Vendor Extended attributes for freeradius dictionary acme

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Vendor Extended attributes for freeradius dictionary acme

Bill Schartner
Hello,
     I am running freeradius 3.0.13 and recently upgraded from 2.2.6 in order to use the extended attributes as specified in RFC6929. I have the new radius working fine.

    Oracle has defined a new VSA attribute with number 249 for the acme dictionary and some additional extended attributes to address avp depletion in the dictionary.    It looks like the acme dictionary for freeradius is not up to date so we may need to eventually resync them.

What I am trying to do is add VSA 249 to the acme dictionary as type evs and then add 14 additional attributes to an additional file called dictionary.acme.extended.
I'm not sure if this is the right procedure.

These additional attributes I plan to add to the dictionary.acme.extended file:

AVP-Name VSA Id number x-attr-type Version
--------------------------------------------------------------
Acme-PGW-IP-Address 249 1 1
Acme-SGW-IP-Address 249 2 1
Acme-Visited-Network-Identifier 249 3 1
Acme-Originating-IOI 249 4 1
Acme-Terminating-IOI 249 5 1
Acme-IMSI 249 6 1
Acme-IMEI 249 7 1
Acme-History-Info 249 8 1
Acme-Node-Functionality 249 9 1
Acme-SMS-Message-Type 249 10 1
Acme-SMS-Calling-partynumber 249 11 1
Acme-SMS-Called-partynumber 249 12 1
Acme-Message-Length 249 13 1
Acme-SMS-Timestamp 249 14 1

Any help is greatly appreciated.
Thanks


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Vendor Extended attributes for freeradius dictionary acme

Alan DeKok-2
On Jan 7, 2020, at 9:57 PM, Bill Schartner <[hidden email]> wrote:
>     I am running freeradius 3.0.13 and recently upgraded from 2.2.6 in order to use the extended attributes as specified in RFC6929. I have the new radius working fine.

  That's good.  I would recommend upgrading to 3.0.20, though.  IIRC it has some fixes for encoding / decoding of extended attributes.

>    Oracle has defined a new VSA attribute with number 249 for the acme dictionary and some additional extended attributes to address avp depletion in the dictionary.    It looks like the acme dictionary for freeradius is not up to date so we may need to eventually resync them.

  That would be good.

> What I am trying to do is add VSA 249 to the acme dictionary as type evs and then add 14 additional attributes to an additional file called dictionary.acme.extended.
> I'm not sure if this is the right procedure.

  You can't create a VSA and give it type "evs" or "extended".  RFC 6929 forbids that.  If you try to create a vendor dictionary using the "evs" data type, the server will complain and disallow it.

  You have to define a new vendor space.  See https://tools.ietf.org/html/rfc6929#section-4

  i.e. If the old vendor space was: 26.9148.*, the new one is 241.26.9148.*, and 242.26.9148.*, etc.

  RFC 6929 does not extend the existing VSA space.  It creates *new* VSA spaces which are located outside of the existing "Vendor-Specific" VSA space.

  Unfortunately, the format of the new dictionaries is documented only in the code.  I'll see if I can fix that before the next release.

  You should dictionary which looks like this:

BEGIN-VENDOR Acme format=Extended-Vendor-Specific-1
ATTRIBUTE Acme-PGW-IP-Address 1 integer
ATTRIBUTE Acme-SGW-IP-Address 2 integer
...
END-VENDOR Acme

  That defines Acme-PGW-IP-Address has having OID 241.26.9148.1.  The attribute encoding is:

- one byte of 241
- one byte of length (12)
- one byte of 26
- four bytes of 9148 in network byte order
- one byte of 1
- 4 bytes of the integer value

  If you want to use more VSAs, you need to define more VSA spaces:

BEGIN-VENDOR Acme format=Extended-Vendor-Specific-2
...
END-VENDOR

BEGIN-VENDOR Acme format=Extended-Vendor-Specific-3
...
END-VENDOR

  It's not trivial, but it's the end result of ~6 years of arguing in the IETF.  It's the best solution we could come up with.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html