IP Addr Comparison

Sat Jun 1 16:18:04 UTC 2024

Hmm. Probably it won't work due to the remark about the users file, however looking at the example, wouldn't you need to try 192.168.8/22 instead of 192.168.8.0/22?

El 1 de junio de 2024 17:55:45 CEST, BOUILLOUD Corentin <cbouilloud at systra.com> escribió:
>Error remains the same with net mask in quotes.
>
>11-22-33-44-55-66       NAS-IP-Address < "192.168.8.0/22"
>/etc/freeradius/3.0/authorized_macs[10]: Parse error (check) for entry 11-22-33-44-55-66: Invalid IPv4 mask length "/22".  Only "/32" permitted for non-prefix types.
>
>I guess I will use regex while waiting for v4.0 then :D
>Thanks nonetheless.
>
>Corentin BOUILLOUD
>
>-----Message d'origine-----
>De : Alan DeKok <aland at deployingradius.com>
>Envoyé : vendredi 31 mai 2024 17:05
>À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Objet : Re: IP Addr Comparison
>
>On May 31, 2024, at 10:48 AM, BOUILLOUD Corentin <cbouilloud at systra.com> wrote:
>> I would like to ask your help about IP address comparisons in FreeRADIUS 3.0.27.
>> I want to restrict a mac-address to a network, but comparison of ip address with a subnet doesn't seems to work as a check items :
>>
>> 11-22-33-44-55-66       NAS-IP-Address < 192.168.8.0/22
>> /etc/freeradius/3.0/authorized_macs[10]: Parse error (check) for entry 11-22-33-44-55-66: Invalid IPv4 mask length "/22".  Only "/32" permitted for non-prefix types
>
>  Try putting the net mask in quotes.
>
>        11-22-33-44-55-66       NAS-IP-Address < "192.168.8.0/22"
>
>> Yet, documentation says it should be possible.
>>
>> "The syntax allows conditions such as 192.0.2.1 < 192.0.2/24.
>> This condition will return true, as the IP address 192.0.2.1' is within the network `192.0.2/24."
>
>  Unfortunately the unlang parsing is slightly different from (and more capable than) the "users" file parsing.
>
>> I also tried casting the attribute, without success :
>>
>> 11-22-33-44-55-66       <ipaddr>NAS-IP-Address < "192.168.8.0/22"
>> /etc/freeradius/3.0/authorized_macs[10]: Parse error (check) for entry 11-22-33-44-55-66: Invalid attribute name
>
>  The "users" file parsing doesn't support casting.
>
>  We're fixing that in v4 (of course).
>
>> Do user files have a different behaviour for comparisons and casting ?
>
>  Yes.
>
>> I could use regex as a backup solution but it's quickly going to get difficult to read in the file :
>>
>> 11-22-33-44-55-66      NAS-IP-Address =~ "/^192\.168\.(8|9|10|11)\./"
>
>  Or, just put the address/mask into quotes.
>
>  Alan DeKok.
>
>
>========================================================
>This message has been scanned for malware. This message and any attachments (the "message") are confidential, intended solely for the addressees, and may contain legally privileged information. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither our company or any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
>=========================================================
>Ce message a ete verifie et ne contient pas de programme malveillant. Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et susceptibles de contenir des informations couvertes par le secret professionnel. Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite. Tout message electronique est susceptible d'alteration. Notre societe et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme falsifie. O
>=========================================================
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html