acouzens
/
open5gs
1
0
Fork 1
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Braid: Add mirror 'lib/freeDiameter' at 'bf79bb4'

This commit is contained in:
Sukchan Lee 2017-02-17 22:56:41 +09:00
parent a9a9ea92dc
commit 719fe0196d
433 changed files with 126191 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.braids Normal file
View File

@ -0,0 +1,9 @@
{
"lib/freeDiameter": {
"url": "https://github.com/Metaswitch/freeDiameter.git",
"remote": "master/braid/lib/freeDiameter",
"branch": "master",
"squashed": true,
"revision": "bf79bb4fa239459ae7946f9250604a625f6db470"
}
}

12
lib/freeDiameter/.hgignore Normal file
View File

@ -0,0 +1,12 @@
syntax: glob
*.orig
*.rej
*~
*.log
*.sum
.hg
build*
test.*
GPATH
GRTAGS
GTAGS

104
lib/freeDiameter/CMakeLists.txt Normal file
View File

@ -0,0 +1,104 @@
# This file is the source for generating the Makefile for the project, using cmake tool (cmake.org)
# Name of the project
PROJECT("freeDiameter")
# Informations to display in daemon's help
SET(FD_PROJECT_NAME freeDiameter CACHE STRING "Project name")
SET(FD_PROJECT_BINARY freeDiameterd)
SET(FD_PROJECT_COPYRIGHT "Copyright (c) 2008-2013, WIDE Project (www.wide.ad.jp) and NICT (www.nict.go.jp)")
SET(FD_PROJECT_VENDOR_ID 0 CACHE STRING "Project vendor ID")
# Version of the source code
SET(FD_PROJECT_VERSION_MAJOR 1)
SET(FD_PROJECT_VERSION_MINOR 2)
SET(FD_PROJECT_VERSION_REV 0)
# Version of the API with the library
SET(FD_PROJECT_VERSION_API 6)
# The test framework, using CTest and CDash.
INCLUDE(CTest)
# CMake version
CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
# Location of additional CMake modules
SET(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/")
# The default directories
SET(DEFAULT_CONF_PATH ${CMAKE_INSTALL_PREFIX}/etc/freeDiameter CACHE PATH "Default location of freeDiameter configuration files")
IF (NOT DEFINED LIB_INSTALL_DIR)
SET(LIB_INSTALL_DIR lib CACHE PATH "Default library path name on the system, to accomodate RPM-based systems that use lib64")
ENDIF (NOT DEFINED LIB_INSTALL_DIR)
SET(INSTALL_HEADERS_SUFFIX include/freeDiameter CACHE PATH "Directory where the headers are installed (relative to CMAKE_INSTALL_PREFIX).")
SET(INSTALL_DAEMON_SUFFIX bin CACHE PATH "Directory where the daemon binary is installed (relative to CMAKE_INSTALL_PREFIX).")
SET(INSTALL_LIBRARY_SUFFIX ${LIB_INSTALL_DIR} CACHE PATH "Directory where the freeDiameter libraries are installed (relative to CMAKE_INSTALL_PREFIX).")
SET(INSTALL_EXTENSIONS_SUFFIX ${LIB_INSTALL_DIR}/freeDiameter CACHE PATH "Directory where the extensions are installed / searched (relative to CMAKE_INSTALL_PREFIX).")
# All source code should be POSIX 200112L compatible, but some other extensions might be used, so:
ADD_DEFINITIONS(-D_GNU_SOURCE)
# Add a "Profiling" build type
# SET(CMAKE_BUILD_TYPE Profiling)
SET(CMAKE_C_FLAGS_PROFILING "-fprofile-arcs -ftest-coverage -fstack-protector -g -Wall")
# Add a "MaxPerformance" build type -- this is very silent...
# SET(CMAKE_BUILD_TYPE MaxPerformance)
SET(CMAKE_C_FLAGS_MAXPERFORMANCE "${CMAKE_C_FLAGS_RELEASE} -DSTRIP_DEBUG_CODE")
# Add a "DebianPackage" build type used when creating the Debian packages
SET(CMAKE_C_FLAGS_DEBIANPACKAGE "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
# Set the "Debug" flags
SET(CMAKE_C_FLAGS_DEBUG "-Wall -g -O0")
# Add a "DebugValgrind" build type used for checking execution with Valgrind tool
SET(CMAKE_C_FLAGS_DEBUGVALGRIND "-Wall -g -O0")
# Set the DEBUG flag for Debug and Profiling builds
IF (CMAKE_BUILD_TYPE MATCHES "Debug|Profiling|DebugValgrind")
SET(DEBUG 1)
ENDIF (CMAKE_BUILD_TYPE MATCHES "Debug|Profiling|DebugValgrind")
# some subfolders use yacc and lex parsers
SET(BISON_GENERATE_DEFINES TRUE)
SET(BISON_PREFIX_OUTPUTS TRUE)
INCLUDE(CMakeUserUseBison)
SET(FLEX_PREFIX_OUTPUTS TRUE)
INCLUDE(CMakeUserUseFlex)
IF( NOT BISON_EXECUTABLE OR NOT FLEX_EXECUTABLE )
MESSAGE( SEND_ERROR "Bison and Flex are required" )
ENDIF( NOT BISON_EXECUTABLE OR NOT FLEX_EXECUTABLE )
# Check that flex is at least 2.5.20 to support bison-bridge
# how to do the check with cmake???
# Add this to workaround an apparent bug in FreeBSD cmake (already defined in Linux)
SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "-rdynamic")
# For Darwin systems
IF(APPLE)
SET(CMAKE_SHARED_MODULE_CREATE_C_FLAGS "${CMAKE_SHARED_MODULE_CREATE_C_FLAGS} -flat_namespace -undefined dynamic_lookup")
SET(CMAKE_SHARED_MODULE_CREATE_CXX_FLAGS "${CMAKE_SHARED_MODULE_CREATE_CXX_FLAGS} -flat_namespace -undefined dynamic_lookup")
ENDIF(APPLE)
# Location for the include files
INCLUDE_DIRECTORIES(include)
INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR}/include)
SUBDIRS(include/freeDiameter)
# Location for the source code
SUBDIRS(libfdproto)
SUBDIRS(libfdcore)
SUBDIRS(freeDiameterd)
# Extensions (there is no use of freeDiameter without any extension)
SUBDIRS(extensions)
# The unary tests directory
IF ( BUILD_TESTING )
SUBDIRS(tests)
ENDIF ( BUILD_TESTING )

10
lib/freeDiameter/CTestConfig.cmake Normal file
View File

@ -0,0 +1,10 @@
# Configuration for sumitting the test result.
# Check http://www.freediameter.net/CDash for detail.
set(CTEST_PROJECT_NAME "freeDiameter")
set(CTEST_NIGHTLY_START_TIME "00:00:00 JST")
set(CTEST_DROP_METHOD "http")
set(CTEST_DROP_SITE "www.freediameter.net")
set(CTEST_DROP_LOCATION "/CDash/submit.php?project=freeDiameter")
set(CTEST_DROP_SITE_CDASH TRUE)

39
lib/freeDiameter/INSTALL Normal file
View File

@ -0,0 +1,39 @@
This package uses CMake (cmake.org) as building system. You'll need the cmake tool in order
to generate the Makefiles for your platform. You can also select which extensions must be built
with cmake. After the initial cmake configuration, you will need several tools such as make, a
C compiler (tested mostly with gcc), flex (> 2.5.4), bison, ...
You may retrieve the source package in several ways:
- as a pre-packaged version for your platform. Check the website for supported platforms.
- as a tarball containing the source.
- directly from the repository using Mercurial tool:
hg clone http://www.freediameter.net/hg/freeDiameter
In order to update later:
hg pull -u
Building in a separate directory is recommended:
# mkdir build
# cd build
# cmake ../
# make
You can pass options to instruct cmake about which components to compile on the command-line.
You can also use a CMake front-end (for example ccmake or cmake-gui).
If your cmake installation is recent, the edit_cache target is a good help as well:
# mkdir build
# cd build
# cmake ../
# make help
# make edit_cache
# make
You can disable the unit tests by doing:
# cmake -DBUILD_TESTING:BOOL=OFF ../
# make
When the tests are enabled, you can run them with:
# make test
See the INSTALL.* files for additional platform-specific information.
Note that the most up-to-date INSTALL file is the Ubuntu one. You may want to read there
in addition to your own platform file.

37
lib/freeDiameter/INSTALL.Fedora Normal file
View File

@ -0,0 +1,37 @@
### Very short install notes for Fedora (tested on Fedora 13 and 14)
# Please refer to other INSTALL files for more detailed instructions (e.g. extension-specific notes).
Dependencies on Fedora 13 (from minimal system):
# yum install cmake make gcc gcc-c++ flex bison lksctp-tools-devel gnutls-devel libgcrypt-devel libidn-devel
In addition, if you have not already retrieved the latest source:
# yum install mercurial
Following dependencies are optional, depending on which extensions you plan to compile
app_acct:
# yum install postgresql-devel
optional:
# yum install postgresql-server
app_sip:
app_diameap:
# yum install mysql-devel
optional:
# yum install mysql-server
dict_legacy_xml:
# yum install libxml2 libxml2-devel
dbg_interactive:
# yum install swig python-devel
NOTE: You may need to change something in SELinux to allow binding the SCTP socket on Diameter port.
The following command is the very naive way to do it, you can probably do better (feedback appreciated!)
# setenforce Permissive
There is currently no Fedora-specific package for freeDiameter.
You are welcome to contribute packaging scripts.
Please contact dev@freediameter.net for more details.

125
lib/freeDiameter/INSTALL.FreeBSD Normal file
View File

@ -0,0 +1,125 @@
See INSTALL file for general instructions on building freeDiameter.
------------------
QUICK INSTRUCTIONS
------------------
On FreeBSD-8.0 at least the following ports packages were required (should be same on FreeBSD-7.x):
cmake flex bison gnutls
Then the cmake command had to look like:
cmake -DFLEX_EXECUTABLE:FILEPATH=/usr/local/bin/flex -DSCTP_USE_MAPPED_ADDRESSES:BOOL=ON ...
---------------------
COMPLETE INSTRUCTIONS
---------------------
1) If you don't have freeBSD yet:
Install minimal system + ports using initial installer /usr/sbin/sysinstall
2) Install 'cmake'
a) from sources:
# cd /usr/ports/devel/cmake
# make install
b) or from package (don't forget to set your PACKAGEROOT appropriately. Ex: set PACKAGEROOT=ftp://ftp.jp.freebsd.org):
# pkg_add -v -r cmake
3) Install 'mercurial' (optional)
(replace 'cmake' by 'mercurial' in the previous command)
4) Install 'flex' and 'bison', same way.
5) Install 'gnutls' and 'libidn', same way also.
6) Retrieve freeDiameter source code:
# cd ~
# /usr/local/bin/hg clone http://www.freediameter.net/hg/freeDiameter/
6b) Make a build directory
# mkdir fD-build
# cd fD-build
7) Run cmake for freeDiameter (add other flags as you see fit, see INSTALL for more details)
# /usr/local/bin/cmake -DFLEX_EXECUTABLE:FILEPATH=/usr/local/bin/flex -DSCTP_USE_MAPPED_ADDRESSES:BOOL=ON ../freeDiameter
8) Compile, optionnaly test
# make
# make test
9) Install
# make install
10) Run (the install path can be changed during cmake step):
# /usr/local/bin/freeDiameterd --help
------------------------------
app_acct test ADDITIONAL STEPS
------------------------------
Here is additional steps in order to run the test for app_acct
1) Install the required packages
# pkg_add -v -r postgresql84-client
# pkg_add -v -r postgresql84-server
2) Prepare access to the database:
# echo postgresql_enable=YES >> /etc/rc.conf
# /usr/local/etc/rc.d/postgresql initdb
# su - pgsql
> /usr/local/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
> /usr/local/bin/createuser root
Shall the new user be allowed to create databases? (y/n) y
> logout
# /usr/local/bin/createdb root
# /usr/local/bin/psql root
root=# CREATE TABLE incoming_test (
root(# recorded_on timestamp with time zone NOT NULL,
root(# "Accounting-Record-Type" integer,
root(# "Session-Id" bytea,
root(# "Accounting-Record-Number" integer,
root(# "Route-Record1" bytea,
root(# "Route-Record2" bytea,
root(# "Route-Record3" bytea,
root(# "Route-Record4" bytea );
root=# \q
3) configure the sources
# make edit_cache
BUILD_APP_ACCT:BOOL=ON
TEST_APP_ACCT:BOOL=ON
TEST_APP_ACCT_CONNINFO:STRING="user=root dbname=root"
4) run the test
# tests/testappacct -d
or
# make test
----------------------------------
Segmentation fault on program exit
----------------------------------
In case you encounter a segmentation fault on program termination like this:
[...]
freeDiameterd framework is terminated.
Segmentation fault: 11 (core dumped)
with a backtrace like this:
#0 0x0000000801a414a0 in ?? ()
#1 0x0000000800f99274 in __cxa_finalize () from /lib/libc.so.7
#2 0x0000000800f460b7 in exit () from /lib/libc.so.7
You may try to add the following compilation directive in cmake:
-DSKIP_DLCLOSE:BOOL=ON
Note: this segmentation fault was experienced with:
- FreeBSD 8.1
- 64 bits architecture only.
- Profiling mode only.

83
lib/freeDiameter/INSTALL.OSX Normal file
View File

@ -0,0 +1,83 @@
See INSTALL file for general instructions on building freeDiameter.
------------------
QUICK INSTRUCTIONS
------------------
Starting from version 1.1.5, freeDiameter is available through Homebrew:
1) Install Homebrew
a) Install Command Line Tools for Xcode or Xcode:
- Command Line Tools (your OS X Version) for Xcode:
https://developer.apple.com/downloads (Free Apple Developer ID Registration Required)
- or Xcode:
https://itunes.apple.com/us/app/xcode/id497799835 (Free App Store Account Required)
b) Install Homebrew
$ ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"
2) Install freeDiameter:
$ brew install freediameter
After installation is done "Caveats" section will provide information
how to start freeDiameterd through launchd at system startup.
To view this information again:
$ brew info freediameter
To learn more about freeDiameter configuration options, read:
http://www.freediameter.net/trac/wiki/Configuration
For more information on available extension and how to configure them, read:
http://www.freediameter.net/trac/wiki/Extensions
------------
FROM SOURCES
------------
1) Install Homebrew:
See QUICK INSTRUCTIONS Step #1 above.
2) Install dependencies:
$ brew install mercurial cmake gnutls libgcrypt postgres mysql libidn
Notes:
* GNU IDN (libidn) is optional, see below
* When libusrsctp package is available, you can use it as well.
3) Retrieve source code:
$ hg clone http://www.freediameter.net/hg/freeDiameter
4) Enter source folder:
$ cd freeDiameter
5) Create build folder:
$ mkdir freeDiameter-build
6) Enter build folder:
$ cd freeDiameter-build
7) Configure:
$ cmake .. -DDISABLE_SCTP:BOOL=ON
or for ncurses-based configuration:
$ ccmake .. -DDISABLE_SCTP:BOOL=ON
Notes:
* GNU IDN (Support for International Domain Names) can be disabled with:
-DDIAMID_IDNA_IGNORE=ON or -DDIAMID_IDNA_REJECT=ON
* For more information on available configuration options, read:
http://www.freediameter.net/trac/wiki/Installation
8) Compile:
$ make
9) Install (might require to be root):
$ make install
------------------------------------------------
These instructions have been tested on OS X:
- 10.6.8 (Snow Leopard)
- 10.7.5 (Lion)
- 10.8.2 (Mountain Lion)

29
lib/freeDiameter/INSTALL.OpenSUSE Normal file
View File

@ -0,0 +1,29 @@
### Very short install notes for OpenSUSE (tested on OpenSUSE 11.3)
# Please refer to other INSTALL files for more detailed instructions (e.g. extension-specific notes).
Dependencies on OpenSUSE 11.3 (from minimal server system installation):
# zypper install cmake make gcc gcc-c++ flex bison lksctp-tools-devel libgnutls-devel libgcrypt-devel libidn-devel
# zypper install mercurial
Following dependencies are optional, depending on which extensions you plan to compile
app_acct:
# zypper install postgresql-server postgresql-devel
app_sip:
app_diameap:
# zypper install libmysqlclient-devel
(would also need a server, not sure which package is appropriate)
dict_legacy_xml:
# zypper install libxml2 libxml2-devel
dbg_interactive:
# zypper install swig python-devel
sample:
# zypper install gcc-c++
There is currently no OpenSUSE-specific package for freeDiameter.
You are welcome to contribute packaging scripts! Please contact with
dev@freediameter.net for more details.

3
lib/freeDiameter/INSTALL.OpenWRT Normal file
View File

@ -0,0 +1,3 @@
There is a package script available for the OpenWRT platform.
Please refer to contrib/OpenWRT/HOWTO for more information.

123
lib/freeDiameter/INSTALL.Ubuntu Normal file
View File

@ -0,0 +1,123 @@
See http://www.freediameter.net/trac/wiki/DebRepository for instructions on how to
install freeDiameter from existing package.
See INSTALL file for general instructions on building freeDiameter from sources.
The remaining of this file contains specific instructions for building the freeDiameter
package files for Debian and Ubuntu systems.
freeDiameter is shipped with the necessary files to generate the Debian package.
All related files are in the directory "contrib/debian" of the distribution.
As a first step, you have to link this directory from your top-level dir:
ln -s contrib/debian
============================================
The following packages are required to compile freeDiameter from source:
cmake make gcc g++ flex bison libsctp1 libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev
(note that libidn and libsctp can be avoided by defining DISABLE_SCTP and DIAMID_IDNA_REJECT)
Additionnaly, these ones may be useful:
mercurial gdb
Extensions additional dependencies:
app_acct:
libpq-dev
app_sip:
app_diameap:
libmysqlclient-dev
dict_legacy_xml:
libxml2-dev
dbg_interactive:
swig python-dev
============================================
If your debhelper environment is recent (> 7.3.9 for cmake support),
the following commands should generate the freeDiameter packages for you:
# Install the dependencies for building the source:
sudo apt-get -y install mercurial cmake make gcc g++ bison flex libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev ssl-cert debhelper fakeroot \
libpq-dev libmysqlclient-dev libxml2-dev swig python-dev
# Retrieve the latest version of the source package
cd
hg clone http://www.freediameter.net/hg/freeDiameter
cd freeDiameter
# Prepare for Debian package
ln -s contrib/debian
# Build the packages
fakeroot dh binary
# Install the packages
cd ..
sudo dpkg -i *.deb
# The following lines may help you getting started.... (execute as root)
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/freeDiameter.pem
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/freeDiameter.key
zcat /usr/share/doc/freediameter-daemon/examples/freediameter.conf.sample.gz > /etc/freeDiameter/freeDiameter.conf
echo "Identity=\"localhost.localdomain\";" >> /etc/freeDiameter/freeDiameter.conf
freeDiameterd
===========================================
freeDiameter is tested regularly on all current Ubuntu distributions since Intrepid (compiled from source as described below)
Ubuntu Hardy support is known to be broken.
The Debian package has been generated with success on Debian (>=Squeeze) and Ubuntu (>=Karmic).
===========================================-
Step by step instructions without using the debhelper tools:
1) Install all packages dependencies
# sudo apt-get install mercurial cmake make gcc g++ bison flex libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev
2) (OPTION) If you will compile modules that require postgresql, also install:
# sudo apt-get install libpq-dev
and for mysql:
# sudo apt-get install libmysqlclient-dev
3) (OPTION) If you want a more user-friendly interface, install this:
# sudo apt-get install cmake-curses-gui
4) Retrieve the source files
# hg clone http://www.freediameter.net/hg/freeDiameter
5) Create a build directory, and enter it
# mkdir fDbuild
# cd fDbuild
6) Configure and generate the Makefiles
# cmake ../freeDiameter
# make edit_cache
7) Compile all files:
# make
8) (OPTION) See available targets:
# make help
9) (OPTION) Check the software has a correct basic behavior on your environment. -- only if you did not disable the tests in step 6
# make test
10) (OPTION) Install the software in configured locations:
# sudo make install
===========================================
Note: On Ubuntu Quantal Quetzal, you may have to force use of python 2.7
library for the dbg_interactive extension, as on some systems CMake selects the 3.2 library
by default.

21
lib/freeDiameter/INSTALL.pkgsrc Normal file
View File

@ -0,0 +1,21 @@
The simplest way to install on NetBSD, DragonFly, MirBSD or other
pkgsrc platforms is:
pkg_add freeDiameter
If no binary package exists:
cd /usr/pkgsrc/net/freeDiameter
make install
If you want to build and install freeDiameter from the repository,
you'll need to install:
pkg_add bison pkg-config libidn gnutls libgcrypt mercurial
and follow the usual installation note.
NetBSD does not support SCTP, so you have to add
-DDISABLE_SCTP:BOOL=ON
to the cmake command line.
For the optional extensions, you need mysql*-client, postgres*-client,
libxml2. For the debugging extensions, you also need swig and a
python -- install as usual.

51
lib/freeDiameter/LICENSE Normal file
View File

@ -0,0 +1,51 @@
Unless specified otherwise, this software package is copyrighted under the terms of the BSD license, as follow:
Software License Agreement (BSD License)
Copyright (c) 2008-2011, WIDE Project and NICT
All rights reserved.
Redistribution and use of this software in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
* Redistributions of source code must retain the above
copyright notice, this list of conditions and the
following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other
materials provided with the distribution.
* Neither the name of the WIDE Project or NICT nor the
names of its contributors may be used to endorse or
promote products derived from this software without
specific prior written permission of WIDE Project and
NICT.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The following authors have contributed the following files. See source files for copyright information.
* Alexandre Westfahl:
extensions/dict_sip/*
extensions/app_sip/*
extensions/app_radgw/rgwx_sip.c
* Souheil Ben Ayed:
extensions/app_diameap/*
* Francois Bard:
extensions/dict_mip6a/*
extensions/dict_mip6i/*
extensions/dict_nas_mipv6/*
extensions/dict_rfc5777/*

5
lib/freeDiameter/NEWS Normal file
View File

@ -0,0 +1,5 @@
The digested changelog can be found under:
contrib/debian/changelog
You can also find the exhaustive list of change using mercurial history,
or at the following URL: http://www.freediameter.net/hg/freeDiameter/shortlog

43
lib/freeDiameter/README Normal file
View File

@ -0,0 +1,43 @@
freeDiameter is an implementation of the Diameter protocol.
Diameter is a protocol designed to carry Authentication, Authorization and
Accounting (AAA) payload. It is an evolution of the RADIUS protocol (as the
name suggests).
Diameter is an extensible protocol. RFC3588 (currently under revision) defines the
Base Protocol that all Diameter nodes must support, while other documents define
the additional protocol support for specific applications. Such applications include
for example Network Access Servers (RFC4005), EAP (RFC4072), ...
The implementation consists in several components:
- libfdproto : this shared library provides the functions to manipulate Diameter
messages and dictionary. This library is meant to be re-used by other projects
that would require parsing or manipulating Diameter messages.
- libfdcore : this shared library contains the core of the framework. It establishes
the network connections with other Diameter peers and performs the tasks described
in Diameter Base Protocol, such as watchdogs, basic routing, ... It also handles
the loading of extensions (see below).
- freeDiameterd : this simple daemon parses the command line and initializes the
freeDiameter framework. Use it for your Diameter server & agent components.
In case of Diameter clients, you probably will prefer linking the libfdcore
directly with your client application that must be made Diameter-aware.
- extensions : the extensions provide the mean to augment the features of the
freeDiameterd framework. Extensions can provide the handling of a Diameter
server application, but also advanced routing features, peer management, etc.
See http://www.freediameter.net/ for more information on the project.
freeDiameter was previously known as the "waaad" project (WIDE AAA Daemon)
This project is not related to the "freediameter" project from Sun on sourceforge.
Author: Sebastien Decugis.
See LICENSE file for legal information on this software.
See INSTALL for information on building and using this software.

