No subject
Alan DeKok
aland at deployingradius.com
Wed Nov 24 23:15:53 CET 2021
On Nov 24, 2021, at 4:48 PM, Giedrius Baronas <g.baronas at gmail.com> wrote:
> I read a manual about comparisons. If I write IP without network mask then
> it works but if IP with mask I get error
> Maybe who sees where I make a mistake?
You're doing a few things wrong.
> From https://freeradius.org/radiusd/man/unlang.txt
>
> Comparisons
> (foo == bar) Compares 'foo' to 'bar', and evaluates to true
> if the comparison holds true. Valid comparison operators are
> "==", "!=", "<", "<=", ">", ">=", "=~", and "!~", all with their
> usual meanings. The operators ":=" and "=" are assignment oper-
> ators, and are not allowed for comparisons.
That's all true.
> The operators "<", "<=", ">", and ">=" are also allowed for
> checking that an IP address is contained within a network.
Note: there's no "==" here.
> For
> example: if (<ipaddr>192.0.2.1 < 192.0.2.0/24) { This com-
> parison succeeds, because the address 192.0.2.1 is contained
> within the network 192.0.2.0/24.
That's true, too. Once the parser knows that a particular thing is an IP address, it can automatically determine IP address / prefix.
> My debug:
> Wed Nov 24 21:35:27 2021 : Debug: (1) if ( <ipaddr>NAS-IP-Address
> == 192.0.2.0/24 ){Wed Nov 24 21:35:27 2021 : ERROR: (1) Failed
> casting rhs operand: Invalid IPv4 mask length "/24". Only "/32"
> permitted for non-prefix typesWed Nov 24 21:35:27 2021 : ERROR: (1)
> Failed retrieving values required to evaluate condition
After some cleanup for formatting:
if ( <ipaddr>NAS-IP-Address == 192.0.2.0/24 ) {
* NAS-IP-Address is already "ipaddr" type. You don't need to cast it to "ipaddr" again.
* the "==" operator is not allowed for doing range comparisons.
The solution is to just do this:
if (NAS-IP-Address < 192.0.2.0/24 ) {
That checks if the NAS IP address is within the network.
Alan DeKok.
More information about the Freeradius-Users
mailing list