Matching a prefix in huntgroups file

Alan DeKok aland at
Wed Nov 9 17:30:32 CET 2016

On Nov 9, 2016, at 10:24 AM, Herwin Weststrate <herwin at> wrote:
> I'm not really sure how the config parser works,

  Badly. :(  It's a recursive descent parser, with minimal local awareness.

> but are we really
> limited to some special chars for tokens? You can make it a bit more
> verbose (and way less ambiguous) with syntax like this:
>  if (&NAS-IP-Address cidr_contained_in { ... }
>  if ( cidr_contains &NAS-IP-Address) { ... }

  That would work, *if* you can tell that what data types are being used.

  For the first example, it works.  Unless the attribute is defined at run-time (e.g. LDAP-Group), in which case it gets more complex.

  For the second example, you have to guess that the LHS is a CIDR?  Parsing random strings *correctly* is hard.

  Alan DeKok.

More information about the Freeradius-Users mailing list