Rewrite Rule

Maile Halatuituia maile.halatuituia at tcc.to
Thu Nov 1 02:26:06 CET 2018 

I looked through the cisco dictionary file and see no mention of ipv6 there

-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+maile.halatuituia=tcc.to at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Thursday, 1 November 2018 2:14 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Rewrite Rule



> On Oct 31, 2018, at 9:03 PM, Maile Halatuituia <maile.halatuituia at tcc.to> wrote:
>
> Hi Alan
> Here is the packet
> ...
> (4)   Cisco-AVPair = "connect-progress=LAN Ses Up"
> (4)   Cisco-AVPair = "nas-tx-speed=1000000000"
> (4)   Cisco-AVPair = "nas-rx-speed=1000000000"
> ...
> (4)   Cisco-AVPair = "acct-input-octets-ipv6=2586"
> (4)   Cisco-AVPair = "acct-output-octets-ipv6=4914"
> ...
> (4)   Cisco-AVPair = "acct-input-packets-ipv6=41"
> (4)   Cisco-AVPair = "acct-output-packets-ipv6=50"
> ...
> (4)   Cisco-AVPair = "client-mac-address=ae6e.0e71.2d61"

  So lots of Cisco-AVPAirs.

  To be honest, "unlang" isn't well suited for picking specific attributes based on specific contents.  You can use "foreach", which should work.  But it's a bit awkward.

> I have three take away from your reply below.
> 1. I need to look at what value should I use for this particular Cisco AVP attribute for my filter.

  You should test the regular expression in isolation.  i.e. with packets containing ONE Cisco-AVPair.  And use "radclient" to send test packets.

  It also would be good to fix the regular expression.  You have the brackets escaped, which doesn't seem right.

> We use the same for the MAC address and seems to rewrite the MAC address received on the packet and it is working but not for the ipv6 counter.

  Well, if the MAC regex works, and this one doesn't, then they're not the same, are they?

> 2. any suggestion how to do this or particular documentation is very much appreciated

  Use the correct regex.  Do *small* tests, with *small* packets.  There is no simple way in unlang to do this kind of thing.  Cisco has made it very hard, by burying names inside of values.

  You should be able to do something like this:

        foreach &Cisco-AVPair {
                if ("%{Foreach-Variable-0}" =~ /^acct-input-octets-ipv6=(.*)$/) {
                        update request {
                                ... something ...
                        }
                }
        }

   You will need to use a *real* attribute name instead of "something".  As I said before, you can't just invent a "acct-input-octets-ipv6" attribute, and expect it to do what you want.  If you do that, the server will fail to start.  So you have to create the attribute.  See raddb/dictionary for documentation.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.

More information about the Freeradius-Users mailing list