Matching a prefix in huntgroups file

Brian Candler b.candler at pobox.com
Fri Nov 4 22:56:44 CET 2016


On 04/11/2016 16:59, Alan DeKok wrote:
>> But does that mean you can test for an IP address being within a prefix? If so, which operator would you use? I tried:
>> >
>> >    if (&NAS-IP-Address == 10.254.0.0/16) { ...
>    That should work.  There are tests for it.
Doesn't seem to. Here's a testing entry in policy.d/foo

foo {
   if (10.254.1.1 == 10.254.0.0/16) {
     update {
       Tmp-String-0 := "AAA"
     }
   }
   update {
     request:NAS-IP-Address := 10.254.1.1
   }
   if (&NAS-IP-Address == 10.254.0.0/16) {
     update {
       Tmp-String-1 := "BBB"
     }
   }
}

and here's the debug output:

(0)     policy foo {
(0)       if (10.254.1.1 == 10.254.0.0/16) {
(0)       if (10.254.1.1 == 10.254.0.0/16)  -> FALSE
(0)       update {
(0)         request:NAS-IP-Address := 10.254.1.1
(0)       } # update = noop
(0)       if (&NAS-IP-Address == 10.254.0.0/16) {
(0)       if (&NAS-IP-Address == 10.254.0.0/16)  -> FALSE
(0)     } # policy foo = noop


>
>    Or, just cast NAS-IP-Address to <ipv4prefix>
>
That doesn't seem to work either:


(0)     policy foo {
(0)       if (<ipv4prefix>10.254.1.1 == 10.254.0.0/16) {
(0)       if (<ipv4prefix>10.254.1.1 == 10.254.0.0/16) -> FALSE
(0)       update {
(0)         request:NAS-IP-Address := 10.254.1.1
(0)       } # update = noop
(0)       if (<ipv4prefix>&NAS-IP-Address == 10.254.0.0/16) {
(0)       if (<ipv4prefix>&NAS-IP-Address == 10.254.0.0/16)  -> FALSE
(0)     } # policy foo = noop


The above tests done on ubuntu 16.04, with freeradius 3.0.12 from the PPA.

Regards,

Brian.



More information about the Freeradius-Users mailing list