Cisco-AVPair regex

[Alan DeKok]

On Feb 23, 2018, at 10:32 AM, Kylián Martin <kylianm at plzen.eu> wrote:
> You're right, thank you. That’s something I forgot to put back after some tries.
> But still got the trouble while expanding the AVPs...
> 
> (12)   Cisco-AVPair = "dhcp-option=\000\014\000\003iP6"
> (12)   Cisco-AVPair = "http-tlv=\000\001\000\031iPhone7,2/11.2.2 (15C202)"
> ...
> (12)           if ("%{string:%{Foreach-Variable-0}}" =~ /^(http-tlv=){1}([\\][0-9]{1,3}){1,5}(.*)$/i) {

  I don't see why you're doing %{string:%{Foreach-Variable-0}}.

  The "string" expansion takes an *attribute name*, finds the attribute, and then outputs it as a printable string.

  What you're doing is taking the *value* of Foreach-Variable-0, and passing that to %{string:...}

> (12)           EXPAND Foreach-Variable-0
> (12)              --> audit-session-id=1ef1a8c0000538f82e22905a

  i.e. the value of this variable.

> (12)           EXPAND %{string:%{Foreach-Variable-0}}
> (12)              -->

  Because there is no attribute named "audit-session-id=1ef1a8c0000538f82e22905a".

  TBH, the simplest thing is to *not* use "foreach".  I'd guess that the Cisco-AVPair attributes come in the same order all the time.  So you can just rely on that.  e.g.

	if (Cisco-AVPair[0] =~ /^dhcp-option=/) {
		update request {
			Tmp-Integer-0 := "%{unpack:&Cisco-AVPair[0] 12 integer}"
		}
	}

  That will get you the binary data (4 octets) into Tmp-Integer-0.

  i.e. *manually* check that Cisco-AVPair[0] is the "dhcp-option".  Then, *manually* check that the binary data you want is at byte offset 12.  And then write an "unpack" rule to do that...

  Alan DeKok.