72
lib/freeDiameter/cmake/Modules/CMakeUserUseBison.cmake Normal file
View File

@ -0,0 +1,72 @@
# - Look for GNU Bison, the parser generator
# Based off a news post from Andy Cedilnik at Kitware
# Defines the following:
# BISON_EXECUTABLE - path to the bison executable
# BISON_FILE - parse a file with bison
# BISON_PREFIX_OUTPUTS - Set to true to make BISON_FILE produce prefixed
# symbols in the generated output based on filename.
# So for ${filename}.y, you'll get ${filename}parse(), etc.
# instead of yyparse().
# BISON_GENERATE_DEFINES - Set to true to make BISON_FILE output the matching
# .h file for a .c file. You want this if you're using
# flex.
IF(NOT DEFINED BISON_PREFIX_OUTPUTS)
SET(BISON_PREFIX_OUTPUTS FALSE)
ENDIF(NOT DEFINED BISON_PREFIX_OUTPUTS)
IF(NOT DEFINED BISON_GENERATE_DEFINES)
SET(BISON_GENERATE_DEFINES FALSE)
ENDIF(NOT DEFINED BISON_GENERATE_DEFINES)
IF(NOT BISON_EXECUTABLE)
MESSAGE(STATUS "Looking for bison")
FIND_PROGRAM(BISON_EXECUTABLE bison)
IF(BISON_EXECUTABLE)
MESSAGE(STATUS "Looking for bison -- ${BISON_EXECUTABLE}")
ENDIF(BISON_EXECUTABLE)
MARK_AS_ADVANCED(BISON_EXECUTABLE)
ENDIF(NOT BISON_EXECUTABLE)
IF(BISON_EXECUTABLE)
MACRO(BISON_FILE FILENAME)
GET_FILENAME_COMPONENT(PATH "${FILENAME}" PATH)
IF("${PATH}" STREQUAL "")
SET(PATH_OPT "")
ELSE("${PATH}" STREQUAL "")
SET(PATH_OPT "/${PATH}")
ENDIF("${PATH}" STREQUAL "")
GET_FILENAME_COMPONENT(HEAD "${FILENAME}" NAME_WE)
IF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
FILE(MAKE_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
ENDIF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
IF(BISON_PREFIX_OUTPUTS)
SET(PREFIX "${HEAD}")
ELSE(BISON_PREFIX_OUTPUTS)
SET(PREFIX "yy")
ENDIF(BISON_PREFIX_OUTPUTS)
SET(OUTFILE "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}/${HEAD}.tab.c")
IF(BISON_GENERATE_DEFINES)
SET(HEADER "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}/${HEAD}.tab.h")
ADD_CUSTOM_COMMAND(
OUTPUT "${OUTFILE}" "${HEADER}"
COMMAND "${BISON_EXECUTABLE}"
ARGS "--name-prefix=${PREFIX}"
"--defines"
"--output-file=${OUTFILE}"
"${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}"
DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}")
SET_SOURCE_FILES_PROPERTIES("${OUTFILE}" "${HEADER}" PROPERTIES GENERATED TRUE)
SET_SOURCE_FILES_PROPERTIES("${HEADER}" PROPERTIES HEADER_FILE_ONLY TRUE)
ELSE(BISON_GENERATE_DEFINES)
ADD_CUSTOM_COMMAND(
OUTPUT "${OUTFILE}"
COMMAND "${BISON_EXECUTABLE}"
ARGS "--name-prefix=${PREFIX}"
"--output-file=${OUTFILE}"
"${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}"
DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}")
SET_SOURCE_FILES_PROPERTIES("${OUTFILE}" PROPERTIES GENERATED TRUE)
ENDIF(BISON_GENERATE_DEFINES)
ENDMACRO(BISON_FILE)
ENDIF(BISON_EXECUTABLE)

47
lib/freeDiameter/cmake/Modules/CMakeUserUseFlex.cmake Normal file
View File

@ -0,0 +1,47 @@
# - Look for GNU flex, the lexer generator.
# Defines the following:
# FLEX_EXECUTABLE - path to the flex executable
# FLEX_FILE - parse a file with flex
# FLEX_PREFIX_OUTPUTS - Set to true to make FLEX_FILE produce outputs of
# lex.${filename}.c, not lex.yy.c . Passes -P to flex.
IF(NOT DEFINED FLEX_PREFIX_OUTPUTS)
SET(FLEX_PREFIX_OUTPUTS FALSE)
ENDIF(NOT DEFINED FLEX_PREFIX_OUTPUTS)
IF(NOT FLEX_EXECUTABLE)
MESSAGE(STATUS "Looking for flex")
FIND_PROGRAM(FLEX_EXECUTABLE flex)
IF(FLEX_EXECUTABLE)
MESSAGE(STATUS "Looking for flex -- ${FLEX_EXECUTABLE}")
ENDIF(FLEX_EXECUTABLE)
MARK_AS_ADVANCED(FLEX_EXECUTABLE)
ENDIF(NOT FLEX_EXECUTABLE)
IF(FLEX_EXECUTABLE)
MACRO(FLEX_FILE FILENAME)
GET_FILENAME_COMPONENT(PATH "${FILENAME}" PATH)
IF("${PATH}" STREQUAL "")
SET(PATH_OPT "")
ELSE("${PATH}" STREQUAL "")
SET(PATH_OPT "/${PATH}")
ENDIF("${PATH}" STREQUAL "")
IF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
FILE(MAKE_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
ENDIF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
IF(FLEX_PREFIX_OUTPUTS)
GET_FILENAME_COMPONENT(PREFIX "${FILENAME}" NAME_WE)
ELSE(FLEX_PREFIX_OUTPUTS)
SET(PREFIX "yy")
ENDIF(FLEX_PREFIX_OUTPUTS)
SET(OUTFILE "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}/lex.${PREFIX}.c")
ADD_CUSTOM_COMMAND(
OUTPUT "${OUTFILE}"
COMMAND "${FLEX_EXECUTABLE}"
ARGS "-P${PREFIX}"
"-o${OUTFILE}"
"${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}"
DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}")
SET_SOURCE_FILES_PROPERTIES("${OUTFILE}" PROPERTIES GENERATED TRUE)
ENDMACRO(FLEX_FILE)
ENDIF(FLEX_EXECUTABLE)

36
lib/freeDiameter/cmake/Modules/FindGcrypt.cmake Normal file
View File

@ -0,0 +1,36 @@
# - Find gnutls
# Find the native GCRYPT includes and library
#
# GCRYPT_FOUND - True if gnutls found.
# GCRYPT_INCLUDE_DIR - where to find gnutls.h, etc.
# GCRYPT_LIBRARIES - List of libraries when using gnutls.
if (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES)
set(GCRYPT_FIND_QUIETLY TRUE)
endif (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES)
# Include dir
find_path(GCRYPT_INCLUDE_DIR
NAMES
gcrypt.h
)
# Library
find_library(GCRYPT_LIBRARY
NAMES gcrypt
)
# handle the QUIETLY and REQUIRED arguments and set GCRYPT_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(GCRYPT DEFAULT_MSG GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR)
IF(GCRYPT_FOUND)
SET( GCRYPT_LIBRARIES ${GCRYPT_LIBRARY} )
ELSE(GCRYPT_FOUND)
SET( GCRYPT_LIBRARIES )
ENDIF(GCRYPT_FOUND)
# Lastly make it so that the GCRYPT_LIBRARY and GCRYPT_INCLUDE_DIR variables
# only show up under the advanced options in the gui cmake applications.
MARK_AS_ADVANCED( GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR )

64
lib/freeDiameter/cmake/Modules/FindGnuTLS.cmake Normal file
View File

@ -0,0 +1,64 @@
# - Find gnutls
# Find the native GNUTLS includes and library
#
# GNUTLS_FOUND - True if gnutls found.
# GNUTLS_INCLUDE_DIR - where to find gnutls.h, etc.
# GNUTLS_LIBRARIES - List of libraries when using gnutls.
# GNUTLS_VERSION_210 - true if GnuTLS version is >= 2.10.0 (does not require additional separate gcrypt initialization)
# GNUTLS_VERSION_212 - true if GnuTLS version is >= 2.12.0 (supports gnutls_transport_set_vec_push_function)
# GNUTLS_VERSION_300 - true if GnuTLS version is >= 3.00.0 (x509 verification functions changed)
# GNUTLS_VERSION_310 - true if GnuTLS version is >= 3.01.0 (stabilization branch with new APIs)
if (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARIES)
set(GNUTLS_FIND_QUIETLY TRUE)
endif (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARIES)
# Include dir
find_path(GNUTLS_INCLUDE_DIR
NAMES
gnutls.h
gnutls/gnutls.h
)
# Library
find_library(GNUTLS_LIBRARY
NAMES gnutls
)
# handle the QUIETLY and REQUIRED arguments and set GNUTLS_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(GNUTLS DEFAULT_MSG GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
IF(GNUTLS_FOUND)
SET( GNUTLS_LIBRARIES ${GNUTLS_LIBRARY} )
ELSE(GNUTLS_FOUND)
SET( GNUTLS_LIBRARIES )
ENDIF(GNUTLS_FOUND)
# Lastly make it so that the GNUTLS_LIBRARY and GNUTLS_INCLUDE_DIR variables
# only show up under the advanced options in the gui cmake applications.
MARK_AS_ADVANCED( GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR )
# Now check if the library is recent. gnutls_hash was added in 2.10.0.
# Also test library is even more recent. gnutls_x509_trust_list_verify_crt was added in 3.00.0.
IF(GNUTLS_FOUND)
IF( NOT( "${GNUTLS_VERSION_TEST_FOR}" STREQUAL "${GNUTLS_LIBRARY}" ))
INCLUDE (CheckLibraryExists)
MESSAGE(STATUS "Checking GNUTLS version")
UNSET(GNUTLS_VERSION_210)
UNSET(GNUTLS_VERSION_210 CACHE)
UNSET(GNUTLS_VERSION_212)
UNSET(GNUTLS_VERSION_212 CACHE)
UNSET(GNUTLS_VERSION_300)
UNSET(GNUTLS_VERSION_300 CACHE)
UNSET(GNUTLS_VERSION_310)
UNSET(GNUTLS_VERSION_310 CACHE)
GET_FILENAME_COMPONENT(GNUTLS_PATH ${GNUTLS_LIBRARY} PATH)
CHECK_LIBRARY_EXISTS(gnutls gnutls_hash ${GNUTLS_PATH} GNUTLS_VERSION_210)
CHECK_LIBRARY_EXISTS(gnutls gnutls_transport_set_vec_push_function ${GNUTLS_PATH} GNUTLS_VERSION_212)
CHECK_LIBRARY_EXISTS(gnutls gnutls_x509_trust_list_verify_crt ${GNUTLS_PATH} GNUTLS_VERSION_300)
CHECK_LIBRARY_EXISTS(gnutls gnutls_handshake_set_timeout ${GNUTLS_PATH} GNUTLS_VERSION_310)
SET( GNUTLS_VERSION_TEST_FOR ${GNUTLS_LIBRARY} CACHE INTERNAL "Version the test was made against" )
ENDIF (NOT( "${GNUTLS_VERSION_TEST_FOR}" STREQUAL "${GNUTLS_LIBRARY}" ))
ENDIF(GNUTLS_FOUND)

40
lib/freeDiameter/cmake/Modules/FindIDNA.cmake Normal file
View File

@ -0,0 +1,40 @@
# - Try to find GNU IDN library and headers
# Once done, this will define
#
# IDNA_FOUND - system has IDNA
# IDNA_INCLUDE_DIR - the IDNA include directories (<idna.h>)
# IDNA_LIBRARIES - link these to use IDNA (idna_to_ascii_8z)
if (IDNA_INCLUDE_DIR AND IDNA_LIBRARIES)
set(IDNA_FIND_QUIETLY TRUE)
endif (IDNA_INCLUDE_DIR AND IDNA_LIBRARIES)
# Include dir
find_path(IDNA_INCLUDE_DIR
NAMES idna.h
)
# Library
find_library(IDNA_LIBRARY
NAMES idn
)
# handle the QUIETLY and REQUIRED arguments and set IDNA_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(IDNA DEFAULT_MSG IDNA_LIBRARY IDNA_INCLUDE_DIR)
# If we successfully found the idn library then add the library to the
# IDNA_LIBRARIES cmake variable otherwise set IDNA_LIBRARIES to nothing.
IF(IDNA_FOUND)
SET( IDNA_LIBRARIES ${IDNA_LIBRARY} )
ELSE(IDNA_FOUND)
SET( IDNA_LIBRARIES )
ENDIF(IDNA_FOUND)
# Lastly make it so that the IDNA_LIBRARY and IDNA_INCLUDE_DIR variables
# only show up under the advanced options in the gui cmake applications.
MARK_AS_ADVANCED( IDNA_LIBRARY IDNA_INCLUDE_DIR )

53
lib/freeDiameter/cmake/Modules/FindLibXml2.cmake Normal file
View File

@ -0,0 +1,53 @@
# - Try to find the LibXml2 xml processing library
# Once done this will define
#
# LIBXML2_FOUND - System has LibXml2
# LIBXML2_INCLUDE_DIR - The LibXml2 include directory
# LIBXML2_LIBRARIES - The libraries needed to use LibXml2
# LIBXML2_DEFINITIONS - Compiler switches required for using LibXml2
# LIBXML2_XMLLINT_EXECUTABLE - The XML checking tool xmllint coming with LibXml2
#=============================================================================
# Copyright 2006-2009 Kitware, Inc.
# Copyright 2006 Alexander Neundorf <neundorf@kde.org>
#
# Distributed under the OSI-approved BSD License (the "License");
# see accompanying file Copyright.txt for details.
#
# This software is distributed WITHOUT ANY WARRANTY; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the License for more information.
#=============================================================================
# (To distributed this file outside of CMake, substitute the full
# License text for the above reference.)
# use pkg-config to get the directories and then use these values
# in the FIND_PATH() and FIND_LIBRARY() calls
FIND_PACKAGE(PkgConfig)
PKG_CHECK_MODULES(PC_LIBXML libxml-2.0)
SET(LIBXML2_DEFINITIONS ${PC_LIBXML_CFLAGS_OTHER})
FIND_PATH(LIBXML2_INCLUDE_DIR NAMES libxml/xpath.h
HINTS
${PC_LIBXML_INCLUDEDIR}
${PC_LIBXML_INCLUDE_DIRS}
PATH_SUFFIXES libxml2
)
FIND_LIBRARY(LIBXML2_LIBRARIES NAMES xml2 libxml2
HINTS
${PC_LIBXML_LIBDIR}
${PC_LIBXML_LIBRARY_DIRS}
)
FIND_PROGRAM(LIBXML2_XMLLINT_EXECUTABLE xmllint)
# for backwards compat. with KDE 4.0.x:
SET(XMLLINT_EXECUTABLE "${LIBXML2_XMLLINT_EXECUTABLE}")
# handle the QUIETLY and REQUIRED arguments and set LIBXML2_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(LibXml2 DEFAULT_MSG LIBXML2_LIBRARIES LIBXML2_INCLUDE_DIR)
MARK_AS_ADVANCED(LIBXML2_INCLUDE_DIR LIBXML2_LIBRARIES LIBXML2_XMLLINT_EXECUTABLE)

55
lib/freeDiameter/cmake/Modules/FindMySQL.cmake Normal file
View File

@ -0,0 +1,55 @@
# - Find mysqlclient
#
# -*- cmake -*-
#
# Find the native MySQL includes and library
#
# MySQL_INCLUDE_DIR - where to find mysql.h, etc.
# MySQL_LIBRARIES - List of libraries when using MySQL.
# MySQL_FOUND - True if MySQL found.
IF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
# Already in cache, be silent
SET(MySQL_FIND_QUIETLY TRUE)
ENDIF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
# Include dir
FIND_PATH(MySQL_INCLUDE_DIR
NAMES mysql.h
PATH_SUFFIXES mysql
)
# Library
#SET(MySQL_NAMES mysqlclient mysqlclient_r)
SET(MySQL_NAMES mysqlclient_r)
FIND_LIBRARY(MySQL_LIBRARY
NAMES ${MySQL_NAMES}
PATHS /usr/lib /usr/local/lib
PATH_SUFFIXES mysql
)
IF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
SET(MySQL_FOUND TRUE)
SET( MySQL_LIBRARIES ${MySQL_LIBRARY} )
ELSE (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
SET(MySQL_FOUND FALSE)
SET( MySQL_LIBRARIES )
ENDIF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
IF (MySQL_FOUND)
IF (NOT MySQL_FIND_QUIETLY)
MESSAGE(STATUS "Found MySQL: ${MySQL_LIBRARY}")
ENDIF (NOT MySQL_FIND_QUIETLY)
ELSE (MySQL_FOUND)
IF (MySQL_FIND_REQUIRED)
MESSAGE(STATUS "Looked for MySQL libraries named ${MySQL_NAMES}.")
MESSAGE(FATAL_ERROR "Could NOT find MySQL library")
ENDIF (MySQL_FIND_REQUIRED)
ENDIF (MySQL_FOUND)
MARK_AS_ADVANCED(
MySQL_LIBRARY
MySQL_INCLUDE_DIR
)

36
lib/freeDiameter/cmake/Modules/FindPostgreSQL.cmake Normal file
View File

@ -0,0 +1,36 @@
# - Find PostgreSQL library
#
# This module defines:
# POSTGRESQL_FOUND - True if the package is found
# POSTGRESQL_INCLUDE_DIR - containing libpq-fe.h
# POSTGRESQL_LIBRARIES - Libraries to link to use PQ functions.
if (POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
set(POSTGRESQL_FIND_QUIETLY TRUE)
endif (POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
# Include dir
find_path(POSTGRESQL_INCLUDE_DIR
NAMES libpq-fe.h
PATH_SUFFIXES pgsql postgresql
)
# Library
find_library(POSTGRESQL_LIBRARY
NAMES pq
)
# handle the QUIETLY and REQUIRED arguments and set POSTGRESQL_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(POSTGRESQL DEFAULT_MSG POSTGRESQL_LIBRARY POSTGRESQL_INCLUDE_DIR)
IF(POSTGRESQL_FOUND)
SET( POSTGRESQL_LIBRARIES ${POSTGRESQL_LIBRARY} )
ELSE(POSTGRESQL_FOUND)
SET( POSTGRESQL_LIBRARIES )
ENDIF(POSTGRESQL_FOUND)
# Lastly make it so that the POSTGRESQL_LIBRARY and POSTGRESQL_INCLUDE_DIR variables
# only show up under the advanced options in the gui cmake applications.
MARK_AS_ADVANCED( POSTGRESQL_LIBRARY POSTGRESQL_INCLUDE_DIR )

46
lib/freeDiameter/cmake/Modules/FindSCTP.cmake Normal file
View File

@ -0,0 +1,46 @@
# - Try to find SCTP library and headers
# Once done, this will define
#
# SCTP_FOUND - system has SCTP
# SCTP_INCLUDE_DIR - the SCTP include directories
# SCTP_LIBRARIES - link these to use SCTP
if (SCTP_INCLUDE_DIR AND SCTP_LIBRARIES)
set(SCTP_FIND_QUIETLY TRUE)
endif (SCTP_INCLUDE_DIR AND SCTP_LIBRARIES)
# Include dir
find_path(SCTP_INCLUDE_DIR
NAMES netinet/sctp.h
)
# Library
find_library(SCTP_LIBRARY
NAMES sctp
)
# Set the include dir variables and the libraries and let libfind_process do the rest.
# NOTE: Singular variables for this library, plural for libraries this this lib depends on.
#set(SCTP_PROCESS_INCLUDES SCTP_INCLUDE_DIR)
#set(SCTP_PROCESS_LIBS SCTP_LIBRARY)
#libfind_process(SCTP)
# handle the QUIETLY and REQUIRED arguments and set SCTP_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(SCTP DEFAULT_MSG SCTP_LIBRARY SCTP_INCLUDE_DIR)
# If we successfully found the sctp library then add the library to the
# SCTP_LIBRARIES cmake variable otherwise set SCTP_LIBRARIES to nothing.
IF(SCTP_FOUND)
SET( SCTP_LIBRARIES ${SCTP_LIBRARY} )
ELSE(SCTP_FOUND)
SET( SCTP_LIBRARIES )
ENDIF(SCTP_FOUND)
# Lastly make it so that the SCTP_LIBRARY and SCTP_INCLUDE_DIR variables
# only show up under the advanced options in the gui cmake applications.
MARK_AS_ADVANCED( SCTP_LIBRARY SCTP_INCLUDE_DIR )

23
lib/freeDiameter/cmake/Modules/GetVersionWithHg.cmake Normal file
View File

@ -0,0 +1,23 @@
# This file is called at build time. It regenerates the version.h file based on the hg version.
EXECUTE_PROCESS(
COMMAND ${HGCOMMAND} id -i
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
RESULT_VARIABLE reshash
OUTPUT_VARIABLE verhash
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
EXECUTE_PROCESS(
COMMAND ${HGCOMMAND} id -n
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
RESULT_VARIABLE resval
OUTPUT_VARIABLE verval
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
if (reshash EQUAL 0)
SET(FD_PROJECT_VERSION_HG "${verval}(${verhash})")
message(STATUS "Source version: ${FD_PROJECT_VERSION_HG}")
endif (reshash EQUAL 0)
CONFIGURE_FILE(${SRC} ${DST})

17
lib/freeDiameter/contrib/CxDx/README Normal file
View File

@ -0,0 +1,17 @@
Date: Thu, 13 Oct 2011 14:01:40 -0300
From: "Norberto R. de Goes Jr." <norberto@cpqd.com.br>
To: help@freediameter.net
Subject: [Help] Cx dictionary (samples "c" and "xml")
Hi.
Just a contribution, they were not tested.
Best regards,
--
Norberto R. de Goes Jr.
CPqD - DRC
Tel.: +55 19 3705-4241 / Fax: +55 19 3705-6125
norberto@cpqd.com.br
www.cpqd.com.br

