Matching a prefix in huntgroups file
Herwin Weststrate
herwin at quarantainenet.nl
Wed Nov 9 16:24:24 CET 2016
On 09-11-16 16:19, Arran Cudbard-Bell wrote:
>
>> On Nov 7, 2016, at 12:08 PM, Alan DeKok <aland at deployingradius.com> wrote:
>>
>>
>>> On Nov 7, 2016, at 11:38 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>>
>>> On 07/11/16 16:03, Alan DeKok wrote:
>>>
>>>> if (&NAS-IP-Address < 10.254.0.0/16) {
>>>>
>>>> Which checks that the IP is "within" the network. ASCII doesn't have
>>>> a "set contains" character, so "<" is the best we can do.
>>>
>>> FWIW, Postgres uses "<<" for "is contained within" or "<<=" for "contained within or equals" and conversely for >> and >>=. Newer versions have && for "contains or contained by".
>>
>> "<<" is also used for bit shifting. There is no perfect answer here. :(
>>
>> I'd love to use a sideways "U", which is the mathematical symbol for "set contains". But that's not easy in the ASCII character set.
>
> Yeah we tried a bunch of different variations, I don't think postgresql's operators are any less ambiguous than >= > < <=.
>
> I'd support allowing the proper UTF8 chars too, and actually displaying those when conditions are printed in debug output.
>
> -Arran
I'm not really sure how the config parser works, but are we really
limited to some special chars for tokens? You can make it a bit more
verbose (and way less ambiguous) with syntax like this:
if (&NAS-IP-Address cidr_contained_in 10.254.0.0/16) { ... }
if (10.254.0.0/16 cidr_contains &NAS-IP-Address) { ... }
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list