 | 0, /* Vendor */ |
| 2401 | "Accounting-Output-Octets", /* Name */ |
| 2402 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2403 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2404 | AVP_TYPE_UNSIGNED64 /* base type of data */ |
| 2405 | }; |
| 2406 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2407 | } |
| 2408 | |
| 2409 | /* Accounting-Input-Packets */ |
| 2410 | { |
| 2411 | /* |
| 2412 | The Accounting-Input-Packets (AVP Code 365) is of type Unsigned64 and |
| 2413 | contains the number of packets received from the user. |
| 2414 | |
| 2415 | For NAS usage, this AVP indicates how many packets have been received |
| 2416 | from the port over the course of a session being provided to a Framed |
| 2417 | User. It can only be present in ACR messages with an Accounting- |
| 2418 | Record-Type of INTERIM_RECORD or STOP_RECORD. |
| 2419 | */ |
| 2420 | struct dict_avp_data data = { |
| 2421 | 365, /* Code */ |
| 2422 | 0, /* Vendor */ |
| 2423 | "Accounting-Input-Packets", /* Name */ |
| 2424 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2425 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2426 | AVP_TYPE_UNSIGNED64 /* base type of data */ |
| 2427 | }; |
| 2428 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2429 | } |
| 2430 | |
| 2431 | /* Accounting-Output-Packets */ |
| 2432 | { |
| 2433 | /* |
| 2434 | The Accounting-Output-Packets (AVP Code 366) is of type Unsigned64 |
| 2435 | and contains the number of IP packets sent to the user. |
| 2436 | |
| 2437 | For NAS usage, this AVP indicates how many packets have been sent to |
| 2438 | the port over the course of a session being provided to a Framed |
| 2439 | User. It can only be present in ACR messages with an Accounting- |
| 2440 | Record-Type of INTERIM_RECORD or STOP_RECORD. |
| 2441 | */ |
| 2442 | struct dict_avp_data data = { |
| 2443 | 366, /* Code */ |
| 2444 | 0, /* Vendor */ |
| 2445 | "Accounting-Output-Packets", /* Name */ |
| 2446 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2447 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2448 | AVP_TYPE_UNSIGNED64 /* base type of data */ |
| 2449 | }; |
| 2450 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2451 | } |
| 2452 | |
| 2453 | /* Acct-Session-Time */ |
| 2454 | { |
| 2455 | /* |
| 2456 | The Acct-Session-Time AVP (AVP Code 46) is of type Unsigned32 and |
| 2457 | indicates the length of the current session in seconds. It can only |
| 2458 | be present in ACR messages with an Accounting-Record-Type of |
| 2459 | INTERIM_RECORD or STOP_RECORD. |
| 2460 | */ |
| 2461 | struct dict_avp_data data = { |
| 2462 | 46, /* Code */ |
| 2463 | 0, /* Vendor */ |
| 2464 | "Acct-Session-Time", /* Name */ |
| 2465 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2466 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2467 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2468 | }; |
| 2469 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2470 | } |
| 2471 | |
| 2472 | /* Acct-Authentic */ |
| 2473 | { |
| 2474 | /* |
| 2475 | The Acct-Authentic AVP (AVP Code 45) is of type Enumerated and |
| 2476 | specifies how the user was authenticated. The supported values are |
| 2477 | listed in [RADIUSTypes]. |
| 2478 | Sub-registry: Values for RADIUS Attribute 45, Acct-Authentic |
| 2479 | Reference: [RFC2866] |
| 2480 | */ |
| 2481 | struct dict_object *type; |
| 2482 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Acct-Authentic)" , NULL, NULL}; |
| 2483 | struct dict_enumval_data tvals[] = { |
| 2484 | enumval_def_u32( 1, "RADIUS"), |
| 2485 | enumval_def_u32( 2, "Local"), |
| 2486 | enumval_def_u32( 3, "Remote"), |
| 2487 | enumval_def_u32( 4, "Diameter") |
| 2488 | }; |
| 2489 | struct dict_avp_data data = { |
| 2490 | 45, /* Code */ |
| 2491 | 0, /* Vendor */ |
| 2492 | "Acct-Authentic", /* Name */ |
| 2493 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2494 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2495 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2496 | }; |
| 2497 | int i; |
| 2498 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 2499 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 2500 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 2501 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 2502 | } |
| 2503 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 2504 | } |
| 2505 | |
| 2506 | /* Accounting-Auth-Method */ |
| 2507 | { |
| 2508 | /* |
| 2509 | The Accounting-Auth-Method AVP (AVP Code 406) is of type Enumerated. |
| 2510 | A NAS MAY include this AVP in an Accounting-Request message to |
| 2511 | indicate the method used to authenticate the user. (Note that this |
| 2512 | is equivalent to the RADIUS MS-Acct-Auth-Type VSA attribute). |
| 2513 | |
| 2514 | The following values are defined: |
| 2515 | |
| 2516 | 1 PAP |
| 2517 | 2 CHAP |
| 2518 | 3 MS-CHAP-1 |
| 2519 | 4 MS-CHAP-2 |
| 2520 | 5 EAP |
| 2521 | 7 None |
| 2522 | */ |
| 2523 | struct dict_object *type; |
| 2524 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Accounting-Auth-Method)" , NULL, NULL}; |
| 2525 | struct dict_enumval_data tvals[] = { |
| 2526 | enumval_def_u32( 1, "PAP"), |
| 2527 | enumval_def_u32( 2, "CHAP"), |
| 2528 | enumval_def_u32( 3, "MS-CHAP-1"), |
| 2529 | enumval_def_u32( 4, "MS-CHAP-2"), |
| 2530 | enumval_def_u32( 5, "EAP"), |
| 2531 | enumval_def_u32( 7, "None") |
| 2532 | }; |
| 2533 | struct dict_avp_data data = { |
| 2534 | 406, /* Code */ |
| 2535 | 0, /* Vendor */ |
| 2536 | "Accounting-Auth-Method", /* Name */ |
| 2537 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2538 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2539 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2540 | }; |
| 2541 | int i; |
| 2542 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 2543 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 2544 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 2545 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 2546 | } |
| 2547 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 2548 | } |
| 2549 | |
| 2550 | /* Acct-Delay-Time */ |
| 2551 | { |
| 2552 | /* |
| 2553 | The Acct-Delay-Time AVP (AVP Code 41) is of type Unsigned32 and |
| 2554 | indicates the number of seconds the Diameter client has been trying |
| 2555 | to send the Accounting-Request (ACR). The accounting server may |
| 2556 | subtract this value from the time when the ACR arrives at the server |
| 2557 | to calculate the approximate time of the event that caused the ACR to |
| 2558 | be generated. |
| 2559 | |
| 2560 | This AVP is not used for retransmissions at the transport level (TCP |
| 2561 | or SCTP). Rather, it may be used when an ACR command cannot be |
| 2562 | transmitted because there is no appropriate peer to transmit it to or |
| 2563 | was rejected because it could not be delivered. In these cases, the |
| 2564 | command MAY be buffered and transmitted later, when an appropriate |
| 2565 | peer-connection is available or after sufficient time has passed that |
| 2566 | the destination-host may be reachable and operational. If the ACR is |
| 2567 | resent in this way, the Acct-Delay-Time AVP SHOULD be included. The |
| 2568 | value of this AVP indicates the number of seconds that elapsed |