1724
lib/freeDiameter/contrib/CxDx/dict_cxdx.c Normal file
View File

File diff suppressed because it is too large Load Diff

407
lib/freeDiameter/contrib/CxDx/dict_cxdx.xml Normal file
View File

@ -0,0 +1,407 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dictionary SYSTEM "dictionary.dtd">
<!--**************************************************************************************
=== CpqD/DRC - Projeto ADRIMS - Mar/2011 ===
=== Dicionario Dx/Cx ===
Baseado no "dict_sip" do FreeDiameter (www.freediameter.net)
Norberto R Goes Jr
**************************************************************************************-->
<dictionary>
<!-- ******************************************************** -->
<!-- ********************* Vendors ************************** -->
<!-- ******************************************************** -->
<vendor id="13019" name="ETSI" />
<vendor id="10415" name="3GPP" />
<!-- ******************************************************** -->
<!-- ***************** CxDx Application *********************-->
<!-- ******************************************************** -->
<application id="16777216" name="Diameter CxDx Application"
uri="http://www.cpqd.com.br">
<!-- ******************************************************** -->
<!-- ******************** Commands ************************** -->
<!-- ******************************************************** -->
<command name="User-Authorization" code="300" >
<requestrules>
<fixed>
<avprule name="Session-Id" minimum="1" maximum="1"/>
</fixed>
<required>
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
<avprule name="Auth-Session-State" maximum="1" />
<avprule name="Origin-Host" maximum="1" />
<avprule name="Origin-Realm" maximum="1" />
<avprule name="Destination-Realm" maximum="1" />
<avprule name="User-Name" maximum="1" />
<avprule name="Public-Identity" maximum="1" />
<avprule name="Visited-Network-Identifier" maximum="1" />
</required>
<optional>
<avprule name="Destination-Host" maximum="1"/>
<avprule name="Supported-Features" />
<avprule name="User-Authorization-Type" maximum="1"/>
<avprule name="UAR-Flags" maximum="1" />
<avprule name="AVP" />
<avprule name="Proxy-Info" />
<avprule name="Route-Record" />
</optional>
</requestrules>
<answerrules>
<fixed>
<avprule name="Session-Id" minimum="1" maximum="1"/>
</fixed>
<required>
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
<avprule name="Auth-Session-State" maximum="1" />
<avprule name="Origin-Host" maximum="1" />
<avprule name="Origin-Realm" maximum="1"/>
</required>
<optional>
<avprule name="Result-Code" maximum="1"/>
<avprule name="Experimental-Result" maximum="1"/>
<avprule name="Supported-Features" />
<avprule name="Server-Name" maximum="1"/>
<avprule name="Server-Capabilities" maximum="1"/>
<avprule name="Wildcarded-IMPU" maximum="1"/>
<avprule name="AVP" />
<avprule name="Failed-AVP" />
<avprule name="Proxy-Info" />
<avprule name="Route-Record" />
</optional>
</answerrules>
</command>
<command name="Server-Assignment" code="301" >
<requestrules>
<fixed>
<avprule name="Session-Id" minimum="1" maximum="1"/>
</fixed>
<required>
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
<avprule name="Auth-Session-State" maximum="1" />
<avprule name="Origin-Host" maximum="1" />
<avprule name="Origin-Realm" maximum="1" />
<avprule name="Destination-Realm" maximum="1" />
<avprule name="Server-Name" maximum="1"/>
<avprule name="Server-Assignment-Type" maximum="1" />
<avprule name="User-Data-Already-Available" maximum="1" />
</required>
<optional>
<avprule name="Destination-Host" maximum="1"/>
<avprule name="User-Name" maximum="1" />
<avprule name="Supported-Features" />
<avprule name="Public-Identity" />
<avprule name="Wildcarded-PSI" maximum="1"/>
<avprule name="Wildcarded-IMPU" maximum="1"/>
<!-- avprule name="SCSCF-Restoration-Info" maximum="1"/> -->
<!-- avprule name="Multiple-Registration-Indication" maximum="1"/> -->
<!--avprule name="Session-Priority" maximum="1"/> -->
<avprule name="AVP" />
<avprule name="Proxy-Info" />
<avprule name="Route-Record" />
</optional>
</requestrules>
<answerrules>
<fixed>
<avprule name="Session-Id" minimum="1" maximum="1"/>
</fixed>
<required>
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
<avprule name="Auth-Session-State" maximum="1" />
<avprule name="Origin-Host" maximum="1" />
<avprule name="Origin-Realm" maximum="1"/>
</required>
<optional>
<avprule name="Result-Code" maximum="1"/>
<avprule name="Experimental-Result" maximum="1"/>
<avprule name="User-Name" maximum="1" />
<avprule name="Supported-Features" />
<!--avprule name="User-Data" maximum="1"/> -->
<!--avprule name="Charging-Information" maximum="1"/> -->
<!--avprule name="Associated-Identities" maximum="1"/> -->
<!--avprule name="Loose-Route-Indication" maximum="1"/> -->
<!--avprule name="SCSCF-Restoration-Info" /> -->
<!--avprule name="Associated-Registered-Identities " maximum="1"/> -->
<avprule name="AVP" />
<avprule name="Server-Name" maximum="1"/>
<avprule name="Failed-AVP" />
<avprule name="Proxy-Info" />
<avprule name="Route-Record" />
</optional>
</answerrules>
</command>
<!-- ******************************************************** -->
<!-- *********************** AVPs *************************** -->
<!-- ******************************************************** -->
<avp name="Visited-Network-Identifier" code="600" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="OctetString" />
</avp>
<avp name="Public-Identity" code="601" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="UTF8String" />
</avp>
<avp name="Server-Name" code="602" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="UTF8String" />
</avp>
<!-- "Server-Capabilites" (603) usa as duas AVPs a seguir : -->
<avp name="Feature-List-ID" code="629" vendor-id="10415" mandatory="must"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<type type-name="Unsigned32" />
</avp>
<avp name="Feature-List" code="630" vendor-id="10415" mandatory="must"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<type type-name="Unsigned32" />
</avp>
<avp name="Server-Capabilities" code="603" vendor-id="10415" mandatory="must"
may-encrypt="no">
<grouped>
<optional>
<avprule name="Vendor-Id" maximum="1" />
<avprule name="Feature-List-ID" maximum="1" />
<avprule name="Feature-List" maximum="1" />
</optional>
</grouped>
</avp>
<avp name="Mandatory-Capability" code="604" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="Unsigned32" />
</avp>
<avp name="Optional-Capability" code="605" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="Unsigned32" />
</avp>
<avp name="User-Data" code="606" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="OctetString" />
</avp>
<avp name="SIP-Number-Auth-Items" code="607" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="Unsigned32" />
</avp>
<avp name="SIP-Authentication-Scheme" code="608" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="UTF8String" />
</avp>
<avp name="SIP-Authenticate" code="609" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="OctetString" />
</avp>
<avp name="SIP-Authorization" code="610" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="OctetString" />
</avp>
<avp name="SIP-Authentication-Context" code="611" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="OctetString" />
</avp>
<!-- "SIP-Auth-Data-Item" (612) usa as AVPs a seguir : -->
<avp name="SIP-Item-Number" code="613" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="Unsigned32" />
</avp>
<avp name="Confidentiality-Key" code="625" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="OctetString" />
</avp>
<avp name="Integrity-Key" code="626" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="OctetString" />
</avp>
<avp name="Digest-Realm" code="104" vendor-id="10415" mandatory="must"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<type type-name="UTF8String" />
</avp>
<avp name="Digest-Algorithm" code="111" vendor-id="10415" mandatory="must"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<type type-name="UTF8String" />
</avp>
<avp name="Digest-QoP" code="110" vendor-id="10415" mandatory="must"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<type type-name="UTF8String" />
</avp>
<avp name="Digest-HA1" code="121" vendor-id="10415" mandatory="must"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<type type-name="UTF8String" />
</avp>
<avp name="SIP-Digest-Authenticate" code="635" vendor-id="10415"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<grouped>
<required>
<avprule name="Digest-Realm" minimum="1" maximum="1" />
</required>
<optional>
<avprule name="Digest-Algorithm" maximum="1" />
<avprule name="Digest-QoP" maximum="1" />
<avprule name="Digest-HA1" maximum="1" />
<avprule name="AVP" />
</optional>
</grouped>
</avp>
<avp name="Line-Identifier" code="500" vendor-id="13019" mandatory="must"
may-encrypt="no"> <!-- verificar flags / NRGJ -->
<type type-name="OctetString" />
</avp>
<avp name="SIP-Auth-Data-Item" code="612" vendor-id="10415" mandatory="must"
may-encrypt="no">
<grouped>
<optional>
<avprule name="SIP-Item-Number" maximum="1" />
<avprule name="SIP-Authentication-Scheme" maximum="1" />
<avprule name="SIP-Authenticate" maximum="1" />
<avprule name="SIP-Authorization" maximum="1" />
<avprule name="SIP-Authentication-Context" maximum="1" />
<avprule name="Confidentiality-Key" maximum="1" />
<avprule name="Integrity-Key" maximum="1" />
<avprule name="SIP-Digest-Authenticate" maximum="1" />
<avprule name="Framed-IP-Address" maximum="1" />
<avprule name="Framed-IPv6-Prefix" maximum="1" />
<avprule name="Framed-Interface-Id" maximum="1" />
<avprule name="Line-Identifier" />
<avprule name="AVP" />
</optional>
</grouped>
</avp>
<avp name="Server-Assignment-Type" code="614" mandatory="must"
may-encrypt="no">
<type type-name="Enumerated"/>
<enum name="NO_ASSIGNMENT" code="0"/>
<enum name="REGISTRATION" code="1"/>
<enum name="RE_REGISTRATION" code="2"/>
<enum name="UNREGISTERED_USER" code="3"/>
<enum name="TIMEOUT_DEREGISTRATION" code="4"/>
<enum name="USER_DEREGISTRATION" code="5"/>
<enum name="TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME" code="6"/>
<enum name="USER_DEREGISTRATION_STORE_SERVER_NAME" code="7"/>
<enum name="ADMINISTRATIVE_DEREGISTRATION " code="8"/>
<enum name="AUTHENTICATION_FAILURE" code="9"/>
<enum name="AUTHENTICATION_TIMEOUT" code="10"/>
<enum name="DEREGISTRATION_TOO_MUCH_DATA" code="11"/>
<enum name="AAA_USER_DATA_REQUEST" code="12"/>
<enum name="PGW_UPDATE " code="13"/>
</avp>
<avp name="User-Data-Already-Available" code="624" mandatory="must"
may-encrypt="no">
<type type-name="Enumerated"/>
<enum name="USER_DATA_NOT_AVAILABLE" code="0"/>
<enum name="USER_DATA_ALREADY_AVAILABLE" code="1"/>
</avp>
<avp name="Wildcarded-PSI" code="634" vendor-id="10415"
may-encrypt="no">
<type type-name="UTF8String" />
</avp>
<avp name="User-Authorization-Type" code="623" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="UTF8String" />
</avp>
<avp name="Wildcarded-IMPU" code="636" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="UTF8String" />
</avp>
<avp name="UAR-Flags" code="637" vendor-id="10415" mandatory="must"
may-encrypt="no">
<type type-name="Unsigned32" />
</avp>
<avp name="Supported-Features" code="628" vendor-id="10415"
may-encrypt="no">
<grouped>
<optional>
<avprule name="Vendor-Id" maximum="1" />
<avprule name="Feature-List-ID" maximum="1" />
<avprule name="Feature-List" maximum="1" />
</optional>
</grouped>
</avp>
</application>
</dictionary>

305
lib/freeDiameter/contrib/OpenWRT/HOWTO Normal file
View File

@ -0,0 +1,305 @@
#####################
# !! IMPORTANT !! #
#####################
The uClibc library that is shipped with OpenWRT lacks support for several POSIX thread
features, such as pthread_cleanup_{push,pop}, that are required by the freeDiameter
framework.
Until these features are included in the base OpenWRT system, the framework will not
behave correctly on this platform.
Therefore, the OpenWRT port is NOT usable properly at this moment with uClibc.
A test software is included in test_required for checking if new uClibc distributions
support the required features. You'll have to adapt the Makefile according to your environment.
An alternative choice if your hardware allows it is to use (e)glibc in your openwrt image.
#####################
This HOWTO describes how to generate a set of ipkg modules for
providing support of freeDiameter in an OpenWRT system.
This HOWTO is written for OpenWRT 10.03 (BackFire) and no guarantee is provided
that it will work for you. Be prepared to eventually brick your routeur...
Table of contents:
0) Quick HOWTO: optimistic step-by-step instructions.
1) Prerequisites: get the OpenWRT development environment ready.
2) Supplied packages: use the existing packages when possible (gnutls, ...)
3) Other dependencies: provide for additional missing dependencies (sctp ...)
4) freediameter package: now create the freeDiameter package
5) Configuration: how to set the configuration on the router.
This HOWTO will NOT cover how to install OpenWRT on your access device, nor
its basic configuration. Please refer to OpenWRT website for this type of HOWTOs.
==============================================
0) Quick HOWTO
==============================================
The following instructions should allow you to put freeDiameter on your OpenWRT-compatible router.
In case something goes wrong, you should follow the detailed instructions in the remaining of
this file.
Be warned: playing with the software in your router may brick it, i.e. make it unusable forever.
Do it at your own risk.
1) Get the OpenWRT environment:
$ git clone git://nbd.name/openwrt.git
$ cd openwrt
2) Get the feeds
$ cp feeds.conf.default feeds.conf
$ echo "src-hg freediameter http://www.freediameter.net/hg/fD-OWRT-packages" >> feeds.conf
$ scripts/feeds update
$ scripts/feeds install freeDiameter
3) Configure your image
$ make menuconfig
(set Target System and Target Profile as needed for your equipment)
- Network --->
freeDiameter (M)
freeDiameter-test (M)
wpad (*)
wpad-mini ( )
4) Set the C library to glibc instead of uClibc (broken support, see #26)
- Advanced configuration options (for developers) --->
- Toolchain Options ---->
C Library implementation (Use eglibc)
5) Build the image and packages, this takes a while
$ make world
6) Export the bin/* directory through a webserver.
We assume it is available at http://192.168.1.25/owrt
7) Flash the router with your new image -- THIS DESTROYS ALL CONFIG ON THE ROUTER!
$ ssh root@192.168.1.1
# cd /tmp
# wget http://192.168.1.25/owrt/openwrt-brcm47xx-squashfs.trx
;; change the file name with yours
# mtd -r write openwrt-brcm47xx-squashfs.trx linux
;; wait for reboot
$ telnet 192.168.1.1
# passwd
# sync
# exit
8) Update the opkg router's config to get your new packages
ssh root@192.168.1.1
# echo "src/gz localrepo http://192.168.1.25/owrt/packages" >> /etc/opkg.conf
# opkg update
9) Install freeDiameter, you're done. Optionnaly, install also certtool on the router before, to
generate the TLS certificate automatically.
# opkg install freeDiameter
==============================================
1) Prerequisites:
==============================================
We will first need a working OpenWRT toolchain environment. You can retrieve
pre-compiled binaries of such toolchains ("Image builder") on the OpenWRT website. Anyway,
in case the architecture you are interested in is not listed, you can build
the full toolchain from source. This is the path we are following in this HOWTO.
a) Retrieve the latest OpenWRT source, using subversion or git.
Since I have to go through a proxy, I use the later here, svn being quite annoying with proxies.
Note, the following commands must not be run as root.
$ git clone git://nbd.name/openwrt.git
(Note: you might instead use "backfire.git" if you want to stick with an OpenWRT release.)
$ cd openwrt
$ cp feeds.conf.default feeds.conf
b) If you are using git, you have to edit the feeds.conf file to use git as well for packages.
Do the following modifications in this case:
$ vi feeds.conf
Comment out this line:
src-svn packages https://svn.openwrt.org/openwrt/packages
Add this line instead:
src-git packages git://nbd.name/packages.git
You can leave uncommented the luci (for GNUTLS) and Xwrt (webif) repositories. Since these repositories
use svn over http, you can use subversion even if you are behind a proxy.
c) Then issue the following command to update the package list:
$ scripts/feeds update
d) Now, let's already create the toolchain and basic image.
$ make menuconfig
This will open a menu for you. You must select the target you are building for.
See http://wiki.openwrt.org/toh/start for the table of hardware and associated information.
In my case, I am using a Buffalo WZR-HP-G300NH router. I therefore select these options:
- Target System --->
Atheros AR71xx/AR7240/AR913x
- Target Profile --->
Buffalo WZR-HP-G300NH
For many routeurs, the recommended kernel is a 2.4x version. I have NOT tried with such kernel,
and the SCTP support is likely to be different in this generation of kernels. I strongly recommend
to go with a 2.6x kernel, whenever possible.
e) As per freeDiameter ticket #26, you also need to change the library to glibc instead of uClibc.
Change the option as follow:
- Advanced configuration options (for developers) --->
- Toolchain Options ---->
C Library implementation (Use eglibc)
f) Once configured, create the toolchain and default image (this takes a while):
$ make world
After this command completes successfully, your build environment is ready.
The resulting image and packages are stored in the "bin/" subdirectory.
It is very convenient if you make this repository available in http to your routeur.
You should probably try at this early stage to flash your device with the image you have generated.
If the default basic image does not work, it is probably not worth adding new problems on top of it.
For troubleshooting, please consult OpenWRT documentation directly.
"make prereq" may help you building the initial image also.
See http://downloads.openwrt.org/docs/buildroot-documentation.html for additional information
concerning this step.
You should now be able to login on your routeur with telnet (first time) or ssh (after setting a password).
==============================================
2) Supplied packages:
==============================================
There are some dependencies of freeDiameter already available in the OpenWRT packages repository.
You can check for the available packages with the script:
$ ./scripts/feeds search <package>
We will now describe how to install these dependencies. At the time this HOWTO is written,
the OpenWRT repositories contains packages for sctp, ipv6, gnutls, pthreads and hostapd.
Follow these instructions to build them.
Alternatively, you can find these packages pre-compiled in the OpenWRT packages repository.
a) Add the packages
$ scripts/feeds install libgnutls
$ scripts/feeds install sctp
b) Select the following components in the menu:
$ make menuconfig
- Base system --->
libpthread (M)
- Network --->
sctp (M)
hostapd (M)
wpad-mini ( )
- Libraries --->
SSL --->
libgnutls (M)
- Kernel modules --->
Network Support --->
kmod-ipv6 (M)
Quit and save the new config, then:
$ make world
This will add a bunch of modules in your bin directory that will be required for freeDiameter.
Since we are removing the wpad-mini daemon from the base image, this image (trx or bin file) is also recompiled.
Note that if you are setting your device as WPA supplicant also (wireless client), you must select wpad instead of hostapd.
(in any case, the -mini version is not suitable since we will use the RADIUS authentication).
You should now reflash your routeur with the new firmware image. The simplest way to achieve if your routeur has enough
flash memory is to:
- copy the new trx image to your routeur's /tmp (using wget or scp)
- run this command (on the device) -- replace <newfile.trx> with your actual filename:
root@OpenWrt:~# mtd -r write <newfile.trx> linux
WARNING: this will erase your existing configuration on the routeur.
In case you need to save it, you may try the sysupgrade command instead.
This will reboot the device after writing the new image file.
Afterwards, if you have set up the http server on your development machine properly
(let's assume it has IP address 192.168.1.25)
you can run the following command on your router:
root@OpenWrt:~# echo "src/gz mydev http://192.168.1.25/packages" >> /etc/opkg.conf
root@OpenWrt:~# opkg update
Install the newly compiled packages with:
root@OpenWrt:~# opkg install kmod-ipv6 hostapd libpthread sctp
==============================================
3) Missing packages:
==============================================
UPDATE: Starting from revision r22917, sctp and kmod-sctp are included in the OpenWRT distribution, and have been removed
from freeDiameter package. One may consider using a freeDiameter package prior to 2010/09/05 in order to get the sctp
package, or a more recent OpenWRT environment.
PREVIOUS SITUATION: If you are using components prior to 2010/09/05, the following applies:
P:
P: There are other dependencies for freeDiameter that are not provided by OpenWRT packages.
P: For convenience, we include these meta-packages in the freeDiameter distribution -- but they
P: might not be up-to-date.
P:
P: a) Adding the contributed directory to the feeds
P: Add the following line in your feeds.conf file:
P: src-link freediameter /path/to/freediameter/contrib/OpenWRT/packages/
P:
P: Then run:
P: $ scripts/feeds update
P:
P: This should allow you to install the missing dependencies as follow:
P:
P:
P: b) SCTP library (note: you might alternatively compile freeDiameter without SCTP support).
P: $ scripts/feeds install sctp
P:
P:
P: c) Select these components in the menu:
P: $ make menuconfig
P: - Libraries --->
P: sctp (M)
P:
P: Quit and save the new config, then:
P: $ make world
P:
P:
P: d) Install this on the router as well:
P: root@OpenWrt:~# opkg update
P: root@OpenWrt:~# opkg install sctp
==============================================
4) freediameter package:
==============================================
Now, your environment should be ready to compile the freeDiameter ipkg package.
$ scripts/feeds install freeDiameter
Note that in order to build this package, you need to have cmake & flex on your compilation machine.
$ make menuconfig
- Network --->
freeDiameter (M)
freeDiameter-test (M)
Quit and save the new config, then:
$ make world
On your router, run:
# opkg update
# opkg install freeDiameter

35
lib/freeDiameter/contrib/OpenWRT/others/D-Link_DIR-330_netconfig.patch Normal file
View File

@ -0,0 +1,35 @@
diff --git a/target/linux/brcm47xx/base-files/etc/init.d/netconfig b/target/linux/brcm47xx/base-files/etc/init.d/netconfig
index d7839b6..6446483 100755
--- a/target/linux/brcm47xx/base-files/etc/init.d/netconfig
+++ b/target/linux/brcm47xx/base-files/etc/init.d/netconfig
@@ -150,6 +150,30 @@ start() {
}
}
}
+ if (model == "D-Link DIR-330") { # boardtype is 0x0472, so we need to reset the parameters
+ # The switch is on eth1, this script defaults to switch on eth0, so we write the values directly instead.
+ print "#### DIR-330: eth1 must be up for configuring the switch "
+ print "config interface switchport"
+ print " option ifname \"eth1\""
+ print " option proto none"
+ print ""
+ print "config switch eth1"
+ print " option enable 1"
+ print ""
+ print "config switch_vlan eth1_0"
+ print " option device \"eth1\""
+ print " option vlan 0"
+ print " option ports \"0 1 2 3 5t\""
+ print ""
+ print "config switch_vlan eth1_1"
+ print " option device \"eth1\""
+ print " option vlan 1"
+ print " option ports \"4 5t\""
+ print ""
+ c["lan_ifname"] = "eth0.0"
+ c["wan_ifname"] = "eth0.1"
+ }
+
# Buffalo WBR-B11 and Buffalo WBR-G54
if (nvram["boardtype"] == "bcm94710ap") {
c["vlan0ports"] = "0 1 2 3 4 5u"

241
lib/freeDiameter/contrib/OpenWRT/packages/freeDiameter/Makefile Normal file
View File

@ -0,0 +1,241 @@
#
# Software License Agreement (BSD License)
#
# Copyright (c) 2013, WIDE Project and NICT
# All rights reserved.
#
# See LICENSE file from freeDiameter source package for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=freeDiameter
PKG_REV:=696
PKG_VERSION:=r$(PKG_REV)
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=hg
PKG_SOURCE_VERSION:=$(PKG_REV)
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.freediameter.net/hg/freeDiameter
# PKG_MD5SUM:=
PKG_FIXUP:=libtool
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
define Package/freeDiameter
SECTION:=freeDiameter
CATEGORY:=Network
TITLE:=freeDiameter
URL:=http://www.freediameter.net
DEPENDS:=+sctp +libgnutls +libpthread +kmod-ipv6
endef
define Package/freeDiameter-test
SECTION:=freeDiameter
CATEGORY:=Network
TITLE:=freeDiameter-test
URL:=http://www.freediameter.net
DEPENDS:=+freeDiameter
endef
define Package/freeDiameter/description
freeDiameter + RADIUS/Diameter gateway extension package.
endef
define Package/freeDiameter-test/description
The app_test.fdx extension for freeDiameter, useful only to perform some
tests between freeDiameter peers (ping-like for Diameter).
endef
define Package/freeDiameter/conffiles
/etc/freeDiameter/freeDiameter.conf
/etc/freeDiameter/rgw.conf
endef
define Build/Configure
IN_OPENWRT=1 \
AR="$(TARGET_CROSS)ar" \
AS="$(TARGET_CC) -c $(TARGET_CFLAGS)" \
LD="$(TARGET_CROSS)ld" \
NM="$(TARGET_CROSS)nm" \
CC="$(TARGET_CC)" \
GCC="$(TARGET_CC)" \
CXX="$(TARGET_CROSS)g++" \
RANLIB="$(TARGET_CROSS)ranlib" \
STRIP="$(TARGET_CROSS)strip" \
OBJCOPY="$(TARGET_CROSS)objcopy" \
OBJDUMP="$(TARGET_CROSS)objdump" \
TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
TARGET_CFLAGS="$(TARGET_CFLAGS)" \
TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
cmake \
-DCMAKE_PREFIX_PATH:PATH=$(STAGING_DIR)/usr \
-DCMAKE_INSTALL_PREFIX:PATH=/usr \
-DDIAMID_IDNA_REJECT:BOOL=ON \
-DBUILD_TESTING:BOOL=OFF \
-DCMAKE_BUILD_TYPE:STRING=DebianPackage \
-DDEFAULT_CONF_PATH:PATH=/etc/freeDiameter \
-DBUILD_APP_RADGW:BOOL=ON \
-DBUILD_DBG_MONITOR:BOOL=ON \
-DBUILD_TEST_APP:BOOL=ON \
VERBOSE=1 \
$(PKG_BUILD_DIR)/CMakeLists.txt
endef
TARGET_LDFLAGS := -L$(STAGING_DIR)/usr/lib $(TARGET_LDFLAGS)
define Package/freeDiameter/install
# binaries
$(INSTALL_DIR) $(1)/usr/bin
$(CP) \
$(PKG_INSTALL_DIR)/usr/bin/freeDiameterd* \
$(1)/usr/bin/
# libraries & extensions
$(INSTALL_DIR) $(1)/usr/lib/
$(CP) \
$(PKG_INSTALL_DIR)/usr/lib/* \
$(1)/usr/lib/
# Remove the test_app from the main package (see freeDiameter-test)
$(RM) $(1)/usr/lib/freeDiameter/test_app*
# configuration files
$(INSTALL_DIR) $(1)/etc/freeDiameter
$(INSTALL_CONF) \
$(PKG_BUILD_DIR)/doc/freediameter.conf.sample \
$(1)/etc/freeDiameter/freeDiameter.conf
$(SED) 's,TLS_Cred,#TLS_Cred,g' $(1)/etc/freeDiameter/freeDiameter.conf
echo "" >> $(1)/etc/freeDiameter/freeDiameter.conf
echo "### OPENWRT specific" >> $(1)/etc/freeDiameter/freeDiameter.conf
echo "TLS_Cred = \"/etc/freeDiameter/freeDiameter.pem\", \"/etc/freeDiameter/freeDiameter.key\";" \
>> $(1)/etc/freeDiameter/freeDiameter.conf
echo "TLS_CA = \"/etc/freeDiameter/freeDiameter.ca.pem\";" \
>> $(1)/etc/freeDiameter/freeDiameter.conf
echo "TLS_DH_File = \"/etc/freeDiameter/dh.pem\";" \
>> $(1)/etc/freeDiameter/freeDiameter.conf
echo "SCTP_streams = 3;" >> $(1)/etc/freeDiameter/freeDiameter.conf
echo "LoadExtension = \"dict_nasreq.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf
echo "LoadExtension = \"dict_eap.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf
echo "LoadExtension = \"app_radgw.fdx\":\"rgw.conf\";" \
>> $(1)/etc/freeDiameter/freeDiameter.conf
echo "# test_app.fdx provided in freeDiameter-test package:" \
>> $(1)/etc/freeDiameter/freeDiameter.conf
echo "# LoadExtension = \"test_app.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf
echo "## Add overrides below this point" >> $(1)/etc/freeDiameter/freeDiameter.conf
$(INSTALL_CONF) \
$(PKG_BUILD_DIR)/doc/app_radgw.conf.sample \
$(1)/etc/freeDiameter/rgw.conf
$(SED) 's,RGWX,#RGWX,g' $(1)/etc/freeDiameter/rgw.conf
echo "" >> $(1)/etc/freeDiameter/rgw.conf
echo "### OPENWRT specific" >> $(1)/etc/freeDiameter/rgw.conf
echo " RGWX = \"auth.rgwx\" : auth;" >> $(1)/etc/freeDiameter/rgw.conf
echo " RGWX = \"acct.rgwx\" : acct;" >> $(1)/etc/freeDiameter/rgw.conf
echo "" >> $(1)/etc/freeDiameter/rgw.conf
echo " cli = 127.0.0.1 / \"secret key\" ;" >> $(1)/etc/freeDiameter/rgw.conf
echo " auth_server_ip4 = 127.0.0.1;" >> $(1)/etc/freeDiameter/rgw.conf
echo " auth_server_ip6 = ::1 ;" >> $(1)/etc/freeDiameter/rgw.conf
echo " acct_server_ip4 = 127.0.0.1;" >> $(1)/etc/freeDiameter/rgw.conf
echo " acct_server_ip6 = ::1 ;" >> $(1)/etc/freeDiameter/rgw.conf
endef
define Package/freeDiameter-test/install
# Only the test_app extension
$(INSTALL_DIR) $(1)/usr/lib/freeDiameter/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeDiameter/test_app* \
$(1)/usr/lib/freeDiameter/
endef
define Package/freeDiameter/postinst
#!/bin/sh
# Test if the configuration file contains the local identity already
localid=`sed -n -r -e "s/^[[:space:]]*Identity[[:space:]]*=[[:space:]]*\"([^\"]*)\"[[:space:]]*;/\1/p" /etc/freeDiameter/freeDiameter.conf`
if [ -z "$$localid" ]; then
# Ask for the local name
echo -n "Full name of your access point? (openwrt.localdomain) : "
read localid
if [ -z "$$localid" ]; then
localid="openwrt.localdomain"
fi
echo "Identity = \"$$localid\";" >> /etc/freeDiameter/freeDiameter.conf
fi
# Is there already a ConnectPeer directive?
grep -q -E -e "^[[:space:]]*ConnectPeer[[:space:]]*=" /etc/freeDiameter/freeDiameter.conf
if [ "$$?" -eq "1" ]; then
echo -n "Diameter Identity of your Diameter server: "
read serverid
if [ -z "$$serverid" ]; then
echo "Skipped. Please add ConnectPeer directive to your /etc/freeDiameter/freeDiameter.conf file later."
else
echo -n "IP or IPv6 address of your Diameter server? (leave blank for dynamic resolution) "
read serverip
connstr=""
if [ -n "$$serverip" ]; then
connstr=" { ConnectTo = \"$$serverip\"; }"
fi
echo "ConnectPeer = \"$$serverid\"$$connstr;" >> /etc/freeDiameter/freeDiameter.conf
fi
fi
# Certificate configuration
if [ ! -f "/usr/bin/certtool" ]; then
echo "certtool is not installed, skipping creation of default certificate and DH parameters."
echo "The following files are expected by freeDiameter:"
echo " /etc/freeDiameter/freeDiameter.key"
echo " /etc/freeDiameter/freeDiameter.pem"
echo " /etc/freeDiameter/freeDiameter.ca.pem"
echo " /etc/freeDiameter/dh.pem"
exit 0
fi
if [ ! -f "/etc/freeDiameter/freeDiameter.key" ]; then
echo "Creating a new private key for freeDiameter, please wait"
certtool -p --outfile /etc/freeDiameter/freeDiameter.key
fi
if [ ! -f "/etc/freeDiameter/freeDiameter.pem" ]; then
echo "organization = freeDiameter" > /tmp/template.cnf
echo "unit = OpenWRT" >>/tmp/template.cnf
echo "state = internet" >>/tmp/template.cnf
echo "country = net" >>/tmp/template.cnf
echo "cn = $$localid" >>/tmp/template.cnf
echo "expiration_days = 3650" >>/tmp/template.cnf
echo "signing_key" >>/tmp/template.cnf
echo "encryption_key" >>/tmp/template.cnf
if [ ! -f "/etc/freeDiameter/freeDiameter.csr" ]; then
echo "Creating a new CSR (use if you have a separate CA)"
certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \
--outfile /etc/freeDiameter/freeDiameter.csr \
--template /tmp/template.cnf
fi
echo "Creating a new certificate for freeDiameter"
certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \
--outfile /etc/freeDiameter/freeDiameter.pem \
--template /tmp/template.cnf
rm -f /tmp/template.cnf
cat /etc/freeDiameter/freeDiameter.pem >> /etc/freeDiameter/freeDiameter.ca.pem
echo "Done."
echo "========================================================================"
echo "To enable TLS communication, you should either:"
echo " - use a real certificate signed by your server's CA:"
echo " Use the CSR provided in /etc/freeDiameter/freeDiameter.csr"
echo " Save the new certificate as /etc/freeDiameter/freeDiameter.pem"
echo " Replace the contents of /etc/freeDiameter/freeDiameter.ca.pem with your CA's certificate"
echo " - or, declare the certificates as trusted as follow: "
echo " Add your server's CA certificate into /etc/freeDiameter/freeDiameter.ca.pem"
echo " Add the content of /etc/freeDiameter/freeDiameter.pem into your server's trusted CA file"
echo "========================================================================"
fi
if [ ! -f "/etc/freeDiameter/dh.pem" ]; then
echo "Creating new Diffie-Hellman parameters file. This operation takes a while..."
certtool --generate-dh-params --outfile /etc/freeDiameter/dh.pem
echo "Done."
fi
echo "freeDiameter configuration completed and stored in /etc/freeDiameter/."
endef
$(eval $(call BuildPackage,freeDiameter))
$(eval $(call BuildPackage,freeDiameter-test))

