Rewrite Rule

Nathan Ward lists+freeradius at daork.net
Thu Nov 1 03:25:25 CET 2018


> On 1/11/2018, at 3:04 PM, Maile Halatuituia <maile.halatuituia at tcc.to> wrote:
> 
> Hi Nathan
> Yes you right .
> I have this situation to be exact.
> 
> MSAN ------------ BRAS (Cisco) ---------- Freeradius Server (Acct+Auth)
> I will refer to me Freeradius Server as Radius for short.
> 
> Right now I have IPv4 only which i received this standard attribute (Acct-Input-Octets) from my BRAS on my Radius server. Upon receive a perl module process that attribute to store on local mysql server DB on the same server above.
> 
> Before asking the question I enabe ipv6 as well alongside ipv4 where now I have dual stack working perfectly. Still I continue to recives the same standard attribute above (Acct-Input-Octets) which contain the count for both the ipv4 and ipv6 according the ietf RFC 2866.
> 
> Now I also enable the Cisco command to receive also the Cisco AVP attribute (acct-input-octets-ipv6) in the format  mentioned on my previous email (Cisco-AVPair = "acct-input-octets-ipv6=xxx)" I want to process that in addition to my standard counter so I can know how much ipv6 traffic to each customer compare to its ipv4 traffic.
> 
> Because Radius doesn't understand that Cisco thing I need to rewrite that specific Cisco thing upon receiving the request packet from BRAS on the preacct module on my default server config before it can be processed......
> 
> That’s why I do that regex thing and I am still asking for help regarding it.
> 
> I hope I express my situation more clear. Please let me know

OK,

So, how do you call your perl module? Can the perl module look for that information for you?

FreeRADIUS only deals with attributes defined in the dictionaries.

*IF* your perl module cannot deal with the Cisco-AVPair attributes, you could re-write it to Tmp-Integer-0, or similar - that is an attribute that is already defined.
Note that you will need to use the “integer" expansion (see https://freeradius.org/radiusd/man/unlang.html <https://freeradius.org/radiusd/man/unlang.html>), as group 2 of your regex is a string.

I say IF in big letters here - perl is fine at handling this stuff, if you’re already sending everything to perl, and if you’re going to have to make changes to it to handle this new attribute anyway, why not do all of this in perl?

(Perl is, of course, slow. However on smaller networks it will be fine).



NOTE - you *still* need to fix your regex, as it is broken. Please see my email from last week for information on doing that.

--
Nathan Ward



More information about the Freeradius-Users mailing list