| 2569 | between the time of the first attempt at transmission and the current |
| 2570 | attempt. |
| 2571 | */ |
| 2572 | struct dict_avp_data data = { |
| 2573 | 41, /* Code */ |
| 2574 | 0, /* Vendor */ |
| 2575 | "Acct-Delay-Time", /* Name */ |
| 2576 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2577 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2578 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2579 | }; |
| 2580 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2581 | } |
| 2582 | |
| 2583 | /* Acct-Link-Count */ |
| 2584 | { |
| 2585 | /* |
| 2586 | The Acct-Link-Count AVP (AVP Code 51) is of type Unsigned32 and |
| 2587 | indicates the total number of links that have been active (current or |
| 2588 | closed) in a given multilink session at the time the accounting |
| 2589 | record is generated. This AVP MAY be included in Accounting-Requests |
| 2590 | for any session that may be part of a multilink service. |
| 2591 | |
| 2592 | The Acct-Link-Count AVP may be used to make it easier for an |
| 2593 | accounting server to know when it has all the records for a given |
| 2594 | multilink service. When the number of Accounting-Requests received |
| 2595 | with Accounting-Record-Type = STOP_RECORD and with the same Acct- |
| 2596 | Multi-Session-Id and unique Session-Ids equals the largest value of |
| 2597 | Acct-Link-Count seen in those Accounting-Requests, all STOP_RECORD |
| 2598 | Accounting-Requests for that multilink service have been received. |
| 2599 | |
| 2600 | The following example, showing eight Accounting-Requests, illustrates |
| 2601 | how the Acct-Link-Count AVP is used. In the table below, only the |
| 2602 | relevant AVPs are shown, although additional AVPs containing |
| 2603 | accounting information will be present in the Accounting-Requests. |
| 2604 | |
| 2605 | Acct-Multi- Accounting- Acct- |
| 2606 | Session-Id Session-Id Record-Type Link-Count |
| 2607 | -------------------------------------------------------- |
| 2608 | "...10" "...10" START_RECORD 1 |
| 2609 | "...10" "...11" START_RECORD 2 |
| 2610 | "...10" "...11" STOP_RECORD 2 |
| 2611 | "...10" "...12" START_RECORD 3 |
| 2612 | "...10" "...13" START_RECORD 4 |
| 2613 | "...10" "...12" STOP_RECORD 4 |
| 2614 | "...10" "...13" STOP_RECORD 4 |
| 2615 | "...10" "...10" STOP_RECORD 4 |
| 2616 | |
| 2617 | */ |
| 2618 | struct dict_avp_data data = { |
| 2619 | 51, /* Code */ |
| 2620 | 0, /* Vendor */ |
| 2621 | "Acct-Link-Count", /* Name */ |
| 2622 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2623 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2624 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2625 | }; |
| 2626 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2627 | } |
| 2628 | |
| 2629 | /* Acct-Tunnel-Connection */ |
| 2630 | { |
| 2631 | /* |
| 2632 | The Acct-Tunnel-Connection AVP (AVP Code 68) is of type OctetString |
| 2633 | and contains the identifier assigned to the tunnel session. This |
| 2634 | AVP, along with the Tunnel-Client-Endpoint and Tunnel-Server-Endpoint |
| 2635 | AVPs, may be used to provide a means to uniquely identify a tunnel |
| 2636 | session for auditing purposes. |
| 2637 | |
| 2638 | The format of the identifier in this AVP depends upon the value of |
| 2639 | the Tunnel-Type AVP. For example, to identify an L2TP tunnel |
| 2640 | connection fully, the L2TP Tunnel Id and Call Id might be encoded in |
| 2641 | this field. The exact encoding of this field is implementation |
| 2642 | dependent. |
| 2643 | */ |
| 2644 | struct dict_avp_data data = { |
| 2645 | 68, /* Code */ |
| 2646 | 0, /* Vendor */ |
| 2647 | "Acct-Tunnel-Connection", /* Name */ |
| 2648 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2649 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2650 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2651 | }; |
| 2652 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2653 | } |
| 2654 | |
| 2655 | /* Acct-Tunnel-Packets-Lost */ |
| 2656 | { |
| 2657 | /* |
| 2658 | The Acct-Tunnel-Packets-Lost AVP (AVP Code 86) is of type Unsigned32 |
| 2659 | and contains the number of packets lost on a given link. |
| 2660 | */ |
| 2661 | struct dict_avp_data data = { |
| 2662 | 86, /* Code */ |
| 2663 | 0, /* Vendor */ |
| 2664 | "Acct-Tunnel-Packets-Lost", /* Name */ |
| 2665 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2666 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2667 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2668 | }; |
| 2669 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2670 | } |
| 2671 | |
| 2672 | /*********************************** |
| 2673 | * Compatibility with RADIUS AVPs * |
| 2674 | ***********************************/ |
| 2675 | /* NAS-Identifier */ |
| 2676 | { |
| 2677 | /* |
| 2678 | The NAS-Identifier AVP (AVP Code 32) [RADIUS] is of type UTF8String |
| 2679 | and contains the identity of the NAS providing service to the user. |
| 2680 | This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent. |
| 2681 | When this AVP is present, the Origin-Host AVP identifies the NAS |
| 2682 | providing service to the user. |
| 2683 | |
| 2684 | In RADIUS it would be possible for a rogue NAS to forge the NAS- |
| 2685 | Identifier attribute. Diameter/RADIUS translation agents SHOULD |
| 2686 | attempt to check a received NAS-Identifier attribute against the |
| 2687 | source address of the RADIUS packet, by doing an A/AAAA RR query. If |
| 2688 | the NAS-Identifier attribute contains an FQDN, then such a query |
| 2689 | would resolve to an IP address matching the source address. However, |
| 2690 | the NAS-Identifier attribute is not required to contain an FQDN, so |
| 2691 | such a query could fail. If it fails, an error should be logged, but |
| 2692 | no action should be taken, other than a reverse lookup on the source |
| 2693 | address and insert the resulting FQDN into the Route-Record AVP. |
| 2694 | |
| 2695 | Diameter agents and servers SHOULD check whether a NAS-Identifier AVP |
| 2696 | corresponds to an entry in the Route-Record AVP. If no match is |
| 2697 | found, then an error is logged, but no other action is taken. |
| 2698 | */ |
| 2699 | struct dict_avp_data data = { |
| 2700 | 32, /* Code */ |
| 2701 | 0, /* Vendor */ |
| 2702 | "NAS-Identifier", /* Name */ |
| 2703 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2704 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2705 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2706 | }; |
| 2707 | CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL); |
| 2708 | } |
| 2709 | |
| 2710 | /* NAS-IP-Address */ |
| 2711 | { |
| 2712 | /* |
| 2713 | The NAS-IP-Address AVP (AVP Code 4) [RADIUS] is of type OctetString |
| 2714 | and contains the IP Address of the NAS providing service to the user. |
| 2715 | This AVP SHOULD only be added by a RADIUS/Diameter Translation Agent. |
| 2716 | When this AVP is present, the Origin-Host AVP identifies the NAS |
| 2717 | providing service to the user. |
| 2718 | |
| 2719 | In RADIUS it would be possible for a rogue NAS to forge the NAS-IP- |
| 2720 | Address attribute value. Diameter/RADIUS translation agents MUST |
| 2721 | check a received NAS-IP-Address or NAS-IPv6-Address attribute against |