19
lib/freeDiameter/contrib/OpenWRT/packages/freeDiameter/patches/01-freeDiameter-OpenWRT.patch Normal file
View File

@ -0,0 +1,19 @@
diff -Nur freeDiameter/CMakeLists.txt freeDiameter-OpenWRT/CMakeLists.txt
--- freeDiameter/CMakeLists.txt 2010-08-13 16:19:35.000000000 +0900
+++ freeDiameter-OpenWRT/CMakeLists.txt 2010-08-13 16:21:32.000000000 +0900
@@ -51,6 +51,14 @@
SET(DEBUG 1)
ENDIF (CMAKE_BUILD_TYPE MATCHES "Debug|Profiling|DebugValgrind")
+# OpenWRT
+SET(IN_OPENWRT $ENV{IN_OPENWRT})
+IF (IN_OPENWRT)
+ ADD_DEFINITIONS("$ENV{TARGET_LDFLAGS}" "$ENV{TARGET_CPPFLAGS}" "$ENV{TARGET_CFLAGS}")
+ INCLUDE_DIRECTORIES("$ENV{TARGET_LDFLAGS}" "$ENV{TARGET_CPPFLAGS}" "$ENV{TARGET_CFLAGS}")
+ENDIF(IN_OPENWRT)
+
+
# some subfolders use yacc and lex parsers
SET(BISON_GENERATE_DEFINES TRUE)
SET(BISON_PREFIX_OUTPUTS TRUE)
Binary files freeDiameter/.hg/dirstate and freeDiameter-OpenWRT/.hg/dirstate differ

15
lib/freeDiameter/contrib/OpenWRT/test_required/Makefile Normal file
View File

@ -0,0 +1,15 @@
OWRT_ENV_ROOT=/root/openwrt-env/openwrt
STAGING_UCLIBC_ROOT=$(OWRT_ENV_ROOT)/staging_dir/target-mipsel_uClibc-0.9.31
STAGING_GCC_ROOT=$(OWRT_ENV_ROOT)/staging_dir/toolchain-mipsel_gcc-4.3.3+cs_uClibc-0.9.31
CFLAGS=-Os -pipe -mips32 -mtune=mips32 -funit-at-a-time -fhonour-copts -msoft-float -I$(STAGING_UCLIBC_ROOT)/usr/include -I$(STAGING_UCLIBC_ROOT)/include -I$(STAGING_GCC_ROOT)/usr/include -I$(STAGING_GCC_ROOT)/include
LDFLAGS=-L$(STAGING_UCLIBC_ROOT)/usr/lib -L$(STAGING_UCLIBC_ROOT)/lib -L$(STAGING_GCC_ROOT)/usr/lib -L$(STAGING_GCC_ROOT)/lib
GCC=mipsel-openwrt-linux-uclibc-gcc
PATH:=$(STAGING_GCC_ROOT)/bin/:$(PATH)
testcase: testcase.o
$(GCC) $(LDFLAGS) -lpthread testcase.o -o testcase
testcase.o: testcase.c
$(GCC) $(CFLAGS) -o testcase.o -c testcase.c

90
lib/freeDiameter/contrib/OpenWRT/test_required/testcase.c Normal file
View File

@ -0,0 +1,90 @@
#include <pthread.h>
#include <stdio.h>
#include <strings.h>
#include <assert.h>
static pthread_barrier_t bar;
static pthread_mutex_t mtx = PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t cnd = PTHREAD_COND_INITIALIZER;
static int called = 0;
#ifndef ASSERT
#define ASSERT(x) assert(x)
#endif /* ASSERT */
static void cleanupmutex(void * arg)
{
printf("cancelation cleanup handler called\n");
if (arg) {
ASSERT( pthread_mutex_unlock((pthread_mutex_t *)arg) == 0 );
called++;
}
}
static void * mythread(void * a)
{
int ret;
/* lock mutex */
ASSERT( pthread_mutex_lock(&mtx) == 0 );
/* Push cleanup */
pthread_cleanup_push(cleanupmutex, &mtx);
printf("thread synchronization (mutex acquired)\n");
/* Wake the other thread */
ret = pthread_barrier_wait(&bar);
ASSERT( (ret == 0) || (ret == PTHREAD_BARRIER_SERIAL_THREAD) );
/* Now wait for the condition, this unlocks the mutex */
do {
printf("thread waiting cond\n");
ASSERT( pthread_cond_wait(&cnd, &mtx) == 0);
printf("thread woken\n");
} while (1);
/* Cleanup, never reached */
pthread_cleanup_pop(1);
return NULL;
}
int main(int argc, char * argv[])
{
int ret;
pthread_t thr;
void * dummy;
/* initialize the barrier */
ASSERT( pthread_barrier_init(&bar, NULL, 2) == 0 );
printf("Creating thread\n");
/* Create the thread */
ASSERT( pthread_create(&thr, NULL, mythread, NULL) == 0 );
printf("main synchronization\n");
ret = pthread_barrier_wait(&bar);
ASSERT( (ret == 0) || (ret == PTHREAD_BARRIER_SERIAL_THREAD) );
ASSERT( pthread_mutex_lock(&mtx) == 0 );
printf("main: thread is now waiting for condvar\n");
/* Cancel the thread */
ASSERT( pthread_cancel(thr) == 0 );
/* Now, unlock, so that the thread can actually really exit */
ASSERT( pthread_mutex_unlock(&mtx) == 0 );
/* Release thread resources */
ASSERT( pthread_join(thr, &dummy) == 0 );
if (called == 1)
printf("Test successful!\n");
else
printf("Test failed! Cleanup was not called (& lock not released)\n");
return 0;
}

149
lib/freeDiameter/contrib/PKI/ca_script/Makefile Normal file
View File

@ -0,0 +1,149 @@
#!/usr/bin/make -s
#
# This file is designed to automatize the CA tasks such as:
# -> init : create the initial CA tree and the CA root certificate.
# -> newcsr: create a new private key and csr. $name and $email must be set. C, ST, L, O, OU may be overwitten (example: make newcsr C=FR)
# -> cert : sign a pending CSR and generate the certificate. $name must be provided.
# -> revoke: revoke a certificate. $name must be provided.
# -> gencrl: update/create the CRL.
#
# The file should be located in the directory STATIC_DIR as defined below.
# The DIR directory will contain the data of the CA. It might be placed in /var.
# The DIR should also be configured in openssl.cnf file under [ CA_default ]->dir.
#
# Here are the steps to install the CA scripts in default environment:
## mkdir /etc/openssl-ca.static
## cp Makefile openssl.cnf /etc/openssl-ca.static
# ( configure the default parameters of your CA in /etc/openssl-ca/openssl.cnf ) ##
## mkdir /etc/openssl-ca
## make -f /etc/openssl-ca.static/Makefile destroy force=y
## cd /etc/openssl-ca
## make init
## make help
DIR = /home/thedoc/testbed.aaa/ca
STATIC_DIR = /home/thedoc/testbed.aaa/ca
CONFIG = -config $(DIR)/openssl.cnf
#Defaults for new CSR
C = JP
ST = Tokyo
L = Koganei
O = WIDE
OU = "AAA WG"
#Default lifetime
DAYS = 365
#Values for the CA
CA_CN = mgr.testbed.aaa
CA_mail = sdecugis@freediameter.net
#Disable "make destroy"
force =
# Default: print the help
all: help
# Help message
help:
@echo "\n\
Default values (can be overwritten on command-line):\n\
[C=$(C)] [ST=$(ST)] [L=$(L)] [O=$(O)] [OU=$(OU)]\n\
[CA_CN=$(CA_CN)] [CA_mail=$(CA_mail)]\n\n\
Available commands:\n\
make init\n\
Creates the initial CA structure in $(DIR)\n\
make gencrl\n\
Regenerates the CRL. Should be run at least once a month.\n\
make newcsr name=foo email=b@r [type=ca]\n\
Create private key and csr in clients subdir (named foo.*)\n\
make cert name=foo\n\
Signs the CSR foo.csr and creates the certificate foo.cert.\n\
make revoke name=foo\n\
Revokes the certificate foo.cert and regenerates the CRL.\n\
\n\
Notes:\n\
Content from public-www should be available from Internet. \n\
The URL to CRL should be set in openssl.cnf.\n\
A cron job should execute make gencrl once a month.\n\
";
# Destroy the CA completely. Use with care.
destroy:
@if [ -z "$(force)" ]; then echo "Restart disabled, use: make destroy force=y"; exit 1; fi
@if [ ! -d $(STATIC_DIR) ]; then echo "Error in setup"; exit 1; fi
@echo "Removing everything (for debug purpose)..."
@rm -rf $(DIR)/*
@ln -sf $(STATIC_DIR)/Makefile $(DIR)
@ln -sf $(STATIC_DIR)/openssl.cnf $(DIR)
# Initialize the CA structure and keys.
init:
@if [ -d $(DIR)/private ]; then echo "CA already initialized."; exit 1; fi
@echo "Creating CA structure..."
@mkdir $(DIR)/crl
@mkdir $(DIR)/certs
@mkdir $(DIR)/newcerts
@mkdir $(DIR)/public-www
@mkdir $(DIR)/private
@chmod 700 $(DIR)/private
@mkdir $(DIR)/clients
@mkdir $(DIR)/clients/privkeys
@mkdir $(DIR)/clients/csr
@mkdir $(DIR)/clients/certs
@echo "01" > $(DIR)/serial
@touch $(DIR)/index.txt
@openssl req $(CONFIG) -new -batch -x509 -days 3650 -nodes -newkey rsa:2048 -out $(DIR)/public-www/cacert.pem \
-keyout $(DIR)/private/cakey.pem -subj /C=$(C)/ST=$(ST)/L=$(L)/O=$(O)/OU=$(OU)/CN=$(CA_CN)/emailAddress=$(CA_mail)
@ln -s $(DIR)/public-www/cacert.pem $(DIR)/certs/`openssl x509 -noout -hash < $(DIR)/public-www/cacert.pem`.0
@$(MAKE) -f $(DIR)/Makefile gencrl
# Regenerate the Certificate Revocation List.
# This list should be available publicly
gencrl:
@openssl ca $(CONFIG) -gencrl -out $(DIR)/public-www/crl.pem
@ln -sf $(DIR)/public-www/crl.pem $(DIR)/crl/`openssl crl -noout -hash < $(DIR)/public-www/crl.pem`.r0
# Create a new private key and a CSR, in case the client does not provide the CSR by another mean.
# Usage is: make newcsr name=peer.client.fqdn email=admin@client.fqdn
newcsr:
@if [ -z "$(name)" -o -z "$(email)" ]; then echo "Please provide certificate name and email address: make newcsr name=mn.nautilus.org email=you@mail.com"; exit 1; fi
@if [ -e $(DIR)/clients/csr/$(name).csr ]; then echo "There is already a pending csr for this name."; exit 1; fi
@if [ ! -e $(DIR)/clients/privkeys/$(name).key.pem ]; \
then echo "Generating a private key for $(name) ..."; \
openssl genrsa -out $(DIR)/clients/privkeys/$(name).key.pem 1024; \
fi;
@echo "Creating the CSR in $(DIR)/clients/csr/$(name).csr";
@openssl req $(CONFIG) -new -batch -out $(DIR)/clients/csr/$(name).csr \
-key $(DIR)/clients/privkeys/$(name).key.pem \
-subj /C=$(C)/ST=$(ST)/L=$(L)/O=$(O)/OU=$(OU)/CN=$(name)/emailAddress=$(email)
# Process a CSR to create a x509 certificate. The certificate is valid for 1 year.
# It should be sent to the client by any mean.
cert:
@if [ -z "$(name)" ]; then echo "name must be provided: make cert name=mn.n6.org"; exit 1; fi
@if [ ! -e $(DIR)/clients/csr/$(name).csr ]; then echo "Could not find CSR in $(DIR)/clients/csr/$(name).csr."; exit 1; fi
@if [ -e $(DIR)/clients/certs/$(name).cert ]; \
then echo "Revoking old certificate..."; \
$(MAKE) revoke name=$(name); \
fi;
@openssl ca $(CONFIG) -in $(DIR)/clients/csr/$(name).csr \
-out $(DIR)/clients/certs/$(name).cert \
-days $(DAYS) \
-batch
@ln -s $(DIR)/clients/certs/$(name).cert $(DIR)/certs/`openssl x509 -noout -hash < $(DIR)/clients/certs/$(name).cert`.0
# Revoke a certificate.
revoke:
@if [ -z "$(name)" ]; then echo "name must be provided: make revoke name=mn.n6.org"; exit 1; fi
@if [ ! -e $(DIR)/clients/certs/$(name).cert ]; \
then echo "$(DIR)/clients/certs/$(name).cert not found"; \
exit 1; \
fi;
@openssl ca $(CONFIG) -revoke $(DIR)/clients/certs/$(name).cert;
@rm -f $(DIR)/certs/`openssl x509 -noout -hash < $(DIR)/clients/certs/$(name).cert`.0
@$(MAKE) gencrl
# End of file...

315
lib/freeDiameter/contrib/PKI/ca_script/openssl.cnf Normal file
View File

@ -0,0 +1,315 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = /etc/openssl-ca # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/public-www/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
# crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/public-www/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
# policy = policy_match
policy = policy_anything
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = fdsecret
# output_password = fdsecret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = JP
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Tokyo
localityName = Locality Name (eg, city)
localityName_default = Koganei
0.organizationName = Organization Name (eg, company)
0.organizationName_default = WIDE
# we can do this but it is not needed normally :-)
1.organizationName = Second Organization Name (eg, company)
1.organizationName_default = NICT
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = AAA WG
commonName = Common Name (i.e. Diameter Agent hostname)
commonName_max = 64
emailAddress = Email Address (i.e. Diameter agent administrator)
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 0
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

178
lib/freeDiameter/contrib/PKI/ca_script2/Makefile Normal file
View File

@ -0,0 +1,178 @@
#!/usr/bin/make -s
#
# This file is inspired from freeDiameter's contrib/ca_script and
# improved to handle multiple CA in a hierarchical fashion.
# Warning: the directory structure is flat, does not reflect the CA hierarchy
SCRIPT_DIR = .
DATA_DIR = ./ca_data
CONFIG = -config $(SCRIPT_DIR)/openssl.cnf
REMAKE = $(MAKE) -f $(SCRIPT_DIR)/Makefile
#Disable "make destroy" -- overwrite on command line
force =
#RSA key sizes, can be overwritten on command line
cakeysize = 2048
keysize = 1024
# Save current date
DATE=`date +%Y%m%d-%H%M%S`
# Default: print the help
all: help
# Help message
help:
@echo "\n\
Available commands:\n\
make init topca=name\n\
Creates the initial top-level CA structure\n\
make newca name=newcaname ca=parentca\n\
Creates a new sub-CA that can be used for certificates later.\n\
make newcert name=foo ca=parentca\n\
Create private key and csr, then issue the certificate (named foo.*)\n\
make p12 name=foo ca=parentca\n\
Same as newcert, but additionnaly creates a pkcs12 file to ship client certificate to Windows or Mac\n\
make ship name=foo ca=parentca\n\
Create an archive with the data for the client (useful for freeDiameter peers)\n\
make revoke name=foo ca=parentca\n\
Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\
make gencrl ca=caname\n\
Regenerates the CRL of CA caname. Should be run periodically.\n\
\n\
";
# Destroy the CA hierarchy completely. Use with care.
destroy:
@if [ -z "$(force)" ]; then echo "Destroy disabled, use: make destroy force=y"; exit 1; fi
@if [ ! -d $(SCRIPT_DIR) ]; then echo "Error in setup"; exit 1; fi
@echo "Removing everything (for debug purpose)..."
@rm -rf $(DATA_DIR)/*
# Initialize the CA structure
structure:
@if [ -z "$(caname)" ]; then echo "Internal error: caname is missing"; exit 1; fi
@if [ -d $(DATA_DIR)/$(caname) ]; then echo "CA $(caname) already exists."; exit 1; fi
# Creating CA structure
@mkdir -p $(DATA_DIR)/$(caname)
@mkdir $(DATA_DIR)/$(caname)/public
@mkdir $(DATA_DIR)/$(caname)/public/crl
@mkdir $(DATA_DIR)/$(caname)/private
@chmod 700 $(DATA_DIR)/$(caname)/private
@mkdir $(DATA_DIR)/$(caname)/clients
@echo "01" > $(DATA_DIR)/$(caname)/serial
@echo "01" > $(DATA_DIR)/$(caname)/crlnumber
@touch $(DATA_DIR)/$(caname)/index.txt
# Initialize the top-level CA structure and keys.
init:
@if [ -z "$(topca)" ]; then echo "Please specify the name of the root CA. Ex: make init topca=rootca.testbed.aaa"; exit 1; fi
# Create the folder hierarchy
@$(REMAKE) structure caname=$(topca)
# Generate the self-signed certificate
@CA_ROOT_DIR=$(DATA_DIR)/$(topca) openssl req $(CONFIG) -new -batch -x509 -days 3650 -nodes -newkey rsa:$(cakeysize) -out $(DATA_DIR)/$(topca)/public/cacert.pem \
-keyout $(DATA_DIR)/$(topca)/private/cakey.pem -extensions ca_cert -subj /CN=$(topca)
@ln -s cacert.pem $(DATA_DIR)/$(topca)/public/`openssl x509 -noout -hash < $(DATA_DIR)/$(topca)/public/cacert.pem`.0
@touch $(DATA_DIR)/$(topca)/public/cachain.pem
@ln -s ../../$(topca)/public/cacert.pem $(DATA_DIR)/$(topca)/public/caroot.pem
@$(REMAKE) gencrl ca=$(topca)
# Create a secondary CA
newca:
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make newca name=subca.testbed.aaa ca=rootca.testbed.aaa"; exit 1; fi
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
@if [ ! -d $(DATA_DIR)/$(name) ]; then $(REMAKE) structure caname=$(name); fi
# Generate the private key and CSR for the new CA if needed
@if [ ! -e $(DATA_DIR)/$(name)/private/cakey.pem ]; then \
openssl genrsa -out $(DATA_DIR)/$(name)/private/cakey.pem $(cakeysize) ; fi
@if [ ! -e $(DATA_DIR)/$(name)/private/cacsr.pem ]; then \
CA_ROOT_DIR=$(DATA_DIR)/$(name) openssl req $(CONFIG) -new -batch -out $(DATA_DIR)/$(name)/private/cacsr.pem \
-key $(DATA_DIR)/$(name)/private/cakey.pem \
-subj /CN=$(name) -reqexts v3_req_ca; fi
# Revoke a previous certificate for this CA if any
@if [ -e $(DATA_DIR)/$(name)/public/cacert.pem ]; then \
echo "Revoking previous certificate ..."; \
$(REMAKE) revoke name=$(name) ca=$(ca); \
mv $(DATA_DIR)/$(name)/public/cacert.pem $(DATA_DIR)/$(name)/public/cacert-$(DATE).pem; fi
# Issue the new CA certificate
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -in $(DATA_DIR)/$(name)/private/cacsr.pem \
-out $(DATA_DIR)/$(name)/public/cacert.pem \
-batch -extensions ca_cert
# Hash and link to parent
@ln -s cacert.pem $(DATA_DIR)/$(ca)/public/`openssl x509 -noout -hash < $(DATA_DIR)/$(name)/public/cacert.pem`.0
@rm -f $(DATA_DIR)/$(name)/parent
@ln -s ../$(ca) $(DATA_DIR)/$(name)/parent
@cat $(DATA_DIR)/$(name)/public/cacert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(name)/public/cachain.pem
@ln -s ../../$(ca)/public/caroot.pem $(DATA_DIR)/$(name)/public/caroot.pem
@for CRLFILE in `cd $(DATA_DIR)/$(ca)/public/crl && ls -1`; do ln -sf ../../../$(ca)/public/crl/$$CRLFILE $(DATA_DIR)/$(name)/public/crl/$$CRLFILE; done
@$(REMAKE) gencrl ca=$(name)
# Create a new certificate for use in TLS communications and other terminal usages
newcert:
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make newcert name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
@if [ ! -d $(DATA_DIR)/$(ca)/clients/$(name) ]; then mkdir $(DATA_DIR)/$(ca)/clients/$(name); fi
# Create a private key if needed
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then \
openssl genrsa -out $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem $(keysize); fi
# Create a CSR if needed
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/csr.pem ]; then \
CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl req $(CONFIG) -new -batch -out $(DATA_DIR)/$(ca)/clients/$(name)/csr.pem \
-key $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \
-subj /CN=$(name); fi
# Revoke a previous certificate if any
@if [ -e $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem ]; then \
$(REMAKE) revoke name=$(name) ca=$(ca); \
mv $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/clients/$(name)/cert-$(DATE).pem; fi
# Now sign the new certificate with the CA key
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -in $(DATA_DIR)/$(ca)/clients/$(name)/csr.pem \
-out $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem \
-batch
# Hash
@ln -sf `cat $(DATA_DIR)/$(ca)/serial.old`.pem $(DATA_DIR)/$(ca)/public/`openssl x509 -noout -hash < $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem`.0
# Compiled informations for the client
@cat $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem
@ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl
@ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem
# Create a PKCS#12 file containing the client's information
p12: newcert
# Create the PKCS#12 file
@cat $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \
$(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem \
$(DATA_DIR)/$(ca)/clients/$(name)/ca.pem \
| openssl pkcs12 -export -out $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12
@echo "Client certificate is created in $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12"
# Create an archive to send the data to the client node
ship:
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then echo "The client $(name) does not exist, use 'make newcert' first."; exit 1; fi
# Ship the data
@tar -c -C $(DATA_DIR)/$(ca)/clients/$(name) -z -f $(ca)_$(name).tar.gz -h .
@echo "The files have been packaged into archive: $(ca)_$(name).tar.gz"
# Revoke a certificate
revoke:
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make revoke name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem ]; \
then echo "$(DATA_DIR)/$(ca)/clients/$(name)/cert.pem not found"; \
exit 1; \
fi;
# Revoke the certificate
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -revoke $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem;
@$(REMAKE) gencrl ca=$(ca)
# Regenerate the Certificate Revocation List.
gencrl:
@if [ -z "$(ca)" ]; then echo "Missing parameter. Ex: make gencrl ca=ca.testbed.aaa"; exit 1; fi
# Create the CRL
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -gencrl -out $(DATA_DIR)/$(ca)/public/crl/$(ca).pem
@ln -s crl/$(ca).pem $(DATA_DIR)/$(ca)/public/local.pem
@ln -s local.pem $(DATA_DIR)/$(ca)/public/`openssl crl -noout -hash < $(DATA_DIR)/$(ca)/public/crl/$(ca).pem`.r0
# End of file...

