Proxy / reply translation
Richard J Palmer
richard at merula.net
Sat Nov 11 19:36:34 CET 2017
Hi
Sorry for the delay. I am getting close with this I think... BUT
something seems to be slightly wrong.
Happy to post a full log as needed - BUT I hope the bit I need is
here:
(2) sql1: Framed-Route = ""
(2) sql1: Framed-IP-Address = 1.2.3.1
(2) sql1: Framed-IP-Netmask = 255.255.255.248
(2) sql1: Cisco-AVPair += "ip:route=1.2.3.0 255.255.255.248"
(2) sql1: Filter-Id = "P"
(2) sql1: Chargeable-User-Identity = "richard2"
<group SQL statements>
(2) sql1: Group "Hotspot": Merging reply items
(2) sql1: Acct-Interim-Interval = 600
(2) [sql1] = ok
(2) } # redundant = ok
(2) policy rewrite_routes {
(2) if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
(2) ERROR: Failed retrieving values required to evaluate
condition
(2) } # policy rewrite_routes = ok
(2) Login OK: [richard2] (from client local port 1)
(2) Sent Access-Accept Id 69 from 127.0.0.1:1645 to 127.0.0.1:48919
length 0
(2) Framed-IP-Address = 1.2.3.1
(2) Framed-IP-Netmask = 255.255.255.248
(2) Cisco-AVPair = "ip:route=1.2.3.0 255.255.255.248"
(2) Filter-Id = "P"
(2) Chargeable-User-Identity = "richard2"
(2) Acct-Interim-Interval = 600
(2) Finished request
In my authorise section I have placed:
redundant {
sql1
sql2
handled
}
# -sql
rewrite_routes
(The other sections are there - this is just to show where what I hope
is relevant. The code itself is based on the code provided below
rewrite_routes {
if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
switch "%{2}" {
case "255.255.255.255" {
update reply {
Framed-Route = "%{1}/32"
}
}
case "255.255.255.254" {
update reply {
Framed-Route = "%{1}/31"
}
}
and so on (it is in the policy.d folder)
I am aware the key to this is the error
(2) ERROR: Failed retrieving values required to evaluate
condition
What I am unclear about is why this is failing / and what I have done
wrong here to cause this. If you can give me one more pointer here I'd
appreciate it
More than happy to send any of the extra config or log as needed
Thanks in advance
Richard
On Thursday 09/11/2017 at 1:35 pm, Alan DeKok wrote:
> On Nov 9, 2017, at 8:19 AM, Richard J Palmer <richard at merula.net>
> wrote:
>>
>> This is where my skills are not great (regex) most other areas I can
>> work with. Ultimately I am happy to pay someone to help write the
>> little bit of code that does this. I do need to cope with Netmasks
>> from /32 to /24 so a few switch cases.
>
> It shouldn't be difficult.
>
>>
>> Alternatively if someone can provide a few pointers on that bit I can
>> probably build from there.
>
> If you have:
>
>>
>>>
>>>>
>>>> Cisco-AVPair = "ip:route=1.2.3.1 255.255.255.240"
>
> Step 1, split it into pieces:
>
> if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
>
> This matches the "ip:route" prefix. It then matches non-space
> data, then a space, and more non-space data. As per the FR
> documentation, the first match goes into %{1}, and the second into
> %{2}.
>
> As there are only a limited number of net masks, you can expand the
> net mask, and switch over it (inside of the "if" block from above)
>
> switch "%{2}" {
> case "255.255.255.255" {
> update reply {
> Framed-Route = "%{1}/32"
> }
> }
>
> case "255.255.255.254" {
> update reply {
> Framed-Route = "%{1}/31"
> }
> }
>
> case "255.255.255.252" {
> update reply {
> Framed-Route = "%{1}/30"
> }
> }
>
> ... etc...
>
> # and the "catch all" case, just mash it to /28
> case {
> update reply {
> Framed-Route = "%{1}/28"
> }
> }
> }
>
> A little verbose, but it should work.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list