| 2722 | the source address of the RADIUS packet. If they do not match and |
| 2723 | the Diameter/RADIUS translation agent does not know whether the |
| 2724 | packet was sent by a RADIUS proxy or NAS (e.g., no Proxy-State |
| 2725 | attribute), then by default it is assumed that the source address |
| 2726 | corresponds to a RADIUS proxy, and that the NAS Address is behind |
| 2727 | that proxy, potentially with some additional RADIUS proxies in |
| 2728 | between. The Diameter/RADIUS translation agent MUST insert entries |
| 2729 | in the Route-Record AVP corresponding to the apparent route. This |
| 2730 | implies doing a reverse lookup on the source address and NAS-IP- |
| 2731 | Address or NAS-IPv6-Address attributes to determine the corresponding |
| 2732 | FQDNs. |
| 2733 | |
| 2734 | If the source address and the NAS-IP-Address or NAS-IPv6-Address do |
| 2735 | not match, and the Diameter/RADIUS translation agent knows that it is |
| 2736 | talking directly to the NAS (e.g., there are no RADIUS proxies |
| 2737 | between it and the NAS), then the error should be logged, and the |
| 2738 | packet MUST be discarded. |
| 2739 | |
| 2740 | Diameter agents and servers MUST check whether the NAS-IP-Address AVP |
| 2741 | corresponds to an entry in the Route-Record AVP. This is done by |
| 2742 | doing a reverse lookup (PTR RR) for the NAS-IP-Address to retrieve |
| 2743 | the corresponding FQDN, and by checking for a match with the Route- |
| 2744 | Record AVP. If no match is found, then an error is logged, but no |
| 2745 | other action is taken. |
| 2746 | */ |
| 2747 | struct dict_avp_data data = { |
| 2748 | 4, /* Code */ |
| 2749 | 0, /* Vendor */ |
| 2750 | "NAS-IP-Address", /* Name */ |
| 2751 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2752 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2753 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2754 | }; |
| 2755 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2756 | } |
| 2757 | |
| 2758 | /* NAS-IPv6-Address */ |
| 2759 | { |
| 2760 | /* |
| 2761 | The NAS-IPv6-Address AVP (AVP Code 95) [RADIUSIPv6] is of type |
| 2762 | OctetString and contains the IPv6 Address of the NAS providing |
| 2763 | service to the user. This AVP SHOULD only be added by a |
| 2764 | RADIUS/Diameter Translation Agent. When this AVP is present, the |
| 2765 | Origin-Host AVP identifies the NAS providing service to the user. |
| 2766 | |
| 2767 | In RADIUS it would be possible for a rogue NAS to forge the NAS- |
| 2768 | IPv6-Address attribute. Diameter/RADIUS translation agents MUST |
| 2769 | check a received NAS-IPv6-Address attribute against the source |
| 2770 | address of the RADIUS packet. If they do not match and the |
| 2771 | Diameter/RADIUS translation agent does not know whether the packet |
| 2772 | was sent by a RADIUS proxy or NAS (e.g., no Proxy-State attribute), |
| 2773 | then by default it is assumed that the source address corresponds to |
| 2774 | a RADIUS proxy, and that the NAS-IPv6-Address is behind that proxy, |
| 2775 | potentially with some additional RADIUS proxies in between. The |
| 2776 | Diameter/RADIUS translation agent MUST insert entries in the Route- |
| 2777 | Record AVP corresponding to the apparent route. This implies doing a |
| 2778 | reverse lookup on the source address and NAS-IPv6-Address attributes |
| 2779 | to determine the corresponding FQDNs. |
| 2780 | |
| 2781 | If the source address and the NAS-IPv6-Address do not match, and the |
| 2782 | Diameter/RADIUS translation agent knows that it is talking directly |
| 2783 | to the NAS (e.g., there are no RADIUS proxies between it and the |
| 2784 | NAS), then the error should be logged, and the packet MUST be |
| 2785 | discarded. |
| 2786 | |
| 2787 | Diameter agents and servers MUST check whether the NAS-IPv6-Address |
| 2788 | AVP corresponds to an entry in the Route-Record AVP. This is done by |
| 2789 | doing a reverse lookup (PTR RR) for the NAS-IPv6-Address to retrieve |
| 2790 | the corresponding FQDN, and by checking for a match with the Record- |
| 2791 | Route AVP. If no match is found, then an error is logged, but no |
| 2792 | other action is taken. |
| 2793 | */ |
| 2794 | struct dict_avp_data data = { |
| 2795 | 95, /* Code */ |
| 2796 | 0, /* Vendor */ |
| 2797 | "NAS-IPv6-Address", /* Name */ |
| 2798 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2799 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2800 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2801 | }; |
| 2802 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2803 | } |
| 2804 | |
| 2805 | /* State */ |
| 2806 | { |
| 2807 | /* |
| 2808 | The State AVP (AVP Code 24) [RADIUS] is of type OctetString and has |
| 2809 | two uses in the Diameter NAS application. |
| 2810 | |
| 2811 | The State AVP MAY be sent by a Diameter Server to a NAS in an AA- |
| 2812 | Response command that contains a Result-Code of |
| 2813 | DIAMETER_MULTI_ROUND_AUTH. If so, the NAS MUST return it unmodified |
| 2814 | in the subsequent AA-Request command. |
| 2815 | |
| 2816 | The State AVP MAY also be sent by a Diameter Server to a NAS in an |
| 2817 | AA-Response command that also includes a Termination-Action AVP with |
| 2818 | the value of AA-REQUEST. If the NAS performs the Termination-Action |
| 2819 | by sending a new AA-Request command upon termination of the current |
| 2820 | service, it MUST return the State AVP unmodified in the new request |
| 2821 | command. |
| 2822 | |
| 2823 | In either usage, the NAS MUST NOT interpret the AVP locally. Usage |
| 2824 | of the State AVP is implementation dependent. |
| 2825 | */ |
| 2826 | struct dict_avp_data data = { |
| 2827 | 24, /* Code */ |
| 2828 | 0, /* Vendor */ |
| 2829 | "State", /* Name */ |
| 2830 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2831 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2832 | AVP_TYPE_OCTETSTRING /* base type of data */ |
| 2833 | }; |
| 2834 | CHECK_dict_new( DICT_AVP, &data , NULL, NULL); |
| 2835 | } |
| 2836 | |
| 2837 | /* Termination-Cause mapping */ |
| 2838 | { |
| 2839 | |
| 2840 | struct dict_object *type; |
| 2841 | struct dict_enumval_data tvals[] = { |
| 2842 | enumval_def_u32(11, "[RADIUS] User Request"), |
| 2843 | enumval_def_u32(12, "[RADIUS] Lost Carrier"), |
| 2844 | enumval_def_u32(13, "[RADIUS] Lost Service"), |
| 2845 | enumval_def_u32(14, "[RADIUS] Idle Timeout"), |
| 2846 | enumval_def_u32(15, "[RADIUS] Session Timeout"), |
| 2847 | enumval_def_u32(16, "[RADIUS] Admin Reset"), |
| 2848 | enumval_def_u32(17, "[RADIUS] Admin Reboot"), |
| 2849 | enumval_def_u32(18, "[RADIUS] Port Error"), |
| 2850 | enumval_def_u32(19, "[RADIUS] NAS Error"), |
| 2851 | enumval_def_u32(20, "[RADIUS] NAS Request"), |
| 2852 | enumval_def_u32(21, "[RADIUS] NAS Reboot"), |
| 2853 | enumval_def_u32(22, "[RADIUS] Port Unneeded"), |
| 2854 | enumval_def_u32(23, "[RADIUS] Port Preempted"), |
| 2855 | enumval_def_u32(24, "[RADIUS] Port Suspended"), |
| 2856 | enumval_def_u32(25, "[RADIUS] Service Unavailable"), |
| 2857 | enumval_def_u32(26, "[RADIUS] Callback"), |
| 2858 | enumval_def_u32(27, "[RADIUS] User Error"), |
| 2859 | enumval_def_u32(28, "[RADIUS] Host Request"), |
| 2860 | enumval_def_u32(29, "[RADIUS] Supplicant Restart"), |
