Matching a prefix in huntgroups file
Alan DeKok
aland at deployingradius.com
Wed Nov 9 17:30:32 CET 2016
On Nov 9, 2016, at 10:24 AM, Herwin Weststrate <herwin at quarantainenet.nl> wrote:
> I'm not really sure how the config parser works,
Badly. :( It's a recursive descent parser, with minimal local awareness.
> but are we really
> limited to some special chars for tokens? You can make it a bit more
> verbose (and way less ambiguous) with syntax like this:
>
> if (&NAS-IP-Address cidr_contained_in 10.254.0.0/16) { ... }
>
> if (10.254.0.0/16 cidr_contains &NAS-IP-Address) { ... }
That would work, *if* you can tell that what data types are being used.
For the first example, it works. Unless the attribute is defined at run-time (e.g. LDAP-Group), in which case it gets more complex.
For the second example, you have to guess that the LHS is a CIDR? Parsing random strings *correctly* is hard.
Alan DeKok.
More information about the Freeradius-Users
mailing list