120
lib/freeDiameter/contrib/PKI/ca_script2/openssl.cnf Normal file
View File

@ -0,0 +1,120 @@
# Note: for this file to be working, an environment var CA_ROOT_DIR = directory
# must be defined and pointing to the CA top-level directory.
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
####################################################################
[ req ]
default_bits = 1024
# default_keyfile = privkey.pem
string_mask = utf8only
distinguished_name = req_distinguished_name
attributes = req_attributes
req_extensions = v3_req # overwrite with -reqexts
x509_extensions = ca_cert # overwrite with -extensions; used for self-signed keys only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = JP
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Tokyo
localityName = Locality Name (eg, city)
localityName_default = Koganei
0.organizationName = Organization Name (eg, company)
0.organizationName_default = WIDE
1.organizationName = Second Organization Name (eg, company)
1.organizationName_default = NICT
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = AAA WG testbed
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 0
challengePassword_max = 20
unstructuredName = An optional company name
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_req_ca ]
# Extensions to add to a certificate request for CA
basicConstraints = CA:TRUE
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = $ENV::CA_ROOT_DIR # Where everything is kept
certs = $dir/public # Where the issued certs are kept
crl_dir = $dir/public # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/public # default place for new certs.
certificate = $dir/public/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
crl = $dir/public/local.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
x509_extensions = usr_cert # The extentions to add to the cert
# overwrite with -extensions
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 365 # how long before next CRL
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
# We accept to sign anything, but a real deployment would limit to proper domain etc...
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ usr_cert ]
basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ ca_cert ]
# Extensions for a typical CA
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true # Remove "critical," in case of problems
keyUsage = cRLSign, keyCertSign
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

284
lib/freeDiameter/contrib/PKI/phpki-0.82.patch Normal file
View File

@ -0,0 +1,284 @@
diff -Nur phpki-0.82/ca/main.php phpki-0.82-fD/ca/main.php
--- phpki-0.82/ca/main.php 2005-11-17 10:17:20.000000000 +0900
+++ phpki-0.82-fD/ca/main.php 2010-05-27 17:04:44.000000000 +0900
@@ -36,7 +36,7 @@
else {
?>
<font color=#ff0000>
- <h2>There was an error updating the Certificate Revocation List.</h2></font><br>
+ <h2>There was an error updating the Certificate Revocation List.</h2></font><br />
<blockquote>
<h3>Debug Info:</h3>
<pre><?=$errtxt?></pre>
@@ -53,8 +53,11 @@
default:
printHeader('ca');
?>
- <br>
- <br>
+ <br />
+ <br />
+
+ <center><h3>For <span style="color: #FF0000;">freeDiameter</span> specific instructions, scroll down this page...</h3></center><br />
+
<center>
<table class=menu width=600><th class=menu colspan=2><big>CERTIFICATE MANAGEMENT MENU</big></th>
@@ -89,7 +92,57 @@
</table>
</center>
- <br><br>
+ <br /><br />
+ <center>
+ <table class=menu width=900><th class=menu colspan=2><big>FREEDIAMETER INSTRUCTIONS</big></th>
+ <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
+ Create a new certificate</td>
+
+ <td>Use the <strong><cite>Create a New Certificate</cite></strong> link in previous table to request a new certificate. Fill the form as follow:
+ <ul>
+ <li><strong>Common Name</strong>: use your new freeDiameter identity (usually the FQDN).</li>
+ <li><strong>E-mail Address</strong>: Provide your address so that you can be contacted in case of inquiry.</li>
+ <li><strong>Organization</strong>: use "freeDiameter testbed" for example.</li>
+ <li><strong>Certificate Password</strong>: Do not loose the password you provide, you'll need it in the next step. <br />
+ The password must be >= 8 chars.</li>
+ <li>The other fields can be filled at your taste.</li>
+ </ul>
+ Once you have validated, you can check the values, and then proceed to download the new certificate and private key.
+ You will receive a file in PEM format. Let's call this file <em>mycertprotected.pem</em>.
+ It contains:
+ <ul>
+ <li>Your password-protected RSA private key.</li>
+ <li>Your certificate in PEM format.</li>
+ <li>The CA certificate.</li>
+ </ul></td></tr>
+
+ <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
+ Split the file</td>
+
+ <td>In order to use the information with freeDiameter daemon, you must transform the data as follow:
+ <ul>
+ <li><strong>Decode the private key</strong>: <br />
+ <code>openssl rsa -in <em>mycertprotected.pem</em> -out /etc/ssl/private/freeDiameter.key</code><br />
+ OpenSSL will ask for the password you entered when creating the certificate.</li>
+ <li><strong>Extract your certificate</strong>: <br />
+ <code>openssl x509 -in <em>mycertprotected.pem</em> > /etc/ssl/certs/freeDiameter.pem</code></li>
+ <li><strong>Get the CA certificate</strong>: <br />
+ <code>wget --no-check-certificate "$config[base_url]index.php?stage=dl_root" -O /etc/ssl/certs/freeDiameter_testbed_CA.pem</code></li>
+ </ul>
+ Note: for the last step, you could also extract it directly from the PEM file you received.<br />
+ Note: the CRL is also available from the website, but this feature is not tested yet.</td></tr>
+
+ <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
+ Configure freeDiameter</td>
+
+ <td>Here is the configuration related to TLS that you should set in your <em>/etc/freeDiameter/freeDiameter.conf</em> file:
+ <blockquote>TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";<br />
+TLS_CA = "/etc/ssl/certs/freeDiameter_testbed_CA.pem";</blockquote></td></tr>
+
+
+ </table>
+ </center>
+ <br /><br />
<?
printFooter();
}
diff -Nur phpki-0.82/ca/request_cert.php phpki-0.82-fD/ca/request_cert.php
--- phpki-0.82/ca/request_cert.php 2007-01-04 14:45:09.000000000 +0900
+++ phpki-0.82-fD/ca/request_cert.php 2010-05-27 16:59:16.000000000 +0900
@@ -197,6 +197,7 @@
switch($cert_type) {
case 'server':
+ case 'freediameter':
upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert');
break;
case 'email':
@@ -225,7 +226,7 @@
if (! $email) $email = "";
if (! $expiry) $expiry = 1;
if (! $keysize) $keysize = 1024;
- if (! $cert_type) $cert_type = 'email';
+ if (! $cert_type) $cert_type = 'freediameter';
printHeader();
?>
@@ -302,13 +303,14 @@
<td>Certificate Use: </td>
<td><select name=cert_type>
<?
- print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
- print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
- print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
- print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
- print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
- print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
- print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
+ print '<option value="email" disabled '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
+ print '<option value="email_signing" disabled '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
+ print '<option value="server" disabled '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
+ print '<option value="freediameter" '.($cert_type=='freediameter'?'selected':'').'>freeDiameter node</option>';
+ print '<option value="vpn_client" disabled '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
+ print '<option value="vpn_server" disabled '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
+ print '<option value="vpn_client_server" disabled '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
+ print '<option value="time_stamping" disabled '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
diff -Nur phpki-0.82/include/openssl_functions.php phpki-0.82-fD/include/openssl_functions.php
--- phpki-0.82/include/openssl_functions.php 2007-01-04 15:47:57.000000000 +0900
+++ phpki-0.82-fD/include/openssl_functions.php 2010-05-27 16:59:57.000000000 +0900
@@ -69,6 +69,13 @@
default_days = 365
policy = policy_supplied
+[ freediameter_cert ]
+x509_extensions = freediameter_ext
+default_days = 730
+policy = policy_supplied
+
+
+
[ vpn_cert ]
x509_extensions = vpn_client_server_ext
default_days = 365
@@ -152,6 +159,24 @@
nsRevocationUrl = ns_revoke_query.php?
nsCaPolicyUrl = $config[base_url]policy.html
+[ freediameter_ext ]
+basicConstraints = CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = critical, serverAuth, clientAuth
+nsCertType = critical, server, client
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+subjectAltName = DNS:$common_name,email:copy
+issuerAltName = issuer:copy
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
+nsComment = \"PHPki/OpenSSL Generated Secure Certificate for freeDiameter\"
+nsBaseUrl = $config[base_url]
+nsRevocationUrl = ns_revoke_query.php?
+nsCaPolicyUrl = $config[base_url]policy.html
+
+
+
+
[ time_stamping_ext ]
basicConstraints = CA:false
keyUsage = critical, nonRepudiation, digitalSignature
diff -Nur phpki-0.82/openssl.cnf phpki-0.82-fD/openssl.cnf
--- phpki-0.82/openssl.cnf 2006-07-23 00:33:34.000000000 +0900
+++ phpki-0.82-fD/openssl.cnf 2010-05-27 17:00:33.000000000 +0900
@@ -39,6 +39,11 @@
default_days = 365
policy = policy_supplied
+[ freediameter_cert ]
+x509_extensions = freediameter_ext
+default_days = 730
+policy = policy_supplied
+
[ vpn_cert ]
x509_extensions = vpn_client_server_ext
default_days = 365
@@ -115,6 +120,23 @@
nsRevocationUrl = ns_revoke_query.php?
nsCaPolicyUrl = http://www.somewhere.com/phpki/policy.html
+[ freediameter_ext ]
+basicConstraints = CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = critical, serverAuth, clientAuth
+nsCertType = critical, server, client
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+subjectAltName = DNS:$common_name,email:copy
+issuerAltName = issuer:copy
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
+nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter"
+nsBaseUrl = $config[base_url]
+nsRevocationUrl = ns_revoke_query.php?
+nsCaPolicyUrl = $config[base_url]policy.html
+
+
+
[ vpn_client_ext ]
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature
diff -Nur phpki-0.82/setup.php phpki-0.82-fD/setup.php
--- phpki-0.82/setup.php 2007-07-22 23:34:08.000000000 +0900
+++ phpki-0.82-fD/setup.php 2010-05-27 17:01:41.000000000 +0900
@@ -339,6 +339,11 @@
default_days = 365
policy = policy_supplied
+[ freediameter_cert ]
+x509_extensions = freediameter_ext
+default_days = 730
+policy = policy_supplied
+
[ vpn_cert ]
x509_extensions = vpn_client_server_ext
default_days = 365
@@ -418,6 +423,22 @@
nsRevocationUrl = ns_revoke_query.php?
nsCaPolicyUrl = $config[base_url]policy.html
+[ freediameter_ext ]
+basicConstraints = CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = critical, serverAuth, clientAuth
+nsCertType = critical, server, client
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+subjectAltName = DNS:$common_name,email:copy
+issuerAltName = issuer:copy
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
+nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter"
+nsBaseUrl = $config[base_url]
+nsRevocationUrl = ns_revoke_query.php?
+nsCaPolicyUrl = $config[base_url]policy.html
+
+
[ time_stamping_ext ]
basicConstraints = CA:false
keyUsage = critical, nonRepudiation, digitalSignature
diff -Nur phpki-0.82/setup.php-presetup phpki-0.82-fD/setup.php-presetup
--- phpki-0.82/setup.php-presetup 2007-07-22 23:34:08.000000000 +0900
+++ phpki-0.82-fD/setup.php-presetup 2010-05-27 17:01:41.000000000 +0900
@@ -339,6 +339,11 @@
default_days = 365
policy = policy_supplied
+[ freediameter_cert ]
+x509_extensions = freediameter_ext
+default_days = 730
+policy = policy_supplied
+
[ vpn_cert ]
x509_extensions = vpn_client_server_ext
default_days = 365
@@ -418,6 +423,22 @@
nsRevocationUrl = ns_revoke_query.php?
nsCaPolicyUrl = $config[base_url]policy.html
+[ freediameter_ext ]
+basicConstraints = CA:false
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = critical, serverAuth, clientAuth
+nsCertType = critical, server, client
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always, issuer:always
+subjectAltName = DNS:$common_name,email:copy
+issuerAltName = issuer:copy
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
+nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter"
+nsBaseUrl = $config[base_url]
+nsRevocationUrl = ns_revoke_query.php?
+nsCaPolicyUrl = $config[base_url]policy.html
+
+
[ time_stamping_ext ]
basicConstraints = CA:false
keyUsage = critical, nonRepudiation, digitalSignature

59
lib/freeDiameter/contrib/README Normal file
View File

@ -0,0 +1,59 @@
This file describes the content of the "contrib" directory.
For information about the freeDiameter project, please refer
to top-level README file.
- update_copyright.sh : This script will simply update the copyright information
in all source files in the freeDiameter mercurial repository, based
on the last modification time. Thought I might share it if other people find
it useful for their own project...
- debian : This directory contains the packaging information to create native Debian / Ubuntu
packages. It requires debhelper >= 7.3.9 (support for cmake). To use, simply link the
debian folder from the main freeDiameter folder, then use your building script as
usual ('dh binary' or 'pdebuild' or ...).
If you simply intend to use freeDiameter package, the relevant information is located
at: http://www.freediameter.net/trac/wiki/DebRepository
- PKI : This directory contains useful material related to establishing a
Public Key Infrastructure (PKI) for deploying x509 certificates
and use these for TLS authentication of the freeDiameter nodes.
IMPORTANT: Please note that these solutions are NOT suitable
for use in a production environment! It allows easy deployment of
certificates for tests, and that is their sole purpose.
The directory contains:
- ca_script: a simple Makefile allowing you to generate a self-signed certificate (root)
and then issue new certificates and private keys for your users.
Run "make" without argument to get the help.
- ca_script2: An evolution of the previous Makefile. This one allows you
to create a hierarchy of CA and certificates.
- phpki-0.82.patch : This patch is to be applied to PHPki to customize the use for freeDiameter.
PHPki (http://sourceforge.net/projects/phpki/) is a PHP-based web interface
that provides more or less the same services as ca_script.
- OpenWRT : This directory contains the scripts and documentation related to
the integration of freeDiameter RADIUS/Diameter gateway component in the openWRT
distribution (http://openwrt.org) -- the goal is to give the access point the
ability to "talk" Diameter instead of RADIUS.
- nightly_tests : This directory contains the scripts and documentation for the nightly
tests run on freeDiameter. The results are published at the following URL:
http://www.freediameter.net/CDash/index.php?project=freeDiameter
- dict_legacy: XML and DTD files for the dict_legacy_xml.fdx extension.
- dict_dcca: partial implementations of the DCCA dictionary
- dict_gx: untested implementation of the Gx interface.
- wireshark: This contains some information on how to use Wireshark to monitor Diameter
exchange protected with TLS. It involves patching the wireshark software.

6
lib/freeDiameter/contrib/RPM/build_rpm.txt Executable file
View File

@ -0,0 +1,6 @@
[krum@ThinkPad DelMe]$ cp freeDiameter.spec /home/krum/rpmbuild/SPECS/
[krum@ThinkPad DelMe]$ cd /home/krum/rpmbuild/SOURCES/
[krum@ThinkPad ~]$ cd /home/krum/rpmbuild/SOURCES/
[krum@ThinkPad SOURCES]$ wget http://www.freediameter.net/hg/freeDiameter/archive/1.1.6.tar.gz
[krum@ThinkPad SOURCES]$ cd ../SPECS/
[krum@ThinkPad SPECS]$ rpmbuild -ba freeDiameter.spec

78
lib/freeDiameter/contrib/RPM/freeDiameter.spec Executable file
View File

@ -0,0 +1,78 @@
Name: freeDiameter
Version: 1.1.6
Release: 1%{?dist}
Packager: krum.boy4ev@gmail.com
Summary: freeDiameter is an implementation of the Diameter protocol.
Group: Development/Libraries
License: BSD License
URL: http://www.freediameter.net
Source0: http://www.freediameter.net/hg/freeDiameter/archive/1.1.6.tar.gz
BuildRequires: cmake make gcc gcc-c++ flex bison lksctp-tools-devel
BuildRequires: gnutls-devel libgcrypt-devel libidn-devel
BuildRequires: mercurial
Requires: lksctp-tools
%description
freeDiameter is an implementation of the Diameter protocol.
Diameter is a protocol designed to carry Authentication, Authorization and
Accounting (AAA) payload. It is an evolution of the RADIUS protocol (as the
name suggests).
See http://www.freediameter.net/ for more information on the project.
freeDiameter was previously known as the "waaad" project (WIDE AAA Daemon)
This project is not related to the "freediameter" project from Sun on sourceforge.
Author: Sebastien Decugis.
%package daemon
Summary: Simple daemon parses the command line and initializes the freeDiameter framework.
Group: Development/Libraries
Requires: freeDiameter
%description daemon
freeDiameterd : this simple daemon parses the command line and initializes the
freeDiameter framework. Use it for your Diameter server & agent components.
In case of Diameter clients, you probably will prefer linking the libfdcore
directly with your client application that must be made Diameter-aware.
%prep
%setup -qn %{name}-%{version}
%build
mkdir -p build
cd build
cmake ../
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
cd build
make install DESTDIR=$RPM_BUILD_ROOT
make test
%post daemon
echo "/usr/local/lib/" > /etc/ld.so.conf.d/%{name}.conf
/sbin/ldconfig
%files
%defattr(-,root,root,-)
/usr/local/include/
/usr/local/lib/
%files daemon
%defattr(-,root,root,-)
/usr/local/bin/
%changelog
* Sat Jul 5 2013 Krum Boychev <krum.boy4ev@gmail.com> - 1.1.6-1
- initial version

47
lib/freeDiameter/contrib/app_acct_tools/README Normal file
View File

@ -0,0 +1,47 @@
This folder contains several tools to use and parse the data from the app_acct.fdx extension.
- database.sql :
An example database format for use with the scripts in this folder.
- app_acct.conf :
The part of app_acct.conf that is relevant to this database schema.
- purge_to_file.php :
This PHP script is used to take the records from the incoming table (stored by app_acct.fdx
extension) and save these records in a file in SQL format. This is similar to pg_dump
command, except that all the records that have been saved in the file are removed from
the table. This can be used in cron jobs for example to maintain a reasonable size of
the incoming table and move the data to another host for off-line processing. It can
also be useful to aggregate the data from different hosts, if you are load-balancing your
accounting servers for example (granted that all app_acct.fdx use identical table format
on all the servers). See the top of the file for configuration parameters.
- process_records.php :
This PHP script processes the records pertaining to users sessions, as follow:
* when a session is complete (STOP record received), it stores a session summary
into the processed records table (see process_database.sql file for format).
* It optionally archives the processed records into a different table, before deleting them.
* It can also move records of unterminated sessions that are older than a configurable time
to an orphan_records table, so that they are not re-processed every time.
This orphans table must have the same structure as the "incoming" table.
- display_results.php, display_self.php, display_stats.php :
These scripts give a few examples of how to display the processed data.
USAGE:
*) Initial: create your database using database.sql file
*) Configure the app_acct.fdx extension using tips from app_acct.conf
The following processing can be run for example as cron jobs.
1) On each accounting server for the realm, configure the app_acct.fdx extension to
dump the records in a local database (all servers must use the same database format).
The table would typically be "incoming".
2) Run the purge_to_file.php script on each server regularly, then move the generated
files onto a single server for processing. This server only needs the other tables.
3) Add the data from the files into the database in this server by running:
psql < file.sql
Each file that has been added should then be archived and removed so that it is not
re-added later.
4) Run the process_records.php script on this processing server. Now, the database
contains the aggregated data that can be visualized with display_*.php scripts.

68
lib/freeDiameter/contrib/app_acct_tools/app_acct.conf Normal file
View File

@ -0,0 +1,68 @@
# This is the configuration for use with the database created by 'database.sql' file.
# One should take care of configuring the ConnInfo properly.
ConnInfo = "";
# The table and special fields names:
Table = "incoming";
Timestamp_field = "recorded_on";
Server_name_field = "recorded_serv";
# The AVPs that are saved in the table:
"Origin-Host";
"Origin-Realm";
"Destination-Realm";
"Destination-Host";
"Session-Id";
"Origin-State-Id";
"Accounting-Record-Type";
"Accounting-Record-Number";
"User-Name";
"Event-Timestamp";
"Acct-Application-Id";
"Accounting-Sub-Session-Id";
"Acct-Session-Id";
"Acct-Multi-Session-Id";
"Origin-AAA-Protocol";
"Acct-Delay-Time";
"NAS-Identifier";
"NAS-IP-Address";
"NAS-IPv6-Address";
"NAS-Port";
"NAS-Port-Id";
"NAS-Port-Type";
"Service-Type";
"Termination-Cause";
"Accounting-Input-Octets";
"Accounting-Input-Packets";
"Accounting-Output-Octets";
"Accounting-Output-Packets";
"Acct-Authentic";
"Acct-Link-Count";
"Acct-Session-Time";
"Acct-Tunnel-Connection";
"Acct-Tunnel-Packets-Lost";
"Callback-Id";
"Callback-Number";
"Called-Station-Id";
"Calling-Station-Id";
"Connect-Info";
"Originating-Line-Info";
"Authorization-Lifetime";
"Session-Timeout";
"Idle-Timeout";
"Port-Limit";
"Accounting-Realtime-Required";
"Acct-Interim-Interval";
"Filter-Id";
"NAS-Filter-Rule";
"QoS-Filter-Rule";
"Login-IP-Host";
"Login-IPv6-Host";
"Login-LAT-Group";
"Login-LAT-Node";
"Login-LAT-Port";
"Login-LAT-Service";
"Login-Service";
"Login-TCP-Port";
"Route-Record" = { multi=5; };