| 2861 | enumval_def_u32(30, "[RADIUS] Reauthentication Failure"), |
| 2862 | enumval_def_u32(31, "[RADIUS] Port Reinit"), |
| 2863 | enumval_def_u32(32, "[RADIUS] Port Disabled") |
| 2864 | }; |
| 2865 | int i; |
| 2866 | |
| 2867 | CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Enumerated(Termination-Cause)", &type); |
| 2868 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 2869 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 2870 | } |
| 2871 | |
| 2872 | } |
| 2873 | |
| 2874 | /* Origin-AAA-Protocol */ |
| 2875 | { |
| 2876 | /* |
| 2877 | The Origin-AAA-Protocol AVP (AVP Code 408) is of the type Enumerated |
| 2878 | and should be inserted in a Diameter message translated by a gateway |
| 2879 | system from another AAA protocol, such as RADIUS. It identifies the |
| 2880 | source protocol of the message to the Diameter system receiving the |
| 2881 | message. |
| 2882 | |
| 2883 | The supported values are: |
| 2884 | |
| 2885 | 1 RADIUS |
| 2886 | */ |
| 2887 | struct dict_object *type; |
| 2888 | struct dict_type_data tdata = { AVP_TYPE_UNSIGNED32, "Enumerated(Origin-AAA-Protocol)" , NULL, NULL}; |
| 2889 | struct dict_enumval_data tvals[] = { |
| 2890 | enumval_def_u32( 1, "RADIUS") |
| 2891 | }; |
| 2892 | struct dict_avp_data data = { |
| 2893 | 408, /* Code */ |
| 2894 | 0, /* Vendor */ |
| 2895 | "Origin-AAA-Protocol", /* Name */ |
| 2896 | AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */ |
| 2897 | AVP_FLAG_MANDATORY, /* Fixed flag values */ |
| 2898 | AVP_TYPE_UNSIGNED32 /* base type of data */ |
| 2899 | }; |
| 2900 | int i; |
| 2901 | /* Create the Enumerated type, enumerated values, and the AVP */ |
| 2902 | CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type); |
| 2903 | for (i = 0; i < sizeof(tvals) / sizeof(tvals[0]); i++) { |
| 2904 | CHECK_dict_new( DICT_ENUMVAL, &tvals[i], type, NULL); |
| 2905 | } |
| 2906 | CHECK_dict_new( DICT_AVP, &data , type, NULL); |
| 2907 | } |
| 2908 | |
| 2909 | } |
| 2910 | |
| 2911 | /********************/ |
| 2912 | /* Commands section */ |
| 2913 | /********************/ |
| 2914 | { |
| 2915 | /* To avoid defining global variables for all the AVP that we use here, we do search the dictionary in each sub-block. |
| 2916 | * This is far from optimal, but the code is clearer like this, and the time it requires at execution is not noticeable. |
| 2917 | */ |
| 2918 | |
| 2919 | /* AA-Request (AAR) Command */ |
| 2920 | { |
| 2921 | /* |
| 2922 | The AA-Request (AAR), which is indicated by setting the Command-Code |
| 2923 | field to 265 and the 'R' bit in the Command Flags field, is used to |
| 2924 | request authentication and/or authorization for a given NAS user. |
| 2925 | The type of request is identified through the Auth-Request-Type AVP |
| 2926 | [BASE]. The recommended value for most RADIUS interoperabily |
| 2927 | situations is AUTHORIZE_AUTHENTICATE. |
| 2928 | |
| 2929 | If Authentication is requested, the User-Name attribute SHOULD be |
| 2930 | present, as well as any additional authentication AVPs that would |
| 2931 | carry the password information. A request for authorization SHOULD |
| 2932 | only include the information from which the authorization will be |
| 2933 | performed, such as the User-Name, Called-Station-Id, or Calling- |
| 2934 | Station-Id AVPs. All requests SHOULD contain AVPs uniquely |
| 2935 | identifying the source of the call, such as Origin-Host and NAS-Port. |
| 2936 | Certain networks MAY use different AVPs for authorization purposes. |
| 2937 | A request for authorization will include some AVPs defined in section |
| 2938 | 6. |
| 2939 | |
| 2940 | It is possible for a single session to be authorized first and then |
| 2941 | for an authentication request to follow. |
| 2942 | |
| 2943 | This AA-Request message MAY be the result of a multi-round |
| 2944 | authentication exchange, which occurs when the AA-Answer message is |
| 2945 | received with the Result-Code AVP set to DIAMETER_MULTI_ROUND_AUTH. |
| 2946 | A subsequent AAR message SHOULD be sent, with the User-Password AVP |
| 2947 | that includes the user's response to the prompt, and MUST include any |
| 2948 | State AVPs that were present in the AAA message. |
| 2949 | |
| 2950 | Message Format |
| 2951 | <AA-Request> ::= < Diameter Header: 265, REQ, PXY > |
| 2952 | < Session-Id > |
| 2953 | { Auth-Application-Id } |
| 2954 | { Origin-Host } |
| 2955 | { Origin-Realm } |
| 2956 | { Destination-Realm } |
| 2957 | { Auth-Request-Type } |
| 2958 | [ Destination-Host ] |
| 2959 | [ NAS-Identifier ] |
| 2960 | [ NAS-IP-Address ] |
| 2961 | [ NAS-IPv6-Address ] |
| 2962 | [ NAS-Port ] |
| 2963 | [ NAS-Port-Id ] |
| 2964 | [ NAS-Port-Type ] |
| 2965 | [ Origin-AAA-Protocol ] |
| 2966 | [ Origin-State-Id ] |
| 2967 | [ Port-Limit ] |
| 2968 | [ User-Name ] |
| 2969 | [ User-Password ] |
| 2970 | [ Service-Type ] |
| 2971 | [ State ] |
| 2972 | [ Authorization-Lifetime ] |
| 2973 | [ Auth-Grace-Period ] |
| 2974 | [ Auth-Session-State ] |
| 2975 | [ Callback-Number ] |
| 2976 | [ Called-Station-Id ] |
| 2977 | [ Calling-Station-Id ] |
| 2978 | [ Originating-Line-Info ] |
| 2979 | [ Connect-Info ] |
| 2980 | [ CHAP-Auth ] |
| 2981 | [ CHAP-Challenge ] |
| 2982 | * [ Framed-Compression ] |
| 2983 | [ Framed-Interface-Id ] |
| 2984 | [ Framed-IP-Address ] |
| 2985 | * [ Framed-IPv6-Prefix ] |
| 2986 | [ Framed-IP-Netmask ] |
| 2987 | [ Framed-MTU ] |
| 2988 | [ Framed-Protocol ] |
| 2989 | [ ARAP-Password ] |
| 2990 | [ ARAP-Security ] |
| 2991 | * [ ARAP-Security-Data ] |
| 2992 | * [ Login-IP-Host ] |
| 2993 | * [ Login-IPv6-Host ] |
| 2994 | [ Login-LAT-Group ] |
| 2995 | [ Login-LAT-Node ] |
| 2996 | [ Login-LAT-Port ] |
| 2997 | [ Login-LAT-Service ] |
| 2998 | * [ Tunneling ] |
| 2999 | * [ Proxy-Info ] |
| 3000 | * [ Route-Record ] |
| 3001 | * [ AVP ] |
| 3002 | */ |
| 3003 | struct dict_object * cmd; |
| 3004 | struct dict_cmd_data data = { |
| 3005 | 265, /* Code */ |
| 3006 | "AA-Request", /* Name */ |
| 3007 | CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE | CMD_FLAG_ERROR, /* Fixed flags */ |
| 3008 | CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE /* Fixed flag values */ |
| 3009 | }; |
| 3010 | struct local_rules_definition rules[] = |
| 3011 | { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } |
| 3012 | ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } |
| 3013 | ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } |
| 3014 | ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } |
| 3015 | ,{ "Destination-Realm", RULE_REQUIRED, -1, 1 } |
| 3016 | ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } |
| 3017 | ,{ "Destination-Host", RULE_OPTIONAL, -1, 1 } |
| 3018 | ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } |
| 3019 | ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3020 | ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } |
| 3021 | ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } |
| 3022 | ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } |
| 3023 | ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } |
| 3024 | ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3025 | ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } |
| 3026 | ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 } |
