In master the destination of an update section can now be specified using an xlat: authorize { update request { BroadSoft-Attr-255 += '250=123456' BroadSoft-Attr-255 += '260=false' } foreach &BroadSoft-Attr-255 { if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { update request { "%{vendor:Broadsoft-Attr-255}-Attr-%{1}" += "%{2}" } } } update { Tmp-String-0 := "%{debug_attr:request:}" } } (1) update request { (1) BroadSoft-Attr-255 += '250=123456' (1) BroadSoft-Attr-255 += '260=false' (1) } # update request = noop (1) foreach &BroadSoft-Attr-255 (1) # Foreach-Variable-0 = "250=123456" (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) EXPAND Foreach-Variable-0 (1) --> 250=123456 (1) EXPAND %{Foreach-Variable-0} (1) --> 250=123456 (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) update request { (1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1} (1) --> BroadSoft-Attr-250 (1) EXPAND %{2} (1) --> 123456 (1) BroadSoft-Attr-250 += "123456" (1) } # update request = noop (1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop (1) # Foreach-Variable-0 = "260=false" (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) EXPAND Foreach-Variable-0 (1) --> 260=false (1) EXPAND %{Foreach-Variable-0} (1) --> 260=false (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) -> TRUE (1) if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) { (1) update request { (1) EXPAND %{vendor:Broadsoft-Attr-255}-Attr-%{1} (1) --> BroadSoft-Attr-260 (1) EXPAND %{2} (1) --> false (1) BroadSoft-Attr-260 += "false" (1) } # update request = noop (1) } # if ("%{Foreach-Variable-0}" =~ /^([0-9]+)=(.*)$/) = noop (1) } # foreach &BroadSoft-Attr-255 = noop (1) update { (1) Attributes matching "request:" (1) &request:User-Name = foo (1) &request:User-Password = bar (1) &request:NAS-IP-Address = 127.0.0.1 (1) &request:NAS-Port = 0 (1) &request:Message-Authenticator = 0x16c9d85342f767d7ebc5332ba54e9156 (1) &request:BroadSoft-Attr-255 += 250=123456 (1) &request:BroadSoft-Attr-255 += 260=false (1) &request:BWAS-Call-Center-Forced-Forwarding-Act-Result += 123456 (1) &request:BWAS-CB-Deactivation-Fac-Result += false (1) EXPAND %{debug_attr:request:} (1) --> (1) Tmp-String-0 := "" (1) } # update = noop (1) } # authorize = noop Lots of changes though, and relaxation of allowed attribute number ranges for VSAs so probably not a good idea to merge it in to v3.0.x. Hopefully we can fix foreach to provide full attribute references with &Foreach-Variable-N, instead of just the string value. Then re-encoding for proxying would be fairly trivial: update request { BroadSoft-Attr-255 !* ANY } foreach &request: { if (("%{vendor:&Foreach-Variable-0}" == 'BroadSoft') && ("%{attr_num:&Foreach-Variable-0}" > 255)) { update { Broadsoft-Attr-255 += "%{attr_num:&Foreach-Variable-0}=%{Foreach-Variable-0}" } } } Same would work for Cisco-AVPairs. Decode/Encode process could be wrapped in some policies shipped with the server. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2