227
lib/freeDiameter/contrib/app_acct_tools/database.sql Normal file
View File

@ -0,0 +1,227 @@
-- database.sql
-- Script to create the tables for process_records.php script to perform.
-- IMPORTANT NOTE: No constraint and almost no index are created by this script.
-- One should consider adding the appropriate indexes according to their utilization of the data.
-- Incoming table table.
-- This table is used by app_acct.fdx to store the Accounting records.
CREATE TABLE incoming (
"Origin-Host" bytea NOT NULL,
"Origin-Realm" bytea NOT NULL,
"Destination-Realm" bytea,
"Destination-Host" bytea,
"Session-Id" bytea NOT NULL,
"Origin-State-Id" integer,
"Accounting-Record-Type" integer NOT NULL,
"Accounting-Record-Number" integer NOT NULL,
"User-Name" bytea,
"Event-Timestamp" bytea,
"Acct-Application-Id" integer,
"Accounting-Sub-Session-Id" bigint,
"Acct-Session-Id" bytea,
"Acct-Multi-Session-Id" bytea,
"Origin-AAA-Protocol" integer,
"Acct-Delay-Time" integer,
"NAS-Identifier" bytea,
"NAS-IP-Address" bytea,
"NAS-IPv6-Address" bytea,
"NAS-Port" integer,
"NAS-Port-Id" bytea,
"NAS-Port-Type" integer,
"Service-Type" integer,
"Termination-Cause" integer,
"Accounting-Input-Octets" bigint,
"Accounting-Input-Packets" bigint,
"Accounting-Output-Octets" bigint,
"Accounting-Output-Packets" bigint,
"Acct-Authentic" integer,
"Acct-Link-Count" integer,
"Acct-Session-Time" integer,
"Acct-Tunnel-Connection" bytea,
"Acct-Tunnel-Packets-Lost" integer,
"Callback-Id" bytea,
"Callback-Number" bytea,
"Called-Station-Id" bytea,
"Calling-Station-Id" bytea,
"Connect-Info" bytea,
"Originating-Line-Info" bytea,
"Authorization-Lifetime" integer,
"Session-Timeout" integer,
"Idle-Timeout" integer,
"Port-Limit" integer,
"Accounting-Realtime-Required" integer,
"Acct-Interim-Interval" integer,
"Filter-Id" bytea,
"NAS-Filter-Rule" bytea,
"QoS-Filter-Rule" bytea,
"Login-IP-Host" bytea,
"Login-IPv6-Host" bytea,
"Login-LAT-Group" bytea,
"Login-LAT-Node" bytea,
"Login-LAT-Port" bytea,
"Login-LAT-Service" bytea,
"Login-Service" integer,
"Login-TCP-Port" integer,
"Route-Record1" bytea,
"Route-Record2" bytea,
"Route-Record3" bytea,
"Route-Record4" bytea,
"Route-Record5" bytea,
"recorded_on" timestamp with time zone NOT NULL,
"recorded_serv" bytea
);
-- Accounting Data.
-- This is is the processed data that is used also by display_results.php
CREATE TABLE processed (
user_name bytea,
user_device bytea,
nas_info bytea,
sess_start timestamp with time zone,
sess_duration interval,
downl_bytes bigint,
upl_bytes bigint,
downl_packets bigint,
upl_packets bigint
);
CREATE INDEX un_index ON processed (user_name);
-- Orphans table.
-- This is optional, and it must match the structure of your incoming table.
CREATE TABLE orphans (
"Origin-Host" bytea NOT NULL,
"Origin-Realm" bytea NOT NULL,
"Destination-Realm" bytea,
"Destination-Host" bytea,
"Session-Id" bytea NOT NULL,
"Origin-State-Id" integer,
"Accounting-Record-Type" integer NOT NULL,
"Accounting-Record-Number" integer NOT NULL,
"User-Name" bytea,
"Event-Timestamp" bytea,
"Acct-Application-Id" integer,
"Accounting-Sub-Session-Id" bigint,
"Acct-Session-Id" bytea,
"Acct-Multi-Session-Id" bytea,
"Origin-AAA-Protocol" integer,
"Acct-Delay-Time" integer,
"NAS-Identifier" bytea,
"NAS-IP-Address" bytea,
"NAS-IPv6-Address" bytea,
"NAS-Port" integer,
"NAS-Port-Id" bytea,
"NAS-Port-Type" integer,
"Service-Type" integer,
"Termination-Cause" integer,
"Accounting-Input-Octets" bigint,
"Accounting-Input-Packets" bigint,
"Accounting-Output-Octets" bigint,
"Accounting-Output-Packets" bigint,
"Acct-Authentic" integer,
"Acct-Link-Count" integer,
"Acct-Session-Time" integer,
"Acct-Tunnel-Connection" bytea,
"Acct-Tunnel-Packets-Lost" integer,
"Callback-Id" bytea,
"Callback-Number" bytea,
"Called-Station-Id" bytea,
"Calling-Station-Id" bytea,
"Connect-Info" bytea,
"Originating-Line-Info" bytea,
"Authorization-Lifetime" integer,
"Session-Timeout" integer,
"Idle-Timeout" integer,
"Port-Limit" integer,
"Accounting-Realtime-Required" integer,
"Acct-Interim-Interval" integer,
"Filter-Id" bytea,
"NAS-Filter-Rule" bytea,
"QoS-Filter-Rule" bytea,
"Login-IP-Host" bytea,
"Login-IPv6-Host" bytea,
"Login-LAT-Group" bytea,
"Login-LAT-Node" bytea,
"Login-LAT-Port" bytea,
"Login-LAT-Service" bytea,
"Login-Service" integer,
"Login-TCP-Port" integer,
"Route-Record1" bytea,
"Route-Record2" bytea,
"Route-Record3" bytea,
"Route-Record4" bytea,
"Route-Record5" bytea,
"recorded_on" timestamp with time zone NOT NULL,
"recorded_serv" bytea
);
-- Archives table.
-- This is also optional, and it must match the structure of your incoming table.
CREATE TABLE archived (
"Origin-Host" bytea NOT NULL,
"Origin-Realm" bytea NOT NULL,
"Destination-Realm" bytea,
"Destination-Host" bytea,
"Session-Id" bytea NOT NULL,
"Origin-State-Id" integer,
"Accounting-Record-Type" integer NOT NULL,
"Accounting-Record-Number" integer NOT NULL,
"User-Name" bytea,
"Event-Timestamp" bytea,
"Acct-Application-Id" integer,
"Accounting-Sub-Session-Id" bigint,
"Acct-Session-Id" bytea,
"Acct-Multi-Session-Id" bytea,
"Origin-AAA-Protocol" integer,
"Acct-Delay-Time" integer,
"NAS-Identifier" bytea,
"NAS-IP-Address" bytea,
"NAS-IPv6-Address" bytea,
"NAS-Port" integer,
"NAS-Port-Id" bytea,
"NAS-Port-Type" integer,
"Service-Type" integer,
"Termination-Cause" integer,
"Accounting-Input-Octets" bigint,
"Accounting-Input-Packets" bigint,
"Accounting-Output-Octets" bigint,
"Accounting-Output-Packets" bigint,
"Acct-Authentic" integer,
"Acct-Link-Count" integer,
"Acct-Session-Time" integer,
"Acct-Tunnel-Connection" bytea,
"Acct-Tunnel-Packets-Lost" integer,
"Callback-Id" bytea,
"Callback-Number" bytea,
"Called-Station-Id" bytea,
"Calling-Station-Id" bytea,
"Connect-Info" bytea,
"Originating-Line-Info" bytea,
"Authorization-Lifetime" integer,
"Session-Timeout" integer,
"Idle-Timeout" integer,
"Port-Limit" integer,
"Accounting-Realtime-Required" integer,
"Acct-Interim-Interval" integer,
"Filter-Id" bytea,
"NAS-Filter-Rule" bytea,
"QoS-Filter-Rule" bytea,
"Login-IP-Host" bytea,
"Login-IPv6-Host" bytea,
"Login-LAT-Group" bytea,
"Login-LAT-Node" bytea,
"Login-LAT-Port" bytea,
"Login-LAT-Service" bytea,
"Login-Service" integer,
"Login-TCP-Port" integer,
"Route-Record1" bytea,
"Route-Record2" bytea,
"Route-Record3" bytea,
"Route-Record4" bytea,
"Route-Record5" bytea,
"recorded_on" timestamp with time zone NOT NULL,
"recorded_serv" bytea
);

141
lib/freeDiameter/contrib/app_acct_tools/display_results.php Normal file
View File

@ -0,0 +1,141 @@
<?php
# The copyright of this file is the same as the freeDiameter project. Licence is BSD.
# This file should no be called directly;
# instead it should be included from another script that sets its parameters as described below.
## $USERS
# An array of the user names to display; the empty array will display all users.
# This parameter MUST be set.
if (!isset($USERS))
die('Do not call this file directly');
## $START_TIME:
# If set, this restricts the displayed data to sessions starting after $START
## $END_TIME:
# If set, this restricts the displayed data to sessions starting before $END
## $LIMIT:
## $LIMIT_OFFSET:
# If set, these limit the number of accounting records displayed (for pagination purpose)
#------------------------------------------------------------------------------------------
# DATABASE:
/* The Connection String used to access that database:
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
$CONNSTR="";
/* The name of the table containing the processed data (from process_records.php script) */
$PROCESSED="processed";
#------------------------------------------------------------------------------------------
/* Connect to the database */
$dbconn = pg_connect($CONNSTR)
or die('Could not connect: ' . pg_last_error() . "\n");
/* Function to format download size (from php.net) */
function human_readable( $size )
{
$count = 0;
$format = array("B","KB","MB","GB","TB","PB","EB","ZB","YB");
while(($size/1024)>1 && $count<8)
{
$size=$size/1024;
$count++;
}
if( $size >= 100 ) $decimals = 0;
elseif ($size >= 10 ) $decimals = 1;
else $decimals = 2;
$return = number_format($size,$decimals,'.',' ')." ".$format[$count];
return $return;
}
/* Build the SQL query */
$sql = 'SELECT *, to_char(sess_start, \'YYYY-MM-DD&nbsp;HH24:MI:SS&nbsp;(TZ)\') as fmt_sess_start FROM "'.$PROCESSED.'"';
$where=0;
if ($USERS) {
$USERS = array_map(pg_escape_bytea, $USERS);
$sql .= " WHERE user_name IN ('". join("', '", array_values($USERS))."') ";
$where = 1;
}
if ($START_TIME) {
$START_TIME = pg_escape_string($START_TIME);
if ($where++)
$sql .= " AND ";
else
$sql .= " WHERE ";
$sql .= "sess_start >= '".$START_TIME."'";
}
if ($END_TIME) {
$END_TIME = pg_escape_string($END_TIME);
if ($where++)
$sql .= " AND ";
else
$sql .= " WHERE ";
$sql .= "sess_start <= '".$END_TIME."'";
}
$sql .= " ORDER BY sess_start, sess_duration";
if ($LIMIT)
$sql .= " LIMIT $LIMIT";
if ($LIMIT_OFFSET)
$sql .= " OFFSET $LIMIT_OFFSET";
/* Execute the query */
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
$recs = pg_num_rows($result);
if ($recs == 0) {
echo "<p><em>Sorry, no data is available in this selection.</em></p>\n";
} else {
echo "<p><strong>$recs</strong> records found.</p>\n";
?>
<table>
<tr>
<th>Device identifier</th>
<th>Access Device information</th>
<th>Session started on</th>
<th>Duration</th>
<th>Downloaded</th>
<th>Uploaded</th>
</tr>
<?php
while ($record = pg_fetch_array($result, null, PGSQL_ASSOC)) {
echo " <tr title='".htmlentities(pg_unescape_bytea($record["user_name"]))."'>\n";
echo " <td>";
echo htmlentities(pg_unescape_bytea($record["user_device"]));
echo "</td>\n";
echo " <td>";
echo htmlentities(pg_unescape_bytea($record["nas_info"]));
echo "</td>\n";
echo " <td>";
echo $record["fmt_sess_start"];
echo "</td>\n";
echo " <td>";
echo htmlentities($record["sess_duration"]);
echo "</td>\n";
echo " <td>";
echo human_readable( $record["downl_bytes"] )." (".$record["downl_packets"]."pckts)";
echo "</td>\n";
echo " <td>";
echo human_readable( $record["upl_bytes"] )." (".$record["upl_packets"]."pckts)";
echo "</td>\n";
echo " </tr>\n";
}
}
pg_free_result($result);
/* Closing connection */
pg_close($dbconn);
?>

139
lib/freeDiameter/contrib/app_acct_tools/display_self.php Normal file
View File

@ -0,0 +1,139 @@
<?php
# This file is an example wrapper around display_results.php.
# It relies on clients authentication based on certificate usage
# (it must be the same certificate as used during AAA access, so that the User-Name matches).
# See your web server documentation for details.
# Example for apache2:
# (+ detail in http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#allclients )
# - in vhost definition file, refence the CA chain of your users certificates:
# SSLCACertificateFile /var/www/conf/ssl.crt/ca.crt
# - in vhost file or .htaccess file (adjust Depth to your setup):
# <IfModule mod_ssl.c>
# SSLVerifyClient require
# SSLVerifyDepth 2
# </IfModule>
/* Check the client is correctly SSL authenticated with his server */
if (!isset($_SERVER["SSL_CLIENT_VERIFY"]) || $_SERVER["SSL_CLIENT_VERIFY"] != "SUCCESS")
die("SSL authentication failed, the webserver is probably not configured correctly.\n");
/* Force some parameters to integer values */
if ($_GET["t_limit"])
$_GET["t_limit"] = (int) $_GET["t_limit"];
if ($_GET["t_offset"])
$_GET["t_offset"] = (int) $_GET["t_offset"];
/* Default form values */
if (!isset($_GET["Submit"])) {
$_GET["t_limit"] = 50;
$_GET["c_limit"] = 1;
$_GET["t_offset"] = 0;
}
/* Output the form */
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Accounting Data</title>
<meta name="description" content="This page gives you access to your personal accounting data.">
<meta name="keywords" content="accounting">
<style type="text/css">
body { text-align:center; }
table { border-collapse:collapse; margin-left:auto; margin-right:auto; }
table, td, th { border:1px solid green; padding-left:.5em; padding-right:.5em;}
th { background-color:green; color:white; }
</style>
</head>
<body >
<h1>Accounting data</h1>
<p>Note well: this page displays only data about <em>terminated</em> sessions.</p>
<form method="GET">
<table>
<tr>
<th colspan="3">
Filtering parameters
</th>
</tr>
<tr>
<td><input type="checkbox" name="c_starttime"<?php if (isset($_GET["c_starttime"])) echo " checked"; ?>></td>
<td>Show only sessions starting from (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">YYYY-MM-DD HH:MM:SS</a>):</td>
<td><input type="text" name="t_starttime"<?php if (isset($_GET["t_starttime"])) echo 'value="'.$_GET["t_starttime"].'"'; ?>></td>
</tr>
<tr>
<td><input type="checkbox" name="c_endtime"<?php if (isset($_GET["c_endtime"])) echo " checked"; ?>></td>
<td>Show only sessions starting until (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">YYYY-MM-DD HH:MM:SS</a>):</td>
<td><input type="text" name="t_endtime"<?php if (isset($_GET["t_endtime"])) echo 'value="'.$_GET["t_endtime"].'"'; ?>></td>
</tr>
<tr>
<td><input type="checkbox" name="c_limit"<?php if (isset($_GET["c_limit"])) echo " checked"; ?>></td>
<td>Show only this number of records:</td>
<td><input type="text" name="t_limit"<?php if (isset($_GET["t_limit"])) echo 'value="'.$_GET["t_limit"].'"'; ?>></td>
</tr>
<tr>
<td><input type="checkbox" name="c_offset"<?php if (isset($_GET["c_offset"])) echo " checked"; ?>></td>
<td>Starting from record:</td>
<td><input type="text" name="t_offset"<?php if (isset($_GET["t_offset"])) echo 'value="'.$_GET["t_offset"].'"'; ?>></td>
</tr>
<tr>
<th colspan="3">
Apply this filter: <input type="submit" name="Submit">
</th>
</tr>
</table>
</form>
<p>
Currently displaying user <em><?php echo htmlentities($_SERVER["SSL_CLIENT_S_DN_CN"]); ?></em><?php
/* Search user by CN or Email since some OS use the later during EAP-TLS authentication */
$USERS = array($_SERVER["SSL_CLIENT_S_DN_CN"], $_SERVER["SSL_CLIENT_S_DN_Email"]);
/* If the start time boundary was specified... */
if ($_GET["c_starttime"] && $_GET["t_starttime"]) {
$START_TIME=$_GET["t_starttime"];
}
if ($_GET["c_endtime"] && $_GET["t_endtime"]) {
$END_TIME=$_GET["t_endtime"];
}
/* idem with end time */
if ($START_TIME && $END_TIME) {
echo ", sessions starting between $START_TIME and $END_TIME";
} elseif ($START_TIME) {
echo ", sessions starting after $START_TIME";
} elseif ($END_TIME) {
echo ", sessions starting before $END_TIME";
}
/* Pagination */
if ($_GET["c_limit"] && $_GET["t_limit"]) {
$LIMIT=$_GET["t_limit"];
}
if ($_GET["c_offset"] && $_GET["t_offset"]) {
$LIMIT_OFFSET=$_GET["t_offset"];
}
if ($LIMIT) {
echo ", limited to ".$LIMIT." records";
if ($LIMIT_OFFSET)
echo " starting at ".$LIMIT_OFFSET;
} else if ($LIMIT_OFFSET) {
echo " starting at record ".$LIMIT_OFFSET;
}
echo ".\n";
?>
</p>
<?php
/* This file will generate the array of data matching the selection */
require("display_results.php");
?>
</body>
</html>

269
lib/freeDiameter/contrib/app_acct_tools/display_stats.php Normal file
View File

@ -0,0 +1,269 @@
<?php
# The copyright of this file is the same as the freeDiameter project. Licence is BSD.
#------------------------------------------------------------------------------------------
# DATABASE:
/* The Connection String used to access that database:
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
$CONNSTR="";
/* The name of the table containing the processed data (from process_records.php script) */
$PROCESSED="processed";
#------------------------------------------------------------------------------------------
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Accounting Data</title>
<meta name="description" content="This page gives you access to your personal accounting data.">
<meta name="keywords" content="accounting">
<style type="text/css">
body { text-align:center; }
table.colored { border-collapse:collapse; margin-left:auto; margin-right:auto; }
table.colored td, table.colored th { border:1px solid green; padding-left:.5em; padding-right:.5em;}
.colored th { background-color:green; color:white; }
hr { width:15px; margin-top:2em;margin-bottom:2em; }
</style>
</head>
<body >
<h1>Statistical accounting data</h1>
<form method="GET">
<table class="colored">
<tr>
<th colspan="3">
Filtering options
</th>
</tr>
<tr>
<td><input type="checkbox" name="c_starttime"<?php if (isset($_GET["c_starttime"])) echo " checked"; ?>></td>
<td>Limit to sessions starting from (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">hint</a>):</td>
<td><input type="text" title="YYYY-MM-DD HH:MM:SS" name="t_starttime"<?php if (isset($_GET["t_starttime"])) echo 'value="'.$_GET["t_starttime"].'"'; ?>></td>
</tr>
<tr>
<td><input type="checkbox" name="c_endtime"<?php if (isset($_GET["c_endtime"])) echo " checked"; ?>></td>
<td>Limit to sessions starting until (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">hint</a>):</td>
<td><input type="text" title="YYYY-MM-DD HH:MM:SS" name="t_endtime"<?php if (isset($_GET["t_endtime"])) echo 'value="'.$_GET["t_endtime"].'"'; ?>></td>
</tr>
<tr>
<th colspan="3">
Apply this filter: <input type="submit" name="Submit">
</th>
</tr>
</table>
</form>
<p>Note well: this page displays only data about <em>terminated</em> sessions.</p>
<?php
/* Connect to the database */
$dbconn = pg_connect($CONNSTR)
or die('Could not connect: ' . pg_last_error() . "\n");
if ($_GET["c_starttime"] && $_GET["t_starttime"]) {
$START_TIME=$_GET["t_starttime"];
}
if ($_GET["c_endtime"] && $_GET["t_endtime"]) {
$END_TIME=$_GET["t_endtime"];
}
$sql_cond="";
if ($START_TIME) {
$sql_cond = "sess_start >= '".pg_escape_string($START_TIME)."'";
}
if ($END_TIME) {
if ($sql_cond)
$sql_cond .= " AND ";
$sql_cond .= "sess_start =< '".pg_escape_string($END_TIME)."'";
}
/* Function to format download size (from php.net) */
function human_readable( $size )
{
$count = 0;
$format = array("B","KB","MB","GB","TB","PB","EB","ZB","YB");
while(($size/1024)>1 && $count<8)
{
$size=$size/1024;
$count++;
}
if( $size >= 100 ) $decimals = 0;
elseif ($size >= 10 ) $decimals = 1;
else $decimals = 2;
$return = number_format($size,$decimals,'.',' ')." ".$format[$count];
return $return;
}
?>
<hr />
<?php
/* First query: global data */
$sql = 'SELECT SUM(downl_bytes) as total_down, SUM(upl_bytes) as total_up,';
$sql .= ' to_char(min(sess_start), \'YYYY-MM-DD&nbsp;HH24:MI:SS&nbsp;TZ\') as first_sess,';
$sql .= ' to_char(max(sess_start), \'YYYY-MM-DD&nbsp;HH24:MI:SS&nbsp;TZ\') as last_sess,';
$sql .= ' count(distinct user_name) as nb_users,';
$sql .= ' count(distinct nas_info) as nb_ap';
$sql .= ' FROM "'.$PROCESSED.'"';
if ($sql_cond)
$sql .= ' WHERE '.$sql_cond;
/* Execute the query */
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
if (pg_num_rows($result) == 0) {
echo "<p><em>No data is available in the selected period.</em></p>\n";
die("</body></html>\n");
}
$data = pg_fetch_array($result, null, PGSQL_ASSOC);
?>
<table class="colored">
<tr>
<th colspan="2">Total accounted data</th>
</tr>
<?php
echo " <tr><td>First session started:</td><td>".$data["first_sess"]."</td></tr>\n";
echo " <tr><td>Last session started:</td><td>".$data["last_sess"]."</td></tr>\n";
echo " <tr><td>Total data downloaded:</td><td><strong>".human_readable($data["total_down"])."</strong></td></tr>\n";
echo " <tr><td>Total data uploaded:</td><td><strong>".human_readable($data["total_up"])."</strong></td></tr>\n";
echo " <tr><td>Number of users who connected at least once:</td><td>".$data["nb_users"]."</td></tr>\n";
echo " <tr><td>Number of access points involved:</td><td>".$data["nb_ap"]."</td></tr>\n";
echo " </tr>\n";
echo " </table>\n";
pg_free_result($result);
?>
<hr />
<table class="colored">
<tr>
<th colspan="2">Top-5 <strong>downloading</strong> users</th>
</tr>
<?php
/* Now, get the top 5 downloaders */
$sql = 'SELECT SUM(downl_bytes) as total_down, user_name';
$sql .= ' FROM "'.$PROCESSED.'"';
if ($sql_cond)
$sql .= ' WHERE '.$sql_cond;
$sql .= ' GROUP BY user_name';
$sql .= ' ORDER BY total_down desc, user_name';
$sql .= ' LIMIT 5';
/* Execute the query */
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
echo " <tr>\n";
echo " <td>".htmlentities(pg_unescape_bytea($data["user_name"]))."</td>\n";
echo " <td>".human_readable($data["total_down"])."</td>\n";
echo " </tr>\n";
}
pg_free_result($result);
?>
</table>
<hr />
<table class="colored">
<tr>
<th colspan="2">Top-5 <strong>uploading</strong> users</th>
</tr>
<?php
/* Now, get the top 5 downloaders */
$sql = 'SELECT SUM(upl_bytes) as total_up, user_name';
$sql .= ' FROM "'.$PROCESSED.'"';
if ($sql_cond)
$sql .= ' WHERE '.$sql_cond;
$sql .= ' GROUP BY user_name';
$sql .= ' ORDER BY total_up desc, user_name';
$sql .= ' LIMIT 5';
/* Execute the query */
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
echo " <tr>\n";
echo " <td>".htmlentities(pg_unescape_bytea($data["user_name"]))."</td>\n";
echo " <td>".human_readable($data["total_up"])."</td>\n";
echo " </tr>\n";
}
pg_free_result($result);
?>
</table>
<hr />
<table class="colored">
<tr>
<th colspan="2">Top-8 access devices (by number of users)</th>
</tr>
<?php
/* Now, get the top 5 downloaders */
$sql = 'SELECT count(distinct user_name) as unc, nas_info';
$sql .= ' FROM "'.$PROCESSED.'"';
if ($sql_cond)
$sql .= ' WHERE '.$sql_cond;
$sql .= ' GROUP BY nas_info';
$sql .= ' ORDER BY unc desc, nas_info';
$sql .= ' LIMIT 8';
/* Execute the query */
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
echo " <tr>\n";
echo " <td>".htmlentities(pg_unescape_bytea($data["nas_info"]))."</td>\n";
echo " <td>".$data["unc"]."</td>\n";
echo " </tr>\n";
}
pg_free_result($result);
?>
</table>
<hr />
<table class="colored">
<tr>
<th colspan="2">Top-8 access devices (by traffic: up+down)</th>
</tr>
<?php
/* Now, get the top 5 downloaders */
$sql = 'SELECT SUM(upl_bytes) + SUM(downl_bytes) as traffic, nas_info';
$sql .= ' FROM "'.$PROCESSED.'"';
if ($sql_cond)
$sql .= ' WHERE '.$sql_cond;
$sql .= ' GROUP BY nas_info';
$sql .= ' ORDER BY traffic desc, nas_info';
$sql .= ' LIMIT 8';
/* Execute the query */
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
echo " <tr>\n";
echo " <td>".htmlentities(pg_unescape_bytea($data["nas_info"]))."</td>\n";
echo " <td>".human_readable($data["traffic"])."</td>\n";
echo " </tr>\n";
}
pg_free_result($result);
?>
</table>
<hr />
<?php
/* Closing connection */
pg_close($dbconn);
?>
<p><small>Data generated by scripts from the <a href="http://www.freediameter.net">freeDiameter</a> project.</small></p>
</body>
</html>

205
lib/freeDiameter/contrib/app_acct_tools/process_records.php Normal file
View File