| 3027 | ,{ "User-Name", RULE_OPTIONAL, -1, 1 } |
| 3028 | ,{ "User-Password", RULE_OPTIONAL, -1, 1 } |
| 3029 | ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } |
| 3030 | ,{ "State", RULE_OPTIONAL, -1, 1 } |
| 3031 | ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } |
| 3032 | ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 } |
| 3033 | ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } |
| 3034 | ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 } |
| 3035 | ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3036 | ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3037 | ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } |
| 3038 | ,{ "Connect-Info", RULE_OPTIONAL, -1, 1 } |
| 3039 | ,{ "CHAP-Auth", RULE_OPTIONAL, -1, 1 } |
| 3040 | ,{ "CHAP-Challenge", RULE_OPTIONAL, -1, 1 } |
| 3041 | ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 } |
| 3042 | ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } |
| 3043 | ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3044 | ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 } |
| 3045 | ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 } |
| 3046 | ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 } |
| 3047 | ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3048 | ,{ "ARAP-Password", RULE_OPTIONAL, -1, 1 } |
| 3049 | ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1 } |
| 3050 | ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1 } |
| 3051 | ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 } |
| 3052 | ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 } |
| 3053 | ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 } |
| 3054 | ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 } |
| 3055 | ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 } |
| 3056 | ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 } |
| 3057 | ,{ "Tunneling", RULE_OPTIONAL, -1,-1 } |
| 3058 | ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 } |
| 3059 | ,{ "Route-Record", RULE_OPTIONAL, -1,-1 } |
| 3060 | }; |
| 3061 | |
| 3062 | CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd); |
| 3063 | PARSE_loc_rules( rules, cmd ); |
| 3064 | } |
| 3065 | |
| 3066 | /* AA-Answer (AAA) Command */ |
| 3067 | { |
| 3068 | /* |
| 3069 | The AA-Answer (AAA) message is indicated by setting the Command-Code |
| 3070 | field to 265 and clearing the 'R' bit in the Command Flags field. It |
| 3071 | is sent in response to the AA-Request (AAR) message. If |
| 3072 | authorization was requested, a successful response will include the |
| 3073 | authorization AVPs appropriate for the service being provided, as |
| 3074 | defined in section 6. |
| 3075 | |
| 3076 | For authentication exchanges requiring more than a single round trip, |
| 3077 | the server MUST set the Result-Code AVP to DIAMETER_MULTI_ROUND_AUTH. |
| 3078 | An AAA message with this result code MAY include one Reply-Message or |
| 3079 | more and MAY include zero or one State AVPs. |
| 3080 | |
| 3081 | If the Reply-Message AVP was present, the network access server |
| 3082 | SHOULD send the text to the user's client to display to the user, |
| 3083 | instructing the client to prompt the user for a response. For |
| 3084 | example, this capability can be achieved in PPP via PAP. If the |
| 3085 | access client is unable to prompt the user for a new response, it |
| 3086 | MUST treat the AA-Answer (AAA) with the Reply-Message AVP as an error |
| 3087 | and deny access. |
| 3088 | |
| 3089 | Message Format |
| 3090 | |
| 3091 | <AA-Answer> ::= < Diameter Header: 265, PXY > |
| 3092 | < Session-Id > |
| 3093 | { Auth-Application-Id } |
| 3094 | { Auth-Request-Type } |
| 3095 | { Result-Code } |
| 3096 | { Origin-Host } |
| 3097 | { Origin-Realm } |
| 3098 | [ User-Name ] |
| 3099 | [ Service-Type ] |
| 3100 | * [ Class ] |
| 3101 | * [ Configuration-Token ] |
| 3102 | [ Acct-Interim-Interval ] |
| 3103 | [ Error-Message ] |
| 3104 | [ Error-Reporting-Host ] |
| 3105 | * [ Failed-AVP ] |
| 3106 | [ Idle-Timeout ] |
| 3107 | [ Authorization-Lifetime ] |
| 3108 | [ Auth-Grace-Period ] |
| 3109 | [ Auth-Session-State ] |
| 3110 | [ Re-Auth-Request-Type ] |
| 3111 | [ Multi-Round-Time-Out ] |
| 3112 | [ Session-Timeout ] |
| 3113 | [ State ] |
| 3114 | * [ Reply-Message ] |
| 3115 | [ Origin-AAA-Protocol ] |
| 3116 | [ Origin-State-Id ] |
| 3117 | * [ Filter-Id ] |
| 3118 | [ Password-Retry ] |
| 3119 | [ Port-Limit ] |
| 3120 | [ Prompt ] |
| 3121 | [ ARAP-Challenge-Response ] |
| 3122 | [ ARAP-Features ] |
| 3123 | [ ARAP-Security ] |
| 3124 | * [ ARAP-Security-Data ] |
| 3125 | [ ARAP-Zone-Access ] |
| 3126 | [ Callback-Id ] |
| 3127 | [ Callback-Number ] |
| 3128 | [ Framed-Appletalk-Link ] |
| 3129 | * [ Framed-Appletalk-Network ] |
| 3130 | [ Framed-Appletalk-Zone ] |
| 3131 | * [ Framed-Compression ] |
| 3132 | [ Framed-Interface-Id ] |
| 3133 | [ Framed-IP-Address ] |
| 3134 | * [ Framed-IPv6-Prefix ] |
| 3135 | [ Framed-IPv6-Pool ] |
| 3136 | * [ Framed-IPv6-Route ] |
| 3137 | [ Framed-IP-Netmask ] |
| 3138 | * [ Framed-Route ] |
| 3139 | [ Framed-Pool ] |
| 3140 | [ Framed-IPX-Network ] |
| 3141 | [ Framed-MTU ] |
| 3142 | [ Framed-Protocol ] |
| 3143 | [ Framed-Routing ] |
| 3144 | * [ Login-IP-Host ] |
| 3145 | * [ Login-IPv6-Host ] |
| 3146 | [ Login-LAT-Group ] |
| 3147 | [ Login-LAT-Node ] |
| 3148 | [ Login-LAT-Port ] |
| 3149 | [ Login-LAT-Service ] |
| 3150 | [ Login-Service ] |
| 3151 | [ Login-TCP-Port ] |
| 3152 | * [ NAS-Filter-Rule ] |
| 3153 | * [ QoS-Filter-Rule ] |
| 3154 | * [ Tunneling ] |
| 3155 | * [ Redirect-Host ] |
| 3156 | [ Redirect-Host-Usage ] |
| 3157 | [ Redirect-Max-Cache-Time ] |
| 3158 | * [ Proxy-Info ] |
| 3159 | * [ AVP ] |
| 3160 | */ |
| 3161 | struct dict_object * cmd; |
| 3162 | struct dict_cmd_data data = { |
| 3163 | 265, /* Code */ |
| 3164 | "AA-Answer", /* Name */ |
| 3165 | CMD_FLAG_REQUEST | CMD_FLAG_PROXIABLE, /* Fixed flags */ |
| 3166 | CMD_FLAG_PROXIABLE /* Fixed flag values */ |
| 3167 | }; |
| 3168 | struct local_rules_definition rules[] = |
| 3169 | { { "Session-Id", RULE_FIXED_HEAD, -1, 1 } |
| 3170 | ,{ "Auth-Application-Id", RULE_REQUIRED, -1, 1 } |
| 3171 | ,{ "Auth-Request-Type", RULE_REQUIRED, -1, 1 } |
| 3172 | ,{ "Result-Code", RULE_REQUIRED, -1, 1 } |
| 3173 | ,{ "Origin-Host", RULE_REQUIRED, -1, 1 } |
| 3174 | ,{ "Origin-Realm", RULE_REQUIRED, -1, 1 } |
| 3175 | ,{ "User-Name", RULE_OPTIONAL, -1, 1 } |
| 3176 | ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } |
| 3177 | ,{ "Class", RULE_OPTIONAL, -1,-1 } |
| 3178 | ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1 } |
| 3179 | ,{ "Acct-Interim-Interval", RULE_OPTIONAL, -1, 1 } |
| 3180 | ,{ "Error-Message", RULE_OPTIONAL, -1, 1 } |
| 3181 | ,{ "Error-Reporting-Host", RULE_OPTIONAL, -1, 1 } |
| 3182 | ,{ "Failed-AVP", RULE_OPTIONAL, -1,-1 } |
| 3183 | ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 } |
| 3184 | ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } |
| 3185 | ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 } |
| 3186 | ,{ "Auth-Session-State", RULE_OPTIONAL, -1, 1 } |
| 3187 | ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 } |
| 3188 | ,{ "Multi-Round-Time-Out", RULE_OPTIONAL, -1, 1 } |
| 3189 | ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1 } |
