Standardised JSON VP list format

Brian Candler B.Candler at
Tue Nov 8 16:30:22 CET 2011

On Tue, Nov 08, 2011 at 01:32:12PM +0100, Arran Cudbard-Bell wrote:
>    I'm proposing the following JSON structures for VP lists being sent
>    from and parsed by FreeRADIUS. If anyone has any suggestions regarding
>    other fields they'd like to see included, let me know.

I think we should keep it simple, and I would also like to see it
symmetrical for data in and out of a module.

If a regular FreeRadius output has

    Service-Type = Framed-User
    Framed-Protocol = PPP

then a starting point would be:

   {"Service-Type": "Framed-User",
    "Framed-Protocol": "PPP"}

That is, I don't see a need to include an explicit Type, since the receiver
will presumably have a dictionary; and the value can be whatever format is
used when FreeRadius normally inputs or outputs a string of that type (e.g.
radclient, rlm_sql etc)

Then there is the requirement for keeping ordering between repeated
attributes.  Simple options like

   [{"Service-Type": "Framed-User"},
    {"Framed-Protocol": "PPP"},
    {"Reply-Message": "Foo"},
    {"Reply-Message": "Bar"}]

   [["Service-Type": "Framed-User"],
    ["Framed-Protocol": "PPP"],
    ["Reply-Message": "Foo"],
    ["Reply-Message": "Bar"]]

are direct but inconvenient when you want to look up the value for a
particular attribute.  So I would go as you suggest:


Aside: it would be convenient to permit modules which generate this format
to be allowed to omit the [array] for single-valued attributes.  But the
above would be the normalised form which FreeRadius itself would always

>    Inbound (response):

RADIUS packets themselves of course don't include "+=" or ":=" or "=", but
I guess this format needs to work for internal communication between modules
and FR.

So there are several options I can think of:

#5 - Non-extensible
  {"Service-Type": [{"+=": "Framed-User"}],
   "Framed-Protocol": [{":=": "PPP"}]},
   "Reply-Message": [{"+=": "Foo"}, {"+=": "Bar"}]}

#6 - Verbose but extensible
  {"Service-Type": [{"op":"+=","value":"Framed-User"}],
   "Framed-Protocol": [{"op":":=","value":"PPP"}]}
   "Reply-Message": [{"op":"+=","value":"Foo"}, {"op":"+=","value":"Bar"}]}

5 and 6 are butt-ugly and should be discounted for that reason alone.

#7 - Like #3 with third value. Missing third value implies "+="

  [["Service-Type", "Framed-User", "+="],
   ["Framed-Protocol", "PPP", ":="],
   ["Reply-Message", "Foo", "+="],
   ["Reply-Message", "Bar", "+="]]

Easy to use when generating responses, but I hate the asymmetry with #4.

So how about including the update operator in the label?

  {"Service-Type+=": "Framed-User",
   "Framed-Protocol:=": "PPP",
   "Reply-Message+=": ["Foo","Bar"]}

So basically, "+=" would always add (and is perhaps the default?), ":="
would always erase the list first and then add, and = would do nothing if
the attribute already exists.  And so


could be used to remove an attribute; perhaps also value null could do that.

Finally, I'd also like to be able to update request/control/reply lists in
one go, and the simplest way I can think of is:

  {"request:Huntgroup-Name:=", "Foo",
   "reply:Framed-Protocol+=", "PPP"}

The list: prefix would be optional and could be implied from context
normally (e.g. default to request: list for queries and reply: for

Final idea: if you want the labels to be easier to parse, split them on a
character which is unlikely to occur.

  {"request|Huntgroup-Name|:=", "Foo",
   "reply|Framed-Protocol|+=", "PPP"}

Just a few random thoughts :-)



More information about the Freeradius-Devel mailing list