@ -0,0 +1,205 @@
<?php
# This file may be called either from CLI or web PHP installation.
# The copyright is the same as the freeDiameter project. Licence is BSD.
# IMPORTANT: This script is highly experimental, PLEASE KEEP A COPY OF YOUR ACCOUNTING DATA
# if this data has any importance.
/*-------------------------------------------------------*/
/* This script supports only one database where all tables are kept.
The Connection String used to access that database:
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
$CONNSTR="";
/**** 1 : Incoming records (output of app_acct.fdx) ****/
/* The name of the table were the raw records are saved (from app_acct.conf) */
$INCOMING="incoming";
/* Note: For this script, this table MUST contain the following fields (with these names):
Session-Id, User-Name, Accounting-Record-Type, Accounting-Record-Number, Acct-Session-Id,
Accounting-{In,Out}put-{Octets,Packets},
NAS-Identifier, Called-Station-Id, Calling-Station-Id, recorded_on.
*/
/**** 2 : Processed records (output of this script, input for display_results.php) ****/
/* The name of the table */
$PROCESSED="processed";
/* See process_database.sql for command to create this database */
/**** 3 : Orphan records (optional) ****/
/* The script can move records belonging to an unterminated session that has not received any new
record for more than $ORPHAN_DELAY (based on recorded_on field) into an $ORPHANED_TABLE table, so that
these records are not re-processed everytime the script runs.
If $ORPHANED_TABLE is empty, this feature is disabled. */
$ORPHANED_TABLE="orphans";
$ORPHAN_DELAY = "2 days";
/**** 4 : Archived records (optional) ****/
/* When data has been processed successfully, the records can be saved into an archive table before being deleted. */
/* This table also must have the same structure as $INCOMING */
$ARCHIVES_TABLE="archived";
/*-------------------------------------------------------*/
/* Connect to the database */
$dbconn = pg_connect($CONNSTR)
or die('Could not connect: ' . pg_last_error() . "\n");
/* Handle orphans first */
if ($ORPHANED_TABLE) {
$orphans_sql = 'SELECT * FROM "'.$INCOMING.'" ';
$orphans_sql.= 'WHERE "Acct-Session-Id" IN (';
$orphans_sql.= ' SELECT data.asid ';
$orphans_sql.= ' FROM (';
$orphans_sql.= ' SELECT "Acct-Session-Id" as asid, MAX("recorded_on") as latest, bool_or("Accounting-Record-Type" = 2) as got_start, bool_or("Accounting-Record-Type" = 4) as got_stop ';
$orphans_sql.= ' FROM "'.$INCOMING.'"';
$orphans_sql.= ' GROUP BY "Acct-Session-Id") ';
$orphans_sql.= ' as data';
$orphans_sql.= ' WHERE data.latest < current_timestamp - interval \''. $ORPHAN_DELAY .'\' AND NOT ( got_start AND got_stop )';
$orphans_sql.= ');';
/* Execute, move the orphaned records to the appropriate table. */
$result = pg_query($dbconn, $orphans_sql) or die('Query failed: ' . pg_last_error() . "\n");
if (pg_num_rows($result) > 0) {
$i = 0;
while ($orphan = pg_fetch_array($result, null, PGSQL_ASSOC)) {
$i++;
// this doesn't work: pg_insert( $dbconn, $ORPHANED_TABLE, $orphan ) or die('Insert failed: ' . pg_last_error() . "\n");
$sql = "INSERT INTO \"$ORPHANED_TABLE\" ";
$sql .= '("';
$sql .= join('", "', array_keys($orphan));
$sql .= '") VALUES (';
for($c = 0; $c < count($orphan); $c++)
$sql .= ($c ? ', ' : '').'$'.($c+1);
$sql .= ')';
pg_query_params($dbconn, $sql, array_values($orphan)) or die('Insert failed: ' . pg_last_error() . "\n");
// This also doesn't work: pg_delete( $dbconn, $INCOMING, $orphan ) or die('Removing orphan failed: ' . pg_last_error() . "\n");
$sql = "DELETE FROM \"$INCOMING\" WHERE ";
$sql .= '"Acct-Session-Id" = $1 AND "recorded_on" = $2';
pg_query_params($dbconn, $sql, array($orphan["Acct-Session-Id"], $orphan["recorded_on"])) or die('Removing orphan failed: ' . pg_last_error() . "\n");
}
echo $i." orphans have been moved to '".$ORPHANED_TABLE."'\n";
}
pg_free_result($result);
}
/* Delete duplicate records (which might have been received by different servers on different time, but are identical otherwise */
$duplicate_sql = ' SELECT * FROM (SELECT count(*) as cnt, min("recorded_on") as first, "Session-Id", "Acct-Session-Id", "Accounting-Record-Type", "Accounting-Record-Number"';
$duplicate_sql .= ' FROM "'.$INCOMING.'" GROUP BY "Session-Id", "Acct-Session-Id", "Accounting-Record-Type", "Accounting-Record-Number") as qry WHERE qry.cnt > 1';
$result = pg_query($dbconn, $orphans_sql) or die('Query failed: ' . pg_last_error() . "\n");
if (pg_num_rows($result) > 0) {
/* We have some duplicates to delete */
$i=0;
while ($dup = pg_fetch_array($result, null, PGSQL_ASSOC)) {
$i++;
$sql = "DELETE FROM \"$INCOMING\" WHERE ";
$sql .= '"Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = $3 AND "Accounting-Record-Number" = $4 AND "recorded_on" <> $5';
$params = array($dup["Session-Id"], $dup["Acct-Session-Id"], $dup["Accounting-Record-Type"], $dup["Accounting-Record-Number"], $dup["first"]);
pg_query_params($dbconn, $sql, $params) or die('Removing duplicates failed: ' . pg_last_error() . "\n");
}
echo $i." duplicate records have been deleted from '".$INCOMING."'\n";
}
pg_free_result($result);
/* Now, find Acct-Session-Id of completed sessions */
$completed_sql = ' SELECT "Session-Id", "Acct-Session-Id" FROM (';
$completed_sql .= ' SELECT "Session-Id", "Acct-Session-Id", bool_or("Accounting-Record-Type" = 2) as got_start, bool_or("Accounting-Record-Type" = 4) as got_stop ';
$completed_sql .= ' FROM "'.$INCOMING.'" GROUP BY "Session-Id", "Acct-Session-Id"';
$completed_sql .= ' ) as input';
$completed_sql .= ' WHERE got_start AND got_stop';
$sids = pg_query($dbconn, $completed_sql) or die('Query failed: ' . pg_last_error() . "\n");
if (pg_num_rows($sids) > 0) {
while ($sids_line = pg_fetch_array($sids, null, PGSQL_ASSOC)) {
$sid = $sids_line["Session-Id"];
$asid = $sids_line["Acct-Session-Id"];
echo "Processing Acct-Session-Id '".$asid."', Session-Id '".$sid ."'... ";
$data=array();
/* We simply ignore the interim record(s) in this first version, since they contain only cumulative data. It could be used in later version to draw the session details for example. */
$result = pg_query_params($dbconn, 'SELECT *, "recorded_on" - CAST(textcat(text("Acct-Session-Time"), text(\' seconds\')) as INTERVAL) as start_time FROM "'.$INCOMING.
'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = 4 ORDER BY "recorded_on"',
array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
$record = pg_fetch_array($result, null, PGSQL_ASSOC) or die('Internal error, got_stop is true but no record was returned');
$data[/* "user_name" */] = $record["User-Name"];
$data[/* "user_device" */] = $record["Calling-Station-Id"];
$nas_id= ($record["NAS-Identifier"] ?: $record["Origin-Host"]) ?: "<unidentified NAS>";
$ip = $record["NAS-IP-Address"] ?: $record["NAS-IPv6-Address"];
$nas_ip= $ip ? inet_ntop(pg_unescape_bytea($ip)) : "<unknown NAS IP>";
$nas_csi = $record["Called-Station-Id"];
$data[/* "nas_info" */] = $nas_id . " (".$nas_ip.")" . ($nas_csi ? " - Called Station: ".$nas_csi : "");
/* Is it possible to infer the session start time from this record only? */
if ($record["Acct-Session-Time"]) {
/* Yes, let's go */
$data[/* "sess_start" */] = $record["start_time"];
$data[/* "sess_duration" */] = $record["Acct-Session-Time"]." seconds";
} else {
/* No the information is missing, let's compute the approx value with the START record timestamp */
$res = pg_query_params($dbconn, 'SELECT t_start."recorded_on" as begining, t_end."recorded_on" - t_start."recorded_on" as duration'.
' FROM (SELECT "recorded_on" FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = 4 ORDER BY "recorded_on" LIMIT 1) as t_end, '.
' (SELECT "recorded_on" FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = 2 ORDER BY "Accounting-Record-Number", "recorded_on" LIMIT 1) as t_start',
array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
$vals = pg_fetch_array($result, null, PGSQL_ASSOC) or die('Internal error, unable to compute session time');
$data[/* "sess_start" */] = $vals["begining"];
$data[/* "sess_duration" */] = $vals["duration"];
pg_free_result($res);
}
$data[/* "downl_bytes" */] = $record["Accounting-Output-Octets"];
$data[/* "downl_packets" */] = $record["Accounting-Output-Packets"];
$data[/* "upl_bytes" */] = $record["Accounting-Input-Octets"];
$data[/* "upl_packets" */] = $record["Accounting-Input-Packets"];
pg_free_result($result);
$result = pg_query_params($dbconn,
'INSERT INTO "'.$PROCESSED.'" (user_name, user_device, nas_info, sess_start, sess_duration, downl_bytes, downl_packets, upl_bytes, upl_packets) '.
'VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)', $data) or die('Query failed: ' . pg_last_error() . "\n");
pg_free_result($result);
echo "Data stored into '$PROCESSED'... ";
/* Now that we have processed it, move these records to the $ARCHIVES_TABLE table. */
if ($ARCHIVES_TABLE) {
$result = pg_query_params($dbconn, 'SELECT * FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2', array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
$i = 0;
while ($rec = pg_fetch_array($result, null, PGSQL_ASSOC)) {
$i++;
$sql = "INSERT INTO \"$ARCHIVES_TABLE\" ";
$sql .= '("';
$sql .= join('", "', array_keys($rec));
$sql .= '") VALUES (';
for($c = 0; $c < count($rec); $c++)
$sql .= ($c ? ', ' : '').'$'.($c+1);
$sql .= ')';
pg_query_params($dbconn, $sql, array_values($rec)) or die('Insert failed: ' . pg_last_error() . "\n");
}
echo $i." records archived into '".$ARCHIVES_TABLE."'";
pg_free_result($result);
}
echo "\n";
$result = pg_query_params($dbconn, 'DELETE FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2', array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
pg_free_result($result);
}
}
pg_free_result($sids);
echo "Operation completed with success!\n";
/* Closing connection */
pg_close($dbconn);
?>

157
lib/freeDiameter/contrib/app_acct_tools/purge_to_file.php Normal file
View File

@ -0,0 +1,157 @@
<?php
# This file may be called either from CLI or web PHP installation.
# The copyright is the same as the freeDiameter project. Licence is BSD.
/*-------------------------------------------------------*/
/* -- These parameters must match the app_acct.conf file -- */
/* The Connection String used to access the database.
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
$CONNSTR="";
/* The name of the table were the records are saved by app_acct.fdx */
$TABLE="incoming";
/* -- These parameters are specific to this script -- */
/* Name of the dump file to create. It can be relative or absolute.
The script fails if this file already exists.
Use for example "data-".date("Ymdhis").".sql" to avoid collisions. */
$DUMPFILE="incoming_data.sql";
/* Does the script also echoes an HTML TABLE of the data processed? */
$DISPLAY_HTML=FALSE; // it would be better to detect if we are called through Web or CLI...
/* In addition, issue a full HTML page (including headers) ? */
$HTML_HEADERS=TRUE;
/*-------------------------------------------------------*/
/* Connect to the database */
$dbconn = pg_connect($CONNSTR)
or die('Could not connect: ' . pg_last_error() . "\n");
/* Check if the file exists */
$file = fopen($DUMPFILE, "xb")
or die("The file '$DUMPFILE' already exists or cannot be created, aborting.\n");
/* First, query the table format */
$format_sql = "SELECT ".
" a.attname AS field,".
" t.typname AS type,".
/* " a.attlen AS length,". */
" a.atttypmod AS lengthvar,".
" a.attnotnull AS notnull".
" FROM".
" pg_class c,".
" pg_attribute a,".
" pg_type t".
" WHERE".
" c.relname = '" . $TABLE . "'".
" AND a.attnum > 0".
" AND a.attrelid = c.oid".
" AND a.atttypid = t.oid".
" ORDER BY a.attnum";
$result = pg_query($dbconn, $format_sql) or die('Query failed: ' . pg_last_error() . "\n");
/* app_acct.fdx only uses a few different fields types: */
$conv_types = array(
"timestamptz" => "timestamp with time zone", /* recorded on */
"bytea" => "bytea", /* octet string */
"int4" => "integer", /* unsigned32, integer32, float32 */
"int8" => "bigint" /* unsigned64, integer64, float64 */
);
$fields_types=array();
fwrite($file, " -- Data purged on ".date(DATE_RFC822)."\n\n");
fwrite($file, " -- Format of the table it was extracted from:\n");
fwrite($file, " -- CREATE TABLE \"".$TABLE."\" (\n");
$i = 0;
while ($field = pg_fetch_array($result, null, PGSQL_ASSOC)) {
if ($i++)
fwrite($file, ",\n");
fwrite($file, " -- \"".$field["field"]."\" ");
if (array_key_exists($field["type"], $conv_types))
$fields_types[$field["field"]] = $conv_types[$field["type"]];
else
$fields_types[$field["field"]] = $field["type"];
fwrite($file, $fields_types[$field["field"]]);
if ($field["lengthvar"] != "-1")
fwrite($file, "(".$field["lengthvar"].")");
if ($field["notnull"] == "t")
fwrite($file, " NOT NULL");
}
fwrite($file, "\n -- );\n\n");
pg_free_result($result);
/* Now, the data */
$result = pg_query($dbconn, "SELECT * FROM \"".$TABLE."\"") or die('Query failed: ' . pg_last_error() . "\n");
if (pg_num_rows($result) > 0) {
fwrite($file, "INSERT INTO \"".$TABLE."\"\n (\n");
$i = pg_num_fields($result);
if ($DISPLAY_HTML && $HTML_HEADERS) echo "<HTML>\n<HEAD><TITLE>Purge</TITLE></HEAD>\n<BODY>\n";
if ($DISPLAY_HTML) echo "<TABLE>\n <TR>\n";
for ($j = 0; $j < $i; $j++) {
fwrite($file, ($j ? ", " : "") . "\"" . pg_escape_string(pg_field_name($result, $j)). "\"");
if ($DISPLAY_HTML) echo " <TD>".htmlentities(pg_field_name($result, $j))."</TD>\n";
}
fwrite($file, "\n )\n VALUES \n");
if ($DISPLAY_HTML) echo " </TR>\n";
$i = 0;
while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) {
if ($i++)
fwrite($file, ",\n");
fwrite($file, " ( ");
if ($DISPLAY_HTML) echo " <TR>\n";
$j = 0;
$sql = "";
foreach ($line as $f => $v) {
if (!is_null($v))
switch ($fields_types[$f]) {
case "bytea":
$v = "E'".pg_escape_bytea(pg_unescape_bytea($v))."'";
break;
case "timestamp with time zone":
$v = "E'".pg_escape_string($v)."'";
break;
}
else
$v = "NULL";
if ($DISPLAY_HTML) echo " <TD>".htmlentities(print_r($line[$f], TRUE))."</TD>\n";
fwrite($file, ($j ? ", " : "") . $v);
$sql .= ($j ? " AND " : "") . "\"".pg_escape_string($f)."\" ";
if (is_null($line[$f]))
$sql .= " IS NULL";
else
$sql .= " = " . $v;
$j++;
}
fwrite($file, ")");
if ($DISPLAY_HTML) echo " </TR>\n";
$res = pg_query( "DELETE FROM \"".$TABLE."\" WHERE ".$sql) or die('DELETE query failed: ' . pg_last_error() . "\n");
pg_free_result($res);
}
fwrite($file, "\n;\n");
if ($DISPLAY_HTML) echo "</TABLE>\n";
if ($DISPLAY_HTML && $HTML_HEADERS) echo "</BODY>\n</HTML>\n";
else echo $i." records have been successfully written to '".$DUMPFILE."' and removed from database.\n";
} else {
if ($DISPLAY_HTML) echo "<p><em>No new record in the database</em></p>\n";
else echo "No new record in the database, the generated file is empty.\n";
}
pg_free_result($result);
/* Closing connection */
pg_close($dbconn);
/* Closing the file */
fclose($file);
?>

189
lib/freeDiameter/contrib/debian/changelog Normal file
View File

@ -0,0 +1,189 @@
freediameter (1.2.0) UNRELEASED; urgency=low
* Major changes in the logging system to be more syslog and production friendly
* New extension: dict_dcca_3gpp
* New extension: dict_dcca_starent (Starent DCCA vendor-specific AVPs)
* New extension: rt_ignore_dh (hide network topology by proxying Destination-Host).
* New extension: rt_load_balance (load balancer based on pending queue size).
* New extension: rt_busypeers. See doc/rt_busypeers.conf.sample.
* New extension: dbg_msg_timings. Measures timing of message operations.
* New extension: dbg_msg_dumps. Use to control hooks display.
* New API (fd_hook_*) for extensions to control messages logging & profiling
* New API (fd_stats_*) for extensions to monitor framework state (e.g. SNMP implem)
* API change: all the fd_*_dump functions now return malloc'd strings instead of logging directly.
* API change: callback parameter of fd_rt_out_register had its signature updated.
* Updated dbg_monitoring extension to use the new API
* New script to generate dictionary extensions from org file (see contrib/tools)
* New compilation option: WORKAROUND_ACCEPT_INVALID_VSAI to improve compatibility
with invalid Vendor-Specific-Application-Id AVPs received from some equipments (e.g. Cisco).
* New compilation option: DISABLE_PEER_EXPIRY for use in test environments.
* Extensions are now also searched in LD_LIBRARY_PATH.
* Copy Proxy-Info AVP automatically in new answers.
* Port value 0 allowed in configuration to disable local server (e.g. disable non-secure port).
* API change: fd_msg_send_timeout now takes a separate callback for timeout situation.
* Function changes: fd_msg_dump_* now split in three different type of output.
* New test testmesg_stress to measure message parser performance
* Fix termination of the framework to avoid failures.
* Fix invalid timespec value in peer PSM appearing randomly (leading to crash).
* Return DIAMETER_LOOP_DETECTED if local peer in the Route-Record list of a message.
* Allow running without TLS configuration.
* Upgraded SCTP code to comply with RFC 6458
* Using default secure Diameter port number 5658 as per RFC 6733
* Updated TLS code for performance improvements with new GNU TLS.
* Fix interlocking problem when large number of requests were failed over.
* New option in test_app.fdx extension for long messages payload.
* Performance improvement in message sending code path.
-- Sebastien Decugis <sdecugis@freediameter.net> Sat, 14 Sep 2013 18:08:07 +0800
freediameter (1.1.6) UNRELEASED; urgency=low
* Fix major issue in 1.1.5 preventing to send answers to a received message.
* New command-line option: --enable_msg_log=( DROPPED | RECEIVED | SENT | NODELIVER | TIMING )
* Improved parsing error handling and Failed-AVP generation.
* Added support for some timings measurements in freeDiameter (in the logs)
* Fix port handling when using non-default port.
* Some cleanups in several dictionary files.
* New option to fd_dict_search: AVP_BY_STRUCT
* Improved compatibility with C++ compilers.
* Cleanups in sessions creation/destruction to avoid memory corruption under stress.
* Add support for "include" directive in freeDiameter.conf file.
-- Sebastien Decugis <sdecugis@freediameter.net> Sun, 03 Mar 2013 07:40:43 +0100
freediameter (1.1.5) UNRELEASED; urgency=low
* Added compatibility with MAC OS X
* Fix behavior of timeout whe nsending messages to allow re-send.
* Several cleanups and new contributions included.
* Added dependency on C++ compiler for CMakeLists.txt
-- Sebastien Decugis <sdecugis@freediameter.net> Sat, 03 Nov 2012 17:58:11 +0100
freediameter (1.1.4) UNRELEASED; urgency=low
* Compatibility with GnuTLS 3.x versions / updated packaging files accordingly
* Fix crash on Sparc 64 (possibly other 64b machines)
* Updated dict_dcca in extensions and contrib (thanks Konstantin)
* Changed dumping of messages to avoid interleaved information
-- Sebastien Decugis <sdecugis@freediameter.net> Fri, 24 Aug 2012 00:17:05 +0200
freediameter (1.1.3) UNRELEASED; urgency=low
* Fixed a memory leak
* Clean-up of some extensions
-- Sebastien Decugis <sdecugis@freediameter.net> Tue, 03 Jul 2012 08:15:49 +0200
freediameter (1.1.2) UNRELEASED; urgency=low
* FIFO queues are now capped to avoid memory exhaustion.
* Cleanups in MIPv6 dictionaries.
* app_acct upgraded: enabled vendor-specific AVP logging, thread-safe version.
* New function: fd_dict_getlistof to list dictionary contents.
* New function: fd_dict_delete to remove an entry (dangerous function!)
* New function: fd_sess_getcount to get count of session objects.
* A few additional bug fixes, check hg log for details.
-- Sebastien Decugis <sdecugis@freediameter.net> Tue, 21 Feb 2012 18:38:10 +0100
freediameter (1.1.1) UNRELEASED; urgency=low
* Bug fix release
* Supports newer GNUTLS versions
* Allow empty OctetString AVPs (l=0)
* Allow two instances of freeDiameter on a single host.
-- Sebastien Decugis <sdecugis@nict.go.jp> Fri, 30 Sep 2011 21:56:50 +0200
freediameter (1.1.0) UNRELEASED; urgency=low
* Source package restructured. Most of the
framework now contained in the libfdcore library.
libfreeDiameter renamed as libfdproto.
This closes #15.
* API version bumped to version 4.
* Improved fd_dict_new() when the same object already exists.
* Improvements to dict_legacy_xml extension.
* Cleanups in links to shared libraries
* (app_radgw.fdx) Better handling conversion of DEA with error status
to RADIUS (closes #25)
* Allow default signals such as SIGTSTP (ctrl-z) to be used with
freeDiameterd
* Improved DiameterIdentity handling (esp. interationalization issues),
and improve efficiency of some string operations in peers, sessions,
and dictionary modules (closes #7)
* Cleanup in the session module to free only unreferenced sessions (#16)
* Removed fd_cpu_flush_cache(), replaced by more robust alternatives.
* Improved peer state machine algorithm to counter SCTP multistream race
condition.
* New extension rt_redirect.fdx that handles the Diameter Redirect errors.
* New extension app_redirect that allows sending Redirect indications to
other peers. See doc/app_redirect.conf.sample for more information.
* Added incomplete dictionary extension for rfc4006 (DCCA), courtesy
of Konstantin Chekushin <koch@lmt.lv>
-- Sebastien Decugis <sdecugis@freediameter.net> Tue, 29 Mar 2011 10:41:19 +0900
freediameter (1.0.4) UNRELEASED; urgency=low
* Added new API to specify timeout on receiving answer (#10)
* Bumped API version number accordingly.
* New test_netemul extension (simple network emulator proxy)
* Improved API compatibility to C++ compilers
-- Sebastien Decugis <sdecugis@nict.go.jp> Tue, 11 Jan 2011 12:28:22 +0900
freediameter (1.0.3) UNRELEASED; urgency=low
* Fixed a couple of issues for portability (#21, #22, #23)
* Fixed issue with ListenOn bit ordering (#20)
* Added dictionary support for MIPv6 application objects.
* Added dictionary support for legacy XML files.
* Added python interface dbg_interactive (experimental).
* Added parameters to fd_disp_register() and fd_sess_handler_create(),
Bumped API version number accordingly.
-- Sebastien Decugis <sdecugis@nict.go.jp> Tue, 14 Dec 2010 11:39:29 +0900
freediameter (1.0.2) UNRELEASED; urgency=low
* Fix an issue in app_diameap.fdx with user names (#18)
* Allow DH parameters loaded from a file (#17)
* Fixed a few compilation warnings on 64bits architectures.
* New ALL_EXTENSIONS build option.
-- Sebastien Decugis <sdecugis@nict.go.jp> Wed, 27 Oct 2010 11:17:32 +0900
freediameter (1.0.1) UNRELEASED; urgency=low
* app_acct.fdx: new set of PHP scripts available in source
contrib/app_acct_tools
* app_acct.fdx: new directive 'Server_name_field' in the
configuration.
* app_radgw.fdx: new directive 'nonai' in acct and auth plugins to
disable NAI processing.
* app_radgw.fdx: New support for RADIUS proxies.
* app_radgw.fdx: many bug fixes.
* daemon: Check the local certificate is valid during TLS
initialization.
* daemon: Fixed issue for IP addresses in the form x.x.x.235
* daemon: new option --dbg_gnutls to get GNUTLS debug messages.
* debian: some cleanups in the packaging (dependencies, meta-data)
* rt_ereg.fdx: New routing extension based on regular expression
matching in package freediameter-daemon.
-- Sebastien Decugis <sdecugis@nict.go.jp> Wed, 15 Sep 2010 18:30:28 +0900
freediameter (1.0.0-2) experimental; urgency=low
* Official release 1.0.0
-- Sebastien Decugis <sdecugis@nict.go.jp> Thu, 29 Jul 2010 17:27:13 +0900
freediameter (1.0.0-1) experimental; urgency=low
* Initial Release.
-- Sebastien Decugis <sdecugis@nict.go.jp> Wed, 19 May 2010 15:36:54 +0900