| 3190 | ,{ "State", RULE_OPTIONAL, -1, 1 } |
| 3191 | ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } |
| 3192 | ,{ "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3193 | ,{ "Origin-State-Id", RULE_OPTIONAL, -1, 1 } |
| 3194 | ,{ "Filter-Id", RULE_OPTIONAL, -1,-1 } |
| 3195 | ,{ "Password-Retry", RULE_OPTIONAL, -1, 1 } |
| 3196 | ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 } |
| 3197 | ,{ "Prompt", RULE_OPTIONAL, -1, 1 } |
| 3198 | ,{ "ARAP-Challenge-Response", RULE_OPTIONAL, -1, 1 } |
| 3199 | ,{ "ARAP-Features", RULE_OPTIONAL, -1, 1 } |
| 3200 | ,{ "ARAP-Security", RULE_OPTIONAL, -1, 1 } |
| 3201 | ,{ "ARAP-Security-Data", RULE_OPTIONAL, -1,-1 } |
| 3202 | ,{ "ARAP-Zone-Access", RULE_OPTIONAL, -1, 1 } |
| 3203 | ,{ "Callback-Id", RULE_OPTIONAL, -1, 1 } |
| 3204 | ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 } |
| 3205 | ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1 } |
| 3206 | ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1,-1 } |
| 3207 | ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1 } |
| 3208 | ,{ "Framed-Compression", RULE_OPTIONAL, -1,-1 } |
| 3209 | ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1,-1 } |
| 3210 | ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3211 | ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 } |
| 3212 | ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1 } |
| 3213 | ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1 } |
| 3214 | ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1,-1 } |
| 3215 | ,{ "Framed-Route", RULE_OPTIONAL, -1,-1 } |
| 3216 | ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1 } |
| 3217 | ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1 } |
| 3218 | ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 } |
| 3219 | ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3220 | ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1 } |
| 3221 | ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 } |
| 3222 | ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 } |
| 3223 | ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 } |
| 3224 | ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 } |
| 3225 | ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 } |
| 3226 | ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 } |
| 3227 | ,{ "Login-Service", RULE_OPTIONAL, -1, 1 } |
| 3228 | ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1 } |
| 3229 | ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1 } |
| 3230 | ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1 } |
| 3231 | ,{ "Tunneling", RULE_OPTIONAL, -1,-1 } |
| 3232 | ,{ "Redirect-Host", RULE_OPTIONAL, -1,-1 } |
| 3233 | ,{ "Redirect-Host-Usage", RULE_OPTIONAL, -1, 1 } |
| 3234 | ,{ "Redirect-Max-Cache-Time", RULE_OPTIONAL, -1, 1 } |
| 3235 | ,{ "Proxy-Info", RULE_OPTIONAL, -1,-1 } |
| 3236 | }; |
| 3237 | |
| 3238 | CHECK_dict_new( DICT_COMMAND, &data , nasreq, &cmd); |
| 3239 | PARSE_loc_rules( rules, cmd ); |
| 3240 | } |
| 3241 | |
| 3242 | /* Re-Auth-Request */ |
| 3243 | { |
| 3244 | /* |
| 3245 | Add additional rules of the ABNF (compared to Base definition): |
| 3246 | |
| 3247 | <RA-Request> ::= < Diameter Header: 258, REQ, PXY > |
| 3248 | < Session-Id > |
| 3249 | { Origin-Host } |
| 3250 | { Origin-Realm } |
| 3251 | { Destination-Realm } |
| 3252 | { Destination-Host } |
| 3253 | { Auth-Application-Id } |
| 3254 | { Re-Auth-Request-Type } |
| 3255 | [ User-Name ] |
| 3256 | [ Origin-AAA-Protocol ] |
| 3257 | [ Origin-State-Id ] |
| 3258 | [ NAS-Identifier ] |
| 3259 | [ NAS-IP-Address ] |
| 3260 | [ NAS-IPv6-Address ] |
| 3261 | [ NAS-Port ] |
| 3262 | [ NAS-Port-Id ] |
| 3263 | [ NAS-Port-Type ] |
| 3264 | [ Service-Type ] |
| 3265 | [ Framed-IP-Address ] |
| 3266 | [ Framed-IPv6-Prefix ] |
| 3267 | [ Framed-Interface-Id ] |
| 3268 | [ Called-Station-Id ] |
| 3269 | [ Calling-Station-Id ] |
| 3270 | [ Originating-Line-Info ] |
| 3271 | [ Acct-Session-Id ] |
| 3272 | [ Acct-Multi-Session-Id ] |
| 3273 | [ State ] |
| 3274 | * [ Class ] |
| 3275 | [ Reply-Message ] |
| 3276 | * [ Proxy-Info ] |
| 3277 | * [ Route-Record ] |
| 3278 | * [ AVP ] |
| 3279 | */ |
| 3280 | struct dict_object * cmd; |
| 3281 | struct local_rules_definition rules[] = |
| 3282 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3283 | ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } |
| 3284 | ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3285 | ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } |
| 3286 | ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } |
| 3287 | ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } |
| 3288 | ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } |
| 3289 | ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } |
| 3290 | ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3291 | ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1 } |
| 3292 | ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } |
| 3293 | ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3294 | ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3295 | ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } |
| 3296 | ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1 } |
| 3297 | ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1 } |
| 3298 | ,{ "State", RULE_OPTIONAL, -1, 1 } |
| 3299 | ,{ "Class", RULE_OPTIONAL, -1,-1 } |
| 3300 | ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } |
| 3301 | }; |
| 3302 | |
| 3303 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Request", &cmd); |
| 3304 | PARSE_loc_rules( rules, cmd ); |
| 3305 | } |
| 3306 | |
| 3307 | /* Re-Auth-Answer */ |
| 3308 | { |
| 3309 | /* |
| 3310 | Add additional rules of the ABNF (compared to Base definition): |
| 3311 | |
| 3312 | |
| 3313 | <RA-Answer> ::= < Diameter Header: 258, PXY > |
| 3314 | < Session-Id > |
| 3315 | { Result-Code } |
| 3316 | { Origin-Host } |
| 3317 | { Origin-Realm } |
| 3318 | [ User-Name ] |
| 3319 | [ Origin-AAA-Protocol ] |
| 3320 | [ Origin-State-Id ] |
| 3321 | [ Error-Message ] |
| 3322 | [ Error-Reporting-Host ] |
| 3323 | * [ Failed-AVP ] |
| 3324 | * [ Redirected-Host ] |
| 3325 | [ Redirected-Host-Usage ] |
| 3326 | [ Redirected-Host-Cache-Time ] |
| 3327 | [ Service-Type ] |
| 3328 | * [ Configuration-Token ] |
| 3329 | [ Idle-Timeout ] |
| 3330 | [ Authorization-Lifetime ] |
| 3331 | [ Auth-Grace-Period ] |
| 3332 | [ Re-Auth-Request-Type ] |
| 3333 | [ State ] |
| 3334 | * [ Class ] |
| 3335 | * [ Reply-Message ] |
| 3336 | [ Prompt ] |
| 3337 | * [ Proxy-Info ] |
| 3338 | * [ AVP ] |
| 3339 | */ |
| 3340 | struct dict_object * cmd; |
| 3341 | struct local_rules_definition rules[] = |
| 3342 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3343 | ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } |
| 3344 | ,{ "Configuration-Token", RULE_OPTIONAL, -1,-1 } |
| 3345 | ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 } |
| 3346 | ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } |
| 3347 | ,{ "Auth-Grace-Period", RULE_OPTIONAL, -1, 1 } |
| 3348 | ,{ "Re-Auth-Request-Type", RULE_OPTIONAL, -1, 1 } |
| 3349 | ,{ "State", RULE_OPTIONAL, -1, 1 } |
| 3350 | ,{ "Class", RULE_OPTIONAL, -1,-1 } |
| 3351 | ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } |
