Proxy / reply translation

Richard J Palmer richard at merula.net
Sat Nov 11 19:36:34 CET 2017


Hi

Sorry for the delay. I am getting close with this I think... BUT 
something seems to be slightly wrong.

Happy to post a full log as needed - BUT I hope the bit I need is 
here:

(2) sql1:   Framed-Route = ""
(2) sql1:   Framed-IP-Address = 1.2.3.1
(2) sql1:   Framed-IP-Netmask = 255.255.255.248
(2) sql1:   Cisco-AVPair += "ip:route=1.2.3.0 255.255.255.248"
(2) sql1:   Filter-Id = "P"
(2) sql1:   Chargeable-User-Identity = "richard2"

<group SQL statements>

(2) sql1: Group "Hotspot": Merging reply items
(2) sql1:   Acct-Interim-Interval = 600

(2)       [sql1] = ok
(2)     } # redundant = ok
(2)     policy rewrite_routes {
(2)       if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
(2)       ERROR: Failed retrieving values required to evaluate 
condition
(2)     } # policy rewrite_routes = ok

(2) Login OK: [richard2] (from client local port 1)
(2) Sent Access-Accept Id 69 from 127.0.0.1:1645 to 127.0.0.1:48919 
length 0
(2)   Framed-IP-Address = 1.2.3.1
(2)   Framed-IP-Netmask = 255.255.255.248
(2)   Cisco-AVPair = "ip:route=1.2.3.0 255.255.255.248"
(2)   Filter-Id = "P"
(2)   Chargeable-User-Identity = "richard2"
(2)   Acct-Interim-Interval = 600
(2) Finished request


In my authorise section I have placed:

redundant {
      sql1
      sql2
      handled
    }
#     -sql
    rewrite_routes

(The other sections are there - this is just to show where what I hope 
is relevant. The code itself is based on the code provided below

rewrite_routes  {
if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
  switch "%{2}" {
    case "255.255.255.255" {
      update reply {
       Framed-Route = "%{1}/32"
     }
    }
    case "255.255.255.254" {
      update reply {
       Framed-Route = "%{1}/31"
      }
    }


and so on (it is in the policy.d folder)

I am aware the key to this is the error

(2)       ERROR: Failed retrieving values required to evaluate 
condition

What I am unclear about is why this is failing / and what I have done 
wrong here to cause this. If you can give me one more pointer here I'd 
appreciate it

More than happy to send any of the extra config or log as needed

Thanks in advance

Richard




On Thursday 09/11/2017 at 1:35 pm, Alan DeKok  wrote:
> On Nov 9, 2017, at 8:19 AM, Richard J Palmer <richard at merula.net> 
> wrote:
>>
>> This is where my skills are not great (regex) most other areas I can 
>> work with. Ultimately I am happy to pay someone to help write the 
>> little bit of code that does this. I do need to cope with Netmasks 
>> from  /32 to /24 so a few switch cases.
>
>    It shouldn't be difficult.
>
>>
>> Alternatively if someone can provide a few pointers on that bit I can 
>> probably build from there.
>
>    If you have:
>
>>
>>>
>>>>
>>>>        Cisco-AVPair = "ip:route=1.2.3.1 255.255.255.240"
>
>    Step 1, split it into pieces:
>
> if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
>
>    This matches the "ip:route" prefix.  It then matches non-space 
> data, then a space, and more non-space data.  As per the FR 
> documentation, the first match goes into %{1}, and the second into 
> %{2}.
>
>    As there are only a limited number of net masks, you can expand the 
> net mask, and switch over it (inside of the "if" block from above)
>
> switch "%{2}" {
> case "255.255.255.255" {
> update reply {
> Framed-Route = "%{1}/32"
> }
> }
>
> case "255.255.255.254" {
> update reply {
> Framed-Route = "%{1}/31"
> }
> }
>
> case "255.255.255.252" {
> update reply {
> Framed-Route = "%{1}/30"
> }
> }
>
> ... etc...
>
> # and the "catch all" case, just mash it to /28
> case {
> update reply {
> Framed-Route = "%{1}/28"
> }
> }
> }
>
>    A little verbose, but it should work.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list