1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
# All attribute lengths are implicit, and are calculated automatically
#
# Input is of the form:
#
# WORD ...
#
# The WORD is a keyword which indicates the format of the following text.
# WORD is one of:
#
# raw - read the grammar defined below, and encode an attribute.
# The grammar supports a trivial way of describing RADIUS
# attributes, without reference to dictionaries or fancy
# parsers
#
# encode - reads "Attribute-Name = value", encodes it, and prints
# the result as text.
# use "-" to encode the output of the last command
#
# decode - reads hex, and decodes it "Attribute-Name = value"
# use "-" to decode the output of the last command
#
# data - the expected output of the previous command, in ASCII form.
# if the actual command output is different, an error message
# is produced, and the program terminates.
#
#
# The "raw" input satisfies the following grammar:
#
# Identifier = 1*DIGIT *( "." 1*DIGIT )
#
# HEXCHAR = HEXDIG HEXDIG
#
# STRING = DQUOTE *CHAR DQUOTE
#
# TLV = "{" 1*DIGIT DATA "}"
#
# DATA = 1*HEXCHAR / 1*TLV / STRING
#
# LINE = Identifier DATA
#
# The "Identifier" is a RADIUS attribute identifier, as given in the draft.
#
# e.g. 1 for User-Name
# 26.9.1 Vendor-Specific, Cisco, Cisco-AVPAir
# 241.1 Extended Attribute, number 1
# 241.2.3 Extended Attribute 2, data type TLV, TLV type 3
# etc.
#
# The "DATA" portion is the contents of the RADIUS Attribute.
#
# 123456789abcdef hex string
# 12 34 56 ab with spaces for clarity
# "hello" Text string
# { 1 abcdef } TLV, TLV-Type 1, data "abcdef"
#
# TLVs can be nested:
#
# { tlv-type { tlv-type data } } { 3 { 4 01020304 } }
#
# TLVs can be concatencated
#
# {tlv-type data } { tlv-type data} { 3 040506 } { 8 aabbcc }
#
# The "raw" data is encoded without reference to dictionaries. Any
# valid string is parsed to a RADIUS attribute. The resulting RADIUS
# attribute *may not* be correctly formatted to the relevant RADIUS
# specifications. i.e. you can use this tool to create attribute 1
# (User-Name), which is encoded as a series of TLVs. That's up to you.
#
# The purpose of the "raw" command is to have a simple way of encoding
# attributes which is independent of any dictionaries or packet processing
# routines.
#
# The output data is the hex version of the encoded attribute.
#
encode User-Name = "bob"
data 01 05 62 6f 62
decode -
data User-Name = "bob"
decode 01 05 62 6f 62
data User-Name = "bob"
#
# The Type/Length is OK, but the attribute data is of the wrong size.
#
decode 04 04 ab cd
data Attr-4 = 0xabcd
# Zero-length attributes
decode 01 02
data
# don't encode zero-length attributes
encode User-Name = ""
data
# except for CUI. Thank you, WiMAX!
decode 59 02
data Chargeable-User-Identity = 0x
# Hah! Thought you had it figured out, didn't you?
encode -
data 59 02
attribute Framed-IP-Address = 127.0.0.1/32
data Framed-IP-Address = 127.0.0.1
attribute Framed-IP-Address = 127.0.0.1/323
data Invalid IPv4 mask length "/323". Should be between 0-32
attribute Framed-IP-Address = 127.0.0.1/30
data Invalid IPv4 mask length "/30". Only "/32" permitted for non-prefix types
attribute Framed-IP-Address = *
data Framed-IP-Address = 0.0.0.0
attribute Framed-IP-Address = 127
data Framed-IP-Address = 0.0.0.127
attribute Framed-IP-Address = 127.0
data Framed-IP-Address = 127.0.0.0
attribute Framed-IPv6-Prefix = ::1
data Framed-IPv6-Prefix = ::1/128
attribute Framed-IPv6-Prefix = ::1/200
data Invalid IPv6 mask length "/200". Should be between 0-128
attribute Framed-IPv6-Prefix = ::1/200
data Invalid IPv6 mask length "/200". Should be between 0-128
attribute Framed-IPv6-Prefix = 11:22:33:44:55:66:77:88/128
data Framed-IPv6-Prefix = 11:22:33:44:55:66:77:88/128
attribute Framed-IPv6-Prefix = *
data Framed-IPv6-Prefix = ::/128
attribute PMIP6-Home-IPv4-HoA = 127/8
data PMIP6-Home-IPv4-HoA = 127.0.0.0/8
attribute PMIP6-Home-IPv4-HoA = 127/8
data PMIP6-Home-IPv4-HoA = 127.0.0.0/8
#
# Octets outside of the mask are OK, but
# are mashed to zero.
#
attribute PMIP6-Home-IPv4-HoA = 127.63/8
data PMIP6-Home-IPv4-HoA = 127.0.0.0/8
#
# Unless you give a good mask.
#
attribute PMIP6-Home-IPv4-HoA = 127.63/16
data PMIP6-Home-IPv4-HoA = 127.63.0.0/16
attribute PMIP6-Home-IPv4-HoA = 127.999/16
data Failed to parse IPv4 address string "127.999/16"
attribute PMIP6-Home-IPv4-HoA = 127.bob/16
data Failed to parse IPv4 address string "127.bob/16"
attribute PMIP6-Home-IPv4-HoA = 127.63/15
data PMIP6-Home-IPv4-HoA = 127.62.0.0/15
attribute PMIP6-Home-IPv4-HoA = 127.63.1/24
data PMIP6-Home-IPv4-HoA = 127.63.1.0/24
attribute PMIP6-Home-IPv4-HoA = 127.63.1.6
data PMIP6-Home-IPv4-HoA = 127.63.1.6/32
attribute PMIP6-Home-IPv4-HoA = 256/8
data Failed to parse IPv4 address string "256/8"
attribute PMIP6-Home-IPv4-HoA = bob/8
data Failed to parse IPv4 address string "bob/8"
#
# A "concat" attribute, with no data
#
decode 89 02
data PKM-SS-Cert = 0x
#
# The configuration can use the old names, but they
# get automatically converted to the new names.
#
attribute User-Service-Type = 1
data Service-Type = Login-User
#
# Or with weirdly formatted data
#
decode 89 03 ff 89 02 89 03 fe
data PKM-SS-Cert = 0xfffe
$INCLUDE tunnel.txt
$INCLUDE errors.txt
$INCLUDE extended.txt
$INCLUDE lucent.txt
$INCLUDE wimax.txt
|