| 3352 | ,{ "Prompt", RULE_OPTIONAL, -1, 1 } |
| 3353 | }; |
| 3354 | |
| 3355 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Re-Auth-Answer", &cmd); |
| 3356 | PARSE_loc_rules( rules, cmd ); |
| 3357 | } |
| 3358 | |
| 3359 | /* Session-Termination-Request */ |
| 3360 | { |
| 3361 | /* |
| 3362 | Add additional rules of the ABNF (compared to Base definition): |
| 3363 | |
| 3364 | |
| 3365 | <ST-Request> ::= < Diameter Header: 275, REQ, PXY > |
| 3366 | < Session-Id > |
| 3367 | { Origin-Host } |
| 3368 | { Origin-Realm } |
| 3369 | { Destination-Realm } |
| 3370 | { Auth-Application-Id } |
| 3371 | { Termination-Cause } |
| 3372 | [ User-Name ] |
| 3373 | [ Destination-Host ] |
| 3374 | * [ Class ] |
| 3375 | [ Origin-AAA-Protocol ] |
| 3376 | [ Origin-State-Id ] |
| 3377 | * [ Proxy-Info ] |
| 3378 | * [ Route-Record ] |
| 3379 | * [ AVP ] |
| 3380 | */ |
| 3381 | struct dict_object * cmd; |
| 3382 | struct local_rules_definition rules[] = |
| 3383 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3384 | }; |
| 3385 | |
| 3386 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Request", &cmd); |
| 3387 | PARSE_loc_rules( rules, cmd ); |
| 3388 | } |
| 3389 | |
| 3390 | /* Session-Termination-Answer */ |
| 3391 | { |
| 3392 | /* |
| 3393 | Add additional rules of the ABNF (compared to Base definition): |
| 3394 | |
| 3395 | <ST-Answer> ::= < Diameter Header: 275, PXY > |
| 3396 | < Session-Id > |
| 3397 | { Result-Code } |
| 3398 | { Origin-Host } |
| 3399 | { Origin-Realm } |
| 3400 | [ User-Name ] |
| 3401 | * [ Class ] |
| 3402 | [ Error-Message ] |
| 3403 | [ Error-Reporting-Host ] |
| 3404 | * [ Failed-AVP ] |
| 3405 | [ Origin-AAA-Protocol ] |
| 3406 | [ Origin-State-Id ] |
| 3407 | * [ Redirect-Host ] |
| 3408 | [ Redirect-Host-Usase ] |
| 3409 | [ Redirect-Max-Cache-Time ] |
| 3410 | * [ Proxy-Info ] |
| 3411 | * [ AVP ] |
| 3412 | */ |
| 3413 | struct dict_object * cmd; |
| 3414 | struct local_rules_definition rules[] = |
| 3415 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3416 | }; |
| 3417 | |
| 3418 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Session-Termination-Answer", &cmd); |
| 3419 | PARSE_loc_rules( rules, cmd ); |
| 3420 | } |
| 3421 | |
| 3422 | /* Abort-Session-Request */ |
| 3423 | { |
| 3424 | /* |
| 3425 | Add additional rules of the ABNF (compared to Base definition): |
| 3426 | |
| 3427 | <AS-Request> ::= < Diameter Header: 274, REQ, PXY > |
| 3428 | < Session-Id > |
| 3429 | { Origin-Host } |
| 3430 | { Origin-Realm } |
| 3431 | { Destination-Realm } |
| 3432 | { Destination-Host } |
| 3433 | { Auth-Application-Id } |
| 3434 | [ User-Name ] |
| 3435 | [ Origin-AAA-Protocol ] |
| 3436 | [ Origin-State-Id ] |
| 3437 | [ NAS-Identifier ] |
| 3438 | [ NAS-IP-Address ] |
| 3439 | [ NAS-IPv6-Address ] |
| 3440 | [ NAS-Port ] |
| 3441 | [ NAS-Port-Id ] |
| 3442 | [ NAS-Port-Type ] |
| 3443 | [ Service-Type ] |
| 3444 | [ Framed-IP-Address ] |
| 3445 | [ Framed-IPv6-Prefix ] |
| 3446 | [ Framed-Interface-Id ] |
| 3447 | [ Called-Station-Id ] |
| 3448 | [ Calling-Station-Id ] |
| 3449 | [ Originating-Line-Info ] |
| 3450 | [ Acct-Session-Id ] |
| 3451 | [ Acct-Multi-Session-Id ] |
| 3452 | [ State ] |
| 3453 | * [ Class ] |
| 3454 | * [ Reply-Message ] |
| 3455 | * [ Proxy-Info ] |
| 3456 | * [ Route-Record ] |
| 3457 | * [ AVP ] |
| 3458 | |
| 3459 | */ |
| 3460 | struct dict_object * cmd; |
| 3461 | struct local_rules_definition rules[] = |
| 3462 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3463 | ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } |
| 3464 | ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3465 | ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } |
| 3466 | ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } |
| 3467 | ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } |
| 3468 | ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } |
| 3469 | ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } |
| 3470 | ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3471 | ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1, 1 } |
| 3472 | ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } |
| 3473 | ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3474 | ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3475 | ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } |
| 3476 | ,{ "Acct-Session-Id", RULE_OPTIONAL, -1, 1 } |
| 3477 | ,{ "Acct-Multi-Session-Id", RULE_OPTIONAL, -1, 1 } |
| 3478 | ,{ "State", RULE_OPTIONAL, -1, 1 } |
| 3479 | ,{ "Class", RULE_OPTIONAL, -1,-1 } |
| 3480 | ,{ "Reply-Message", RULE_OPTIONAL, -1,-1 } |
| 3481 | }; |
| 3482 | |
| 3483 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Request", &cmd); |
| 3484 | PARSE_loc_rules( rules, cmd ); |
| 3485 | } |
| 3486 | |
| 3487 | /* Abort-Session-Answer */ |
| 3488 | { |
| 3489 | /* |
| 3490 | Add additional rules of the ABNF (compared to Base definition): |
| 3491 | |
| 3492 | <AS-Answer> ::= < Diameter Header: 274, PXY > |
| 3493 | < Session-Id > |
| 3494 | { Result-Code } |
| 3495 | { Origin-Host } |
| 3496 | { Origin-Realm } |
| 3497 | [ User-Name ] |
| 3498 | [ Origin-AAA-Protocol ] |
| 3499 | [ Origin-State-Id ] |
| 3500 | [ State] |
| 3501 | [ Error-Message ] |
| 3502 | [ Error-Reporting-Host ] |
| 3503 | * [ Failed-AVP ] |
| 3504 | * [ Redirected-Host ] |
| 3505 | [ Redirected-Host-Usage ] |
| 3506 | [ Redirected-Max-Cache-Time ] |
| 3507 | * [ Proxy-Info ] |
| 3508 | * [ AVP ] |
| 3509 | */ |
| 3510 | struct dict_object * cmd; |
| 3511 | struct local_rules_definition rules[] = |
| 3512 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3513 | ,{ "State", RULE_OPTIONAL, -1, 1 } |
| 3514 | }; |
| 3515 | |
| 3516 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Abort-Session-Answer", &cmd); |
| 3517 | PARSE_loc_rules( rules, cmd ); |
| 3518 | } |
| 3519 | |
| 3520 | /* Accounting-Request */ |
| 3521 | { |
| 3522 | /* |
| 3523 | Add additional rules of the ABNF (compared to Base definition): |
| 3524 | |
| 3525 | <AC-Request> ::= < Diameter Header: 271, REQ, PXY > |
| 3526 | < Session-Id > |
| 3527 | { Origin-Host } |
| 3528 | { Origin-Realm } |
| 3529 | { Destination-Realm } |
| 3530 | { Accounting-Record-Type } |
| 3531 | { Accounting-Record-Number } |
| 3532 | [ Acct-Application-Id ] |
| 3533 | [ Vendor-Specific-Application-Id ] |
| 3534 | [ User-Name ] |
| 3535 | [ Accounting-Sub-Session-Id ] |
| 3536 | [ Acct-Session-Id ] |
| 3537 | [ Acct-Multi-Session-Id ] |
| 3538 | [ Origin-AAA-Protocol ] |
| 3539 | [ Origin-State-Id ] |
| 3540 | [ Destination-Host ] |
| 3541 | [ Event-Timestamp ] |
| 3542 | [ Acct-Delay-Time ] |
| 3543 | [ NAS-Identifier ] |
| 3544 | [ NAS-IP-Address ] |
| 3545 | [ NAS-IPv6-Address ] |
| 3546 | [ NAS-Port ] |
| 3547 | [ NAS-Port-Id ] |
| 3548 | [ NAS-Port-Type ] |
| 3549 | * [ Class ] |
| 3550 | [ Service-Type ] |
| 3551 | [ Termination-Cause ] |
| 3552 | [ Accounting-Input-Octets ] |
| 3553 | [ Accounting-Input-Packets ] |
| 3554 | [ Accounting-Output-Octets ] |
| 3555 | [ Accounting-Output-Packets ] |
| 3556 | [ Acct-Authentic ] |
| 3557 | [ Accounting-Auth-Method ] |
| 3558 | [ Acct-Link-Count ] |
| 3559 | [ Acct-Session-Time ] |
| 3560 | [ Acct-Tunnel-Connection ] |
| 3561 | [ Acct-Tunnel-Packets-Lost ] |
| 3562 | [ Callback-Id ] |
