Cisco-AVPair regex

Kylián Martin kylianm at plzen.eu
Fri Jul 14 15:22:02 CEST 2017 

Hi all,
I'm trying to save some of the Cisco-AVPair attributes into sql while acounting. Specifically, I'm interested in the dhcp-options and http-tlv attributes. WLC describes the connected device in these.

Unfortunately, Freeradius 3.12 expands these values unregexable way.
(With_cisco_vsa_hack = yes in preprocess the result is the same)
Correctly expanded is just Cisco-AVPair = "audit-session-id=1ef1a8c000014809cba76859"


Policy file:

device_regex = '^((dhcp-option=)|(http-tlv=)){1}([\\].{2,5})([\\].{2,5})([\\].{3})([\\].{3})?(.*)'
()


fill_device_type {
        if (&Cisco-AVPair) {
                foreach &Cisco-AVPair {
                        if ("%{Foreach-Variable-0}" =~ /${policy.device_regex}/i) {
                                update request {
                                        &Calling-Device += "%{8} "
                                }
                        }
                }
        }
}

Processing:

(98) Received Accounting-Request Id 28 from 192.168.241.30:57614 to 172.31.12.101:1813 length 482
(98)   User-Name = "martin"
(98)   NAS-Port = 8
(98)   NAS-IP-Address = 192.168.241.30
(98)   Framed-IP-Address = 10.252.136.9
(98)   Framed-IPv6-Prefix = 2a07:8d84:800:325f::/64
(98)   Framed-IPv6-Prefix = 2a07:8d84:800:325f::/64
(98)   Framed-IPv6-Prefix = 2a07:8d84:800:325f::/64
(98)   Framed-IPv6-Prefix = 2a07:8d84:800:325f::/64
(98)   Framed-IPv6-Prefix = 2a07:8d84:800:325f::/64
(98)   Framed-IPv6-Prefix = fe80::/64
(98)   NAS-Identifier = "d4-wlc5520"
(98)   Airespace-Wlan-Id = 20
(98)   Acct-Session-Id = "5968a7cb/34:ab:37:ed:a2:bb/90671"
(98)   NAS-Port-Type = Wireless-802.11
(98)   Cisco-AVPair = "audit-session-id=1ef1a8c000014809cba76859"
(98)   Acct-Authentic = RADIUS
(98)   Tunnel-Type:0 = VLAN
(98)   Tunnel-Medium-Type:0 = IEEE-802
(98)   Tunnel-Private-Group-Id:0 = "595"
(98)   Event-Timestamp = "Jul 14 2017 14:47:01 CEST"


(98)   Cisco-AVPair = "dhcp-option=\000\014\000\0056spMK"
(98)   Cisco-AVPair = "http-tlv=\000\001\000\030iPhone8,2/10.3.2 (14F89)"

How to regex these ?


(98)   Acct-Status-Type = Interim-Update
(98)   Acct-Input-Octets = 699538
(98)   Acct-Input-Gigawords = 0
(98)   Acct-Output-Octets = 2957172
(98)   Acct-Output-Gigawords = 0
(98)   Acct-Input-Packets = 5974
(98)   Acct-Output-Packets = 5319
(98)   Acct-Session-Time = 5494
(98)   Acct-Delay-Time = 0
(98)   Calling-Station-Id = "34-ab-37-ed-a2-bb"
(98)   Called-Station-Id = "d4-air1702-ap-1:UI MK tst"
(98) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default
(98)   preacct {
(98)     [preprocess] = ok
(98)     policy rewrite_called_station_id {
(98)       if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(98)       if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))  -> FALSE
(98)       elsif (&Called-Station-Id && (&Called-Station-Id =~ /^(.+)(:){1}((.+))?$/i)) {
(98)       elsif (&Called-Station-Id && (&Called-Station-Id =~ /^(.+)(:){1}((.+))?$/i))  -> TRUE
(98)       elsif (&Called-Station-Id && (&Called-Station-Id =~ /^(.+)(:){1}((.+))?$/i))  {
(98)         update request {
(98)           EXPAND %{1}
(98)              --> d4-air1702-ap-1
(98)           &Called-Station-Id := d4-air1702-ap-1
(98)           EXPAND %{3}
(98)              --> UI MK tst
(98)           &Called-Station-SSID := UI MK tst
(98)         } # update request = noop
(98)         [updated] = updated
(98)       } # elsif (&Called-Station-Id && (&Called-Station-Id =~ /^(.+)(:){1}((.+))?$/i))  = updated
(98)       ... skipping else: Preceding "if" was taken
(98)     } # policy rewrite_called_station_id = updated
(98)     policy fill_device_type {
(98)       if (&Cisco-AVPair) {
(98)       if (&Cisco-AVPair)  -> TRUE
(98)       if (&Cisco-AVPair)  {
(98)         foreach &Cisco-AVPair
(98)           if ("%{Foreach-Variable-0}" =~ /^((dhcp-option=)|(http-tlv=)){1}([\\].{2,5})([\\].{2,5})([\\].{3})([\\].{3})?(.*)/i) {
(98)           EXPAND Foreach-Variable-0
(98)              --> audit-session-id=1ef1a8c000014809cba76859
(98)           EXPAND %{Foreach-Variable-0}
(98)              --> audit-session-id=1ef1a8c000014809cba76859
(98)           if ("%{Foreach-Variable-0}" =~ /^((dhcp-option=)|(http-tlv=)){1}([\\].{2,5})([\\].{2,5})([\\].{3})([\\].{3})?(.*)/i)  -> FALSE
(98)           if ("%{Foreach-Variable-0}" =~ /^((dhcp-option=)|(http-tlv=)){1}([\\].{2,5})([\\].{2,5})([\\].{3})([\\].{3})?(.*)/i) {
(98)           EXPAND Foreach-Variable-0
(98)              --> dhcp-option=
(98)           EXPAND %{Foreach-Variable-0}
(98)              --> dhcp-option=
(98)           if ("%{Foreach-Variable-0}" =~ /^((dhcp-option=)|(http-tlv=)){1}([\\].{2,5})([\\].{2,5})([\\].{3})([\\].{3})?(.*)/i)  -> FALSE
(98)           if ("%{Foreach-Variable-0}" =~ /^((dhcp-option=)|(http-tlv=)){1}([\\].{2,5})([\\].{2,5})([\\].{3})([\\].{3})?(.*)/i) {
(98)           EXPAND Foreach-Variable-0
(98)              --> http-tlv=
(98)           EXPAND %{Foreach-Variable-0}
(98)              --> http-tlv=

Both attributes are expanded till first whitespace char

(98)           if ("%{Foreach-Variable-0}" =~ /^((dhcp-option=)|(http-tlv=)){1}([\\].{2,5})([\\].{2,5})([\\].{3})([\\].{3})?(.*)/i)  -> FALSE
(98)         } # foreach &Cisco-AVPair = updated
(98)       } # if (&Cisco-AVPair)  = updated

How to get  text values following whitespaces? 
I've  already tried                        if ("unescape:%{Foreach-Variable-0}" =~ /${policy.device_regex}/i)  with no luck


Martin Kylián

More information about the Freeradius-Users mailing list