| 3563 | [ Callback-Number ] |
| 3564 | [ Called-Station-Id ] |
| 3565 | [ Calling-Station-Id ] |
| 3566 | * [ Connection-Info ] |
| 3567 | [ Originating-Line-Info ] |
| 3568 | [ Authorization-Lifetime ] |
| 3569 | [ Session-Timeout ] |
| 3570 | [ Idle-Timeout ] |
| 3571 | [ Port-Limit ] |
| 3572 | [ Accounting-Realtime-Required ] |
| 3573 | [ Acct-Interim-Interval ] |
| 3574 | * [ Filter-Id ] |
| 3575 | * [ NAS-Filter-Rule ] |
| 3576 | * [ Qos-Filter-Rule ] |
| 3577 | [ Framed-AppleTalk-Link ] |
| 3578 | [ Framed-AppleTalk-Network ] |
| 3579 | [ Framed-AppleTalk-Zone ] |
| 3580 | [ Framed-Compression ] |
| 3581 | [ Framed-Interface-Id ] |
| 3582 | [ Framed-IP-Address ] |
| 3583 | [ Framed-IP-Netmask ] |
| 3584 | * [ Framed-IPv6-Prefix ] |
| 3585 | [ Framed-IPv6-Pool ] |
| 3586 | * [ Framed-IPv6-Route ] |
| 3587 | [ Framed-IPX-Network ] |
| 3588 | [ Framed-MTU ] |
| 3589 | [ Framed-Pool ] |
| 3590 | [ Framed-Protocol ] |
| 3591 | * [ Framed-Route ] |
| 3592 | [ Framed-Routing ] |
| 3593 | * [ Login-IP-Host ] |
| 3594 | * [ Login-IPv6-Host ] |
| 3595 | [ Login-LAT-Group ] |
| 3596 | [ Login-LAT-Node ] |
| 3597 | [ Login-LAT-Port ] |
| 3598 | [ Login-LAT-Service ] |
| 3599 | [ Login-Service ] |
| 3600 | [ Login-TCP-Port ] |
| 3601 | * [ Tunneling ] |
| 3602 | * [ Proxy-Info ] |
| 3603 | * [ Route-Record ] |
| 3604 | * [ AVP ] |
| 3605 | */ |
| 3606 | struct dict_object * cmd; |
| 3607 | struct local_rules_definition rules[] = |
| 3608 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3609 | ,{ "Acct-Delay-Time", RULE_OPTIONAL, -1, 1 } |
| 3610 | ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } |
| 3611 | ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3612 | ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } |
| 3613 | ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } |
| 3614 | ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } |
| 3615 | ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } |
| 3616 | ,{ "Class", RULE_OPTIONAL, -1,-1 } |
| 3617 | ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } |
| 3618 | ,{ "Termination-Cause", RULE_OPTIONAL, -1, 1 } |
| 3619 | ,{ "Accounting-Input-Octets", RULE_OPTIONAL, -1, 1 } |
| 3620 | ,{ "Accounting-Input-Packets", RULE_OPTIONAL, -1, 1 } |
| 3621 | ,{ "Accounting-Output-Octets", RULE_OPTIONAL, -1, 1 } |
| 3622 | ,{ "Accounting-Output-Packets", RULE_OPTIONAL, -1, 1 } |
| 3623 | ,{ "Acct-Authentic", RULE_OPTIONAL, -1, 1 } |
| 3624 | ,{ "Accounting-Auth-Method", RULE_OPTIONAL, -1, 1 } |
| 3625 | ,{ "Acct-Link-Count", RULE_OPTIONAL, -1, 1 } |
| 3626 | ,{ "Acct-Session-Time", RULE_OPTIONAL, -1, 1 } |
| 3627 | ,{ "Acct-Tunnel-Connection", RULE_OPTIONAL, -1, 1 } |
| 3628 | ,{ "Acct-Tunnel-Packets-Lost", RULE_OPTIONAL, -1, 1 } |
| 3629 | ,{ "Callback-Id", RULE_OPTIONAL, -1, 1 } |
| 3630 | ,{ "Callback-Number", RULE_OPTIONAL, -1, 1 } |
| 3631 | ,{ "Called-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3632 | ,{ "Calling-Station-Id", RULE_OPTIONAL, -1, 1 } |
| 3633 | ,{ "Connect-Info", RULE_OPTIONAL, -1,-1 } |
| 3634 | ,{ "Originating-Line-Info", RULE_OPTIONAL, -1, 1 } |
| 3635 | ,{ "Authorization-Lifetime", RULE_OPTIONAL, -1, 1 } |
| 3636 | ,{ "Session-Timeout", RULE_OPTIONAL, -1, 1 } |
| 3637 | ,{ "Idle-Timeout", RULE_OPTIONAL, -1, 1 } |
| 3638 | ,{ "Port-Limit", RULE_OPTIONAL, -1, 1 } |
| 3639 | ,{ "Filter-Id", RULE_OPTIONAL, -1,-1 } |
| 3640 | ,{ "NAS-Filter-Rule", RULE_OPTIONAL, -1,-1 } |
| 3641 | ,{ "QoS-Filter-Rule", RULE_OPTIONAL, -1,-1 } |
| 3642 | ,{ "Framed-AppleTalk-Link", RULE_OPTIONAL, -1, 1 } |
| 3643 | ,{ "Framed-AppleTalk-Network", RULE_OPTIONAL, -1, 1 } |
| 3644 | ,{ "Framed-AppleTalk-Zone", RULE_OPTIONAL, -1, 1 } |
| 3645 | ,{ "Framed-Compression", RULE_OPTIONAL, -1, 1 } |
| 3646 | ,{ "Framed-Interface-Id", RULE_OPTIONAL, -1, 1 } |
| 3647 | ,{ "Framed-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3648 | ,{ "Framed-IPv6-Prefix", RULE_OPTIONAL, -1,-1 } |
| 3649 | ,{ "Framed-IPv6-Pool", RULE_OPTIONAL, -1, 1 } |
| 3650 | ,{ "Framed-IPv6-Route", RULE_OPTIONAL, -1,-1 } |
| 3651 | ,{ "Framed-IP-Netmask", RULE_OPTIONAL, -1, 1 } |
| 3652 | ,{ "Framed-Route", RULE_OPTIONAL, -1,-1 } |
| 3653 | ,{ "Framed-Pool", RULE_OPTIONAL, -1, 1 } |
| 3654 | ,{ "Framed-IPX-Network", RULE_OPTIONAL, -1, 1 } |
| 3655 | ,{ "Framed-MTU", RULE_OPTIONAL, -1, 1 } |
| 3656 | ,{ "Framed-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3657 | ,{ "Framed-Routing", RULE_OPTIONAL, -1, 1 } |
| 3658 | ,{ "Login-IP-Host", RULE_OPTIONAL, -1,-1 } |
| 3659 | ,{ "Login-IPv6-Host", RULE_OPTIONAL, -1,-1 } |
| 3660 | ,{ "Login-LAT-Group", RULE_OPTIONAL, -1, 1 } |
| 3661 | ,{ "Login-LAT-Node", RULE_OPTIONAL, -1, 1 } |
| 3662 | ,{ "Login-LAT-Port", RULE_OPTIONAL, -1, 1 } |
| 3663 | ,{ "Login-LAT-Service", RULE_OPTIONAL, -1, 1 } |
| 3664 | ,{ "Login-Service", RULE_OPTIONAL, -1, 1 } |
| 3665 | ,{ "Login-TCP-Port", RULE_OPTIONAL, -1, 1 } |
| 3666 | ,{ "Tunneling", RULE_OPTIONAL, -1,-1 } |
| 3667 | }; |
| 3668 | |
| 3669 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Request", &cmd); |
| 3670 | PARSE_loc_rules( rules, cmd ); |
| 3671 | } |
| 3672 | |
| 3673 | /* Accounting-Answer */ |
| 3674 | { |
| 3675 | /* |
| 3676 | Add additional rules of the ABNF (compared to Base definition): |
| 3677 | |
| 3678 | <AC-Answer> ::= < Diameter Header: 271, PXY > |
| 3679 | < Session-Id > |
| 3680 | { Result-Code } |
| 3681 | { Origin-Host } |
| 3682 | { Origin-Realm } |
| 3683 | { Accounting-Record-Type } |
| 3684 | { Accounting-Record-Number } |
| 3685 | [ Acct-Application-Id ] |
| 3686 | [ Vendor-Specific-Application-Id ] |
| 3687 | [ User-Name ] |
| 3688 | [ Accounting-Sub-Session-Id ] |
| 3689 | [ Acct-Session-Id ] |
| 3690 | [ Acct-Multi-Session-Id ] |
| 3691 | [ Event-Timestamp ] |
| 3692 | [ Error-Message ] |
| 3693 | [ Error-Reporting-Host ] |
| 3694 | * [ Failed-AVP ] |
| 3695 | [ Origin-AAA-Protocol ] |
| 3696 | [ Origin-State-Id ] |
| 3697 | [ NAS-Identifier ] |
| 3698 | [ NAS-IP-Address ] |
| 3699 | [ NAS-IPv6-Address ] |
| 3700 | [ NAS-Port ] |
| 3701 | [ NAS-Port-Id ] |
| 3702 | [ NAS-Port-Type ] |
| 3703 | [ Service-Type ] |
| 3704 | [ Termination-Cause ] |
| 3705 | [ Accounting-Realtime-Required ] |
| 3706 | [ Acct-Interim-Interval ] |
| 3707 | * [ Class ] |
| 3708 | * [ Proxy-Info ] |
| 3709 | * [ Route-Record ] |
| 3710 | * [ AVP ] |
| 3711 | |
| 3712 | */ |
| 3713 | struct dict_object * cmd; |
| 3714 | struct local_rules_definition rules[] = |
| 3715 | { { "Origin-AAA-Protocol", RULE_OPTIONAL, -1, 1 } |
| 3716 | ,{ "NAS-Identifier", RULE_OPTIONAL, -1, 1 } |
| 3717 | ,{ "NAS-IP-Address", RULE_OPTIONAL, -1, 1 } |
| 3718 | ,{ "NAS-IPv6-Address", RULE_OPTIONAL, -1, 1 } |
| 3719 | ,{ "NAS-Port", RULE_OPTIONAL, -1, 1 } |
| 3720 | ,{ "NAS-Port-Id", RULE_OPTIONAL, -1, 1 } |
| 3721 | ,{ "NAS-Port-Type", RULE_OPTIONAL, -1, 1 } |
| 3722 | ,{ "Service-Type", RULE_OPTIONAL, -1, 1 } |
| 3723 | ,{ "Termination-Cause", RULE_OPTIONAL, -1, 1 } |
| 3724 | }; |
| 3725 | |
| 3726 | CHECK_dict_search( DICT_COMMAND, CMD_BY_NAME, "Accounting-Answer", &cmd); |
| 3727 | PARSE_loc_rules( rules, cmd ); |
| 3728 | } |
| 3729 | } |
| 3730 | |
| 3731 | LOG_D( "Extension 'Dictionary definitions for NASREQ' initialized"); |
| 3732 | return 0; |
| 3733 | } |
| 3734 | |
| 3735 | EXTENSION_ENTRY("dict_nasreq", dnr_entry); |