1
lib/freeDiameter/contrib/debian/compat Normal file
View File

@ -0,0 +1 @@
7

228
lib/freeDiameter/contrib/debian/control Normal file
View File

@ -0,0 +1,228 @@
Source: freediameter
Section: contrib/net
Priority: extra
Maintainer: Sebastien Decugis <sdecugis@freediameter.net>
Build-Depends: debhelper ( >= 7.3.9),
cmake, make, gcc, g++, bison, flex,
libsctp-dev, libgnutls-dev | gnutls-dev, libidn11-dev,
libpq-dev, libmysqlclient-dev, libxml2-dev, swig, python-dev
Standards-Version: 3.8.3
Homepage: http://www.freediameter.net
Package: freediameter-common
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: The freeDiameter libraries.
This package contains the freeDiameter framework core libraries,
required by all freeDiameter components.
It may also be useful for other projects which need to
perform operations on Diameter messages.
.
The freeDiameter framework provides support for the Diameter
Base Protocol. Without any extension, the framework can only
be used as a Diameter routing agent. You probably want to
install some freeDiameter extension(s) to extend its
features, and also the freediameter-daemon package that
will initialize the framework for you.
.
See 'freeDiameter-dev' package to retrieve the API for the library.
Package: freediameter-dev
Architecture: any
Section: contrib/devel
Depends: freediameter-common (= ${binary:Version}), libsctp-dev, libgnutls-dev, libgcrypt-dev
Description: This package provides the development files for freeDiameter.
Package: freediameter-daemon
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, freediameter-common (= ${binary:Version})
Suggests: ssl-cert, freediameter-dictionary-rfc4005, freediameter-dictionary-rfc4072, freediameter-dictionary-rfc4740,
freediameter-dictionary-mip6, freediameter-dictionary-legacy
Description: The freeDiameter daemon.
This daemon is a simple loader for the freeDiameter framework.
It is shipped with a small set of extensions, for
example to configure the routing behavior. See the
examples in /usr/share/freediameter* for more details.
Package: freediameter-debug-tools
Architecture: any
Section: contrib/debug
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
Suggests: python, libmysqlclient16
Description: freeDiameter debug tools.
This package provides useful tools to help tracking
problems in freeDiameter installation. For example,
the dbg_interactive.fdx extension allows access to the
framework via a python interpreter console.
Package: freediameter-dictionary-rfc4005
Architecture: any
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
Description: RFC4005 (NASREQ) dictionary support.
This freeDiameter extension provides the dictionary support
for commands and AVP defined in RFC4005 (NASREQ).
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension does not require a configuration file.
Package: freediameter-dictionary-rfc4006
Architecture: any
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
Description: RFC4006 (DCCA) dictionary support (incomplete).
This freeDiameter extension provides the dictionary support
for commands and AVP defined in RFC4006 (DCCA).
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension does not require a configuration file.
.
Currently this extension is not complete: only AVP definitions
are included. See the source file for more details.
Package: freediameter-dictionary-rfc4072
Architecture: any
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version}), freediameter-dictionary-rfc4005 (= ${binary:Version})
Description: RFC4072 (Diameter EAP) dictionary support.
This freeDiameter extension provides the dictionary support
for commands and AVP defined in RFC4072 (Diameter EAP).
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension does not require a configuration file.
Package: freediameter-dictionary-rfc4740
Architecture: any
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
Description: RFC4740 (Diameter SIP) dictionary support.
This freeDiameter extension provides the dictionary support
for commands and AVP defined in RFC4740 (Diameter SIP).
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension does not require a configuration file.
Package: freediameter-dictionary-mip6
Architecture: any
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
Description: Diameter Mobile IPv6 application dictionary support.
This package contains a set of extensions to provide the support
for commands and AVP defined in several RFCs related to
Diameter MIPv6. It is split is several extensions:
mip6a, mip6i, nas-mipv6, rfc5777.
.
In order to use these extensions, your main freeDiameter
configuration file must contain LoadExtension directives.
See freeDiameter documentation for more details.
.
These extensions do not require a configuration file.
Package: freediameter-dictionary-legacy
Architecture: any
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version}), libxml2
Description: Legacy XML dictionary files support.
This freeDiameter extension allows the use of XML dictionary
files with the freeDiameter framework. Please note that
dictionaries provided as XML files come with less features
than native binary format, so the later should be preferred
when possible.
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension requires a configuration file. See
dict_legacy_xml.conf.sample for documentation.
Package: freediameter-radius-gateway
Architecture: any
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version})
Suggests: freediameter-dictionary-rfc4072 (= ${binary:Version}), freediameter-dictionary-rfc4740 (= ${binary:Version})
Description: RADIUS/Diameter extensible gateway.
This freeDiameter extension implements a RADIUS to Diameter
gateway. It allows a RADIUS client to connect to a Diameter
server.
.
The support for specific Diameter applications and/or RADIUS
extensions is provided in the gateway by the use of plugins.
Currently, the following plugins are available:
- echodrop.rgwx : drop or echo a RADIUS attribute.
The attribute is not converted to Diameter.
See echodrop.rgwx.conf.sample for details.
- auth.rgwx : Convert Access-Request to Diameter AAR or DER.
Requests For Comments: RADIUS: 2865, 3162, 2868,
2869, 3579; Diameter: 4005, 4072.
Requires freediameter-dictionary-rfc4072.
- sip.rgwx : Convert Access-Request to Diameter SIP messages.
Requests For Comments: Diameter: 4740.
Requires freediameter-dictionary-rfc4740.
- acct.rgwx : Converts Accounting-Request (2866) to Diameter
ACR (3588).
Requires freediameter-dictionary-rfc4072.
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension requires a configuration file.
See app_radgw.conf.sample for more details.
Package: freediameter-accounting-server
Architecture: any
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version}), libpq5
Suggests: freediameter-dictionary-rfc4072
Description: freeDiameter simple Accounting server.
This freeDiameter extension implements the Diameter Base
Accounting application. It saves the accounting records
in a PostgreSQL database backend in a highly configurable
maneer.
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension requires a configuration file.
See app_acct.conf.sample for more details.
.
You may find some useful resources to parse the saved records
in the contrib/app_acct_tools folder in source package.
Package: freediameter-eap-server
Architecture: any
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version}), libmysqlclient16, freediameter-dictionary-rfc4072 (= ${binary:Version})
Description: freeDiameter Diameter EAP server implementation.
This freeDiameter extension implements a Diameter EAP server.
It supports EAP-MD5 and EAP-TLS methods currently.
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension requires a configuration file.
See app_diameap.conf.sample and
http://diameap.yagami.freediameter.net for more details.
Package: freediameter-sip-server
Architecture: any
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version}), libmysqlclient16, freediameter-dictionary-rfc4740 (= ${binary:Version})
Description: freeDiameter Diameter SIP server implementation.
This freeDiameter extension implements a prototype
Diameter SIP server.
See http://www.freediameter.net/trac/wiki/app_sip.fdx for
status information.
.
In order to use this extension, your main freeDiameter
configuration file must contain a LoadExtension directive.
See freeDiameter documentation for more details.
.
This extension requires a configuration file.
See app_sip.conf.sample for more details.

35
lib/freeDiameter/contrib/debian/copyright Normal file
View File

@ -0,0 +1,35 @@
Format-Specification: http://dep.debian.net/deps/dep5/
Name: freeDiameter
Maintainer: Sebastien Decugis <sdecugis@freediameter.net>
Source: http://www.freediameter.net
Files: *
Copyright: 2008-2011, WIDE Project and NICT.
License: BSD
Redistribution and use of this software in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
.
* Redistributions of source code must retain the above
copyright notice, this list of conditions and the
following disclaimer.
.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other
materials provided with the distribution.
.
* Neither the name of the WIDE Project or NICT nor the
names of its contributors may be used to endorse or
promote products derived from this software without
specific prior written permission of WIDE Project and
NICT.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

1
lib/freeDiameter/contrib/debian/dirs Normal file
View File

@ -0,0 +1 @@
etc/freeDiameter/

3
lib/freeDiameter/contrib/debian/docs Normal file
View File

@ -0,0 +1,3 @@
INSTALL*
LICENSE
README

1
lib/freeDiameter/contrib/debian/freediameter-accounting-server.examples Normal file
View File

@ -0,0 +1 @@
doc/app_acct.conf.sample

1
lib/freeDiameter/contrib/debian/freediameter-accounting-server.install Normal file
View File

@ -0,0 +1 @@
usr/lib/freeDiameter/app_acct.fdx

5
lib/freeDiameter/contrib/debian/freediameter-common.examples Normal file
View File

@ -0,0 +1,5 @@
doc/freediameter.conf.sample
doc/acl_wl.conf.sample
doc/rt_default.conf.sample
doc/rt_ereg.conf.sample
doc/single_host

6
lib/freeDiameter/contrib/debian/freediameter-common.install Normal file
View File

@ -0,0 +1,6 @@
usr/lib/libfdproto.so*
usr/lib/libfdcore.so*
usr/lib/freeDiameter/acl_wl.fdx
usr/lib/freeDiameter/rt_default.fdx
usr/lib/freeDiameter/rt_ereg.fdx
usr/lib/freeDiameter/dbg_monitor.fdx

7
lib/freeDiameter/contrib/debian/freediameter-daemon.default Normal file
View File

@ -0,0 +1,7 @@
# Defaults for freediameter initscript
# sourced by /etc/init.d/freediameter
# installed at /etc/default/freediameter by the maintainer scripts
# Additional options that are passed to the Daemon.
# See "freeDiameterd --help" for supported flags.
DAEMON_OPTS=""

160
lib/freeDiameter/contrib/debian/freediameter-daemon.init Normal file
View File

@ -0,0 +1,160 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: freediameter
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Short-Description: Start freeDiameter daemon at boot time
# Description: Start the freeDiameter daemon at boot time.
# freeDiameter is an extensible implementation of the Diameter protocol,
# designed for Authentication, Authorization and Accounting. Diameter is
# an evolution of the RADIUS protocol.
### END INIT INFO#
DAEMON=/usr/bin/freeDiameterd
CONF=/etc/freeDiameter/freeDiameter.conf
NAME=freediameter
DESC="freeDiameter daemon"
test -x $DAEMON || exit 0
LOGDIR=/var/log/freediameter
PIDFILE=/var/run/$NAME.pid
DODTIME=30 # Time to wait for the server to die, in seconds
# The value is high because we wait for STA answers
# before disconnecting the peers.
# Include freediameter defaults if available
if [ -f /etc/default/freediameter ] ; then
. /etc/default/freediameter
fi
test x"" != x$DAEMON_OPTS || test -f $CONF || exit 0
set -e
running_pid()
{
# Check if a given process pid's cmdline matches a given name
pid=$1
name=$2
[ -z "$pid" ] && return 1
[ ! -d /proc/$pid ] && return 1
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
# Is this the expected child?
[ "$cmd" != "$name" ] && return 1
return 0
}
running()
{
# Check if the process is running looking at /proc
# (works for all users)
# No pidfile, probably no daemon present
[ ! -f "$PIDFILE" ] && return 1
# Obtain the pid and check it against the binary name
pid=`cat $PIDFILE`
running_pid $pid $DAEMON || return 1
return 0
}
force_stop() {
# Forcefully kill the process
[ ! -f "$PIDFILE" ] && return
if running ; then
kill -15 $pid
# Is it really dead?
[ -n "$DODTIME" ] && sleep "$DODTIME"s
if running ; then
kill -9 $pid
[ -n "$DODTIME" ] && sleep "$DODTIME"s
if running ; then
echo "Cannot kill $LABEL (pid=$pid)!"
exit 1
fi
fi
fi
rm -f $PIDFILE
return 0
}
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $DAEMON_OPTS
if running ; then
echo "$NAME."
else
echo " ERROR."
fi
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
--exec $DAEMON
echo "$NAME."
;;
force-stop)
echo -n "Forcefully stopping $DESC: "
force_stop
if ! running ; then
echo "$NAME."
else
echo " ERROR."
fi
;;
#reload)
#
# If the daemon can reload its config files on the fly
# for example by sending it SIGHUP, do it here.
#
# If the daemon responds to changes in its config file
# directly anyway, make this a do-nothing entry.
#
# echo "Reloading $DESC configuration files."
# start-stop-daemon --stop --signal 1 --quiet --pidfile \
# /var/run/$NAME.pid --exec $DAEMON
#;;
force-reload)
#
# If the "reload" option is implemented, move the "force-reload"
# option to the "reload" entry above. If not, "force-reload" is
# just the same as "restart" except that it does nothing if the
# daemon isn't already running.
# check wether $DAEMON is running. If so, restart
start-stop-daemon --stop --test --quiet --pidfile \
/var/run/$NAME.pid --exec $DAEMON \
&& $0 restart \
|| exit 0
;;
restart)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
/var/run/$NAME.pid --exec $DAEMON
[ -n "$DODTIME" ] && sleep $DODTIME
start-stop-daemon --start --quiet --pidfile \
/var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
status)
echo -n "$LABEL is "
if running ; then
echo "running"
else
echo " not running."
exit 1
fi
;;
*)
N=/etc/init.d/$NAME
# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
exit 1
;;
esac
exit 0

1
lib/freeDiameter/contrib/debian/freediameter-daemon.install Normal file
View File

@ -0,0 +1 @@
usr/bin/freeDiameterd*

3
lib/freeDiameter/contrib/debian/freediameter-debug-tools.examples Normal file
View File

@ -0,0 +1,3 @@
doc/test_app.conf.sample
doc/test_netemul.conf.sample
doc/dbg_interactive.py.sample

5
lib/freeDiameter/contrib/debian/freediameter-debug-tools.install Normal file
View File

@ -0,0 +1,5 @@
usr/lib/freeDiameter/dbg_rt.fdx
usr/lib/freeDiameter/test_app.fdx
usr/lib/freeDiameter/test_sip.fdx
usr/lib/freeDiameter/test_netemul.fdx
usr/lib/freeDiameter/dbg_interactive.fdx

1
lib/freeDiameter/contrib/debian/freediameter-dev.install Normal file
View File

@ -0,0 +1 @@
usr/include/freeDiameter/*

2
lib/freeDiameter/contrib/debian/freediameter-dictionary-legacy.examples Normal file
View File

@ -0,0 +1,2 @@
doc/dict_legacy_xml.conf.sample
contrib/dict_legacy/dictionary.dtd

1
lib/freeDiameter/contrib/debian/freediameter-dictionary-legacy.install Normal file
View File

@ -0,0 +1 @@
usr/lib/freeDiameter/dict_legacy_xml.fdx

4
lib/freeDiameter/contrib/debian/freediameter-dictionary-mip6.install Normal file
View File

@ -0,0 +1,4 @@
usr/lib/freeDiameter/dict_nas_mipv6.fdx
usr/lib/freeDiameter/dict_mip6i.fdx
usr/lib/freeDiameter/dict_mip6a.fdx
usr/lib/freeDiameter/dict_rfc5777.fdx

1
lib/freeDiameter/contrib/debian/freediameter-dictionary-rfc4005.install Normal file
View File

@ -0,0 +1 @@
usr/lib/freeDiameter/dict_nasreq.fdx

1
lib/freeDiameter/contrib/debian/freediameter-dictionary-rfc4006.install Normal file
View File

@ -0,0 +1 @@
usr/lib/freeDiameter/dict_dcca.fdx

1
lib/freeDiameter/contrib/debian/freediameter-dictionary-rfc4072.install Normal file
View File

@ -0,0 +1 @@
usr/lib/freeDiameter/dict_eap.fdx

1
lib/freeDiameter/contrib/debian/freediameter-dictionary-rfc4740.install Normal file
View File

@ -0,0 +1 @@
usr/lib/freeDiameter/dict_sip.fdx

2
lib/freeDiameter/contrib/debian/freediameter-eap-server.examples Normal file
View File

@ -0,0 +1,2 @@
doc/app_diameap.conf.sample
doc/eap_tls_plugin.diameap.conf.sample

2
lib/freeDiameter/contrib/debian/freediameter-eap-server.install Normal file
View File

@ -0,0 +1,2 @@
usr/lib/freeDiameter/app_diameap.fdx
usr/lib/freeDiameter/*.emp

2
lib/freeDiameter/contrib/debian/freediameter-radius-gateway.examples Normal file
View File

@ -0,0 +1,2 @@
doc/app_radgw.conf.sample
doc/echodrop.rgwx.conf.sample

2
lib/freeDiameter/contrib/debian/freediameter-radius-gateway.install Normal file
View File

@ -0,0 +1,2 @@
usr/lib/freeDiameter/app_radgw.fdx
usr/lib/freeDiameter/*.rgwx

4
lib/freeDiameter/contrib/debian/freediameter-sip-server.examples Normal file
View File

@ -0,0 +1,4 @@
doc/app_sip.conf.sample
doc/app_sip.sql
doc/app_sip_SL.sql
doc/test_sip.conf.sample

3
lib/freeDiameter/contrib/debian/freediameter-sip-server.install Normal file
View File

@ -0,0 +1,3 @@
usr/lib/freeDiameter/app_sip.fdx
usr/share/doc/freeDiameter-sip-server/*
usr/bin/freediameter-sip-*

31
lib/freeDiameter/contrib/debian/rules Executable file
View File

@ -0,0 +1,31 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
#
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
#
# Modified to make a template file for a multi-binary package with separated
# build-arch and build-indep targets by Bill Allombert 2001
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
# This has to be exported to make some magic below work.
export DH_OPTIONS
# Comment this out if you want to include the tests when the package is built
skip_the_tests=-DBUILD_TESTING:BOOL=OFF
%:
dh $@
override_dh_auto_configure:
dh_auto_configure -- $(skip_the_tests) \
-DCMAKE_BUILD_TYPE:STRING=DebianPackage \
-DDEFAULT_CONF_PATH:PATH=/etc/freeDiameter \
-DALL_EXTENSIONS:BOOL=ON

3
lib/freeDiameter/contrib/debian/update_changelog.txt Normal file
View File

@ -0,0 +1,3 @@
new release: dch -v 1.0.3 -D UNRELEASED --release-heuristic log
Simple addition: dch "changelog entry text"

5
lib/freeDiameter/contrib/dict_dcca/README Normal file
View File

@ -0,0 +1,5 @@
Files provided courtesy of Konstantin Chekushin under the same license as freeDiameter.
Comment:
"They are not full, I've filled only that I wanted to use in our app_dcca module. "

841
lib/freeDiameter/contrib/dict_dcca/dict_dcca_3gpp.c Normal file
View File

@ -0,0 +1,841 @@
/*
* Dictionary definitions of objects specified in DCCA (Nokia, 3GPP).
*/
#include <freeDiameter/extension.h>
/* The content of this file follows the same structure as dict_base_proto.c */
#define CHECK_dict_new( _type, _data, _parent, _ref ) \
CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) );
#define CHECK_dict_search( _type, _criteria, _what, _result ) \
CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) );
struct local_rules_definition {
char *avp_name;
enum rule_position position;
int min;
int max;
};
#define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 )
#define PARSE_loc_rules( _rulearray, _parent) { \
int __ar; \
for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \
struct dict_rule_data __data = { NULL, \
(_rulearray)[__ar].position, \
0, \
(_rulearray)[__ar].min, \
(_rulearray)[__ar].max}; \
__data.rule_order = RULE_ORDER(__data.rule_position); \
CHECK_FCT( fd_dict_search( \
fd_g_config->cnf_dict, \
DICT_AVP, \
AVP_BY_NAME, \
(_rulearray)[__ar].avp_name, \
&__data.rule_avp, 0 ) ); \
if ( !__data.rule_avp ) { \
TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \
return ENOENT; \
} \
CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \
{ \
TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \
(_rulearray)[__ar].avp_name ); \
return EINVAL; \
} ); \
} \
}
#define enumval_def_u32( _val_, _str_ ) \
{ _str_, { .u32 = _val_ }}
#define enumval_def_os( _len_, _val_, _str_ ) \
{ _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}}
static int dict_dcca_3gpp_entry(char * conffile)
{
TRACE_ENTRY("%p", conffile);
/* Applications section */
{
/* Create the vendors */
{
struct dict_vendor_data vendor_data = { 10415, "3GPP" };
CHECK_FCT(fd_dict_new(fd_g_config->cnf_dict, DICT_VENDOR, &vendor_data, NULL, NULL));
}
}
/* AVP section */
{
struct dict_object * Address_type;
struct dict_object * UTF8String_type;
struct dict_object * DiameterIdentity_type;
struct dict_object * DiameterURI_type;
struct dict_object * Time_type;
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Address", &Address_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterIdentity", &DiameterIdentity_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterURI", &DiameterURI_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Time", &Time_type);
/* Reporting-Reason */
{
/*
Enumerated. Will be present if quota was
exhausted for one or more metering types. Only
one Reporting-Reason AVP can be present in the
Used-Service-Unit AVP. (Note that the Reporting-
Reason AVP may be present also at the MSCC
level; see below.)
The following values are supported:
QUOTA_EXHAUSTED(3); Quota for the
associated metering type has been
exhausted. With this reporting reason there is
only one metering type in this Used-Service-
Unit AVP.
OTHER_QUOTA_TYPE(5); Quota for one or
more of the other metering types has been
exhausted. With this reporting reason there
may be multiple metering types in Used-
Service-Unit AVP.
POOL_EXHAUSTED(8); Quota from the
credit pool has been exhausted. This reporting
reason is used if the quota for the associated
metering type was granted from a credit pool
by using the GSU-Pool-Reference AVP in the
CCA. With this reporting reason there is only
one metering type in the Used-Service-Unit
AVP.
*/
struct dict_object *type;
struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(Reporting-Reason)" , NULL, NULL, NULL };
struct dict_enumval_data t_1 = { "QHT", { .i32 = 1 }};
struct dict_enumval_data t_2 = { "FINAL", { .i32 = 2 }};
struct dict_enumval_data t_3 = { "QUOTA_EXHAUSTED", { .i32 = 3 }};
struct dict_enumval_data t_4 = { "VALIDITY_TIME", { .i32 = 4 }};
struct dict_enumval_data t_5 = { "OTHER_QUOTA_TYPE", { .i32 = 5 }};
struct dict_enumval_data t_6 = { "RATING_CONDITION_CHANGE", { .i32 = 6 }};
struct dict_enumval_data t_7 = { "FORCED_REAUTHORIZATION", { .i32 = 7 }};
struct dict_enumval_data t_8 = { "POOL_EXHAUSTED", { .i32 = 8 }};
struct dict_avp_data data = {
872, /* Code */
10415, /* Vendor */
"Reporting-Reason", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_INTEGER32 /* base type of data */
};
/* Create the Enumerated type, and then the AVP */
CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
CHECK_dict_new( DICT_ENUMVAL, &t_3 , type, NULL);
CHECK_dict_new( DICT_ENUMVAL, &t_5 , type, NULL);
CHECK_dict_new( DICT_ENUMVAL, &t_8 , type, NULL);
CHECK_dict_new( DICT_AVP, &data , type, NULL);
}
/* Trigger */
{
/*
Grouped. The presence of the Trigger AVP in the
CCR identifies the event(s) triggering the CCR.
*/
struct dict_avp_data data = {
1264, /* Code */
10415, /* Vendor */
"Trigger", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_GROUPED /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Trigger-Type */
{
/*
Enumerated. One or more of these AVPs may be
present. Indicates the event that triggered the
MSCC. Supported values are:
CHANGE_IN_SGSN_IP_ADDRESS (1), a change in the SGSN address.
CHANGEINQOS_ANY (2), a change in the QoS profile
CHANGEINRAT (4), a change in radio access technology
*/
struct dict_object *type;
struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(Trigger-Type)" , NULL, NULL, NULL };
struct dict_enumval_data t_1 = { "CHANGE_IN_SGSN_IP_ADDRESS", { .i32 = 1 }};
struct dict_enumval_data t_2 = { "CHANGEINQOS_ANY", { .i32 = 2 }};
struct dict_enumval_data t_4 = { "CHANGEINRAT", { .i32 = 4 }};
struct dict_avp_data data = {
870, /* Code */
10415, /* Vendor */
"Trigger-Type", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_INTEGER32 /* base type of data */
};
/* Create the Enumerated type, and then the AVP */
CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
CHECK_dict_new( DICT_ENUMVAL, &t_1 , type, NULL);
CHECK_dict_new( DICT_ENUMVAL, &t_2 , type, NULL);
CHECK_dict_new( DICT_ENUMVAL, &t_4 , type, NULL);
CHECK_dict_new( DICT_AVP, &data , type, NULL);
}
/* Service-Information */
{
/*
Grouped. The Service-Information purpose is to
allow the transmission of additional 3GPP service
specific information elements (3GPP 32.299
Rel7).
*/
struct dict_avp_data data = {
873, /* Code */
10415, /* Vendor */
"Service-Information", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_GROUPED /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* PS-Information */
{
/*
Grouped. Its purpose is to allow the transmission
of additional PS service specific information
elements (3GPP 32.299 Rel7).
*/
struct dict_avp_data data = {
874, /* Code */
10415, /* Vendor */
"PS-Information", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_GROUPED /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* PDP-Address */
{
/*
Address. Present only in the initial CCR. Contains
the user equipment IP address. This AVP is
defined in 3GPP 32.299 Rel7.
*/
struct dict_avp_data data = {
1227, /* Code */
10415, /* Vendor */
"PDP-Address", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
}
/* 3GPP-IMSI */
{
/*
IMSI encoded in UTF-8 per 3GPP TS 23.003. No
padding. Maximum length of data: 15.
*/
struct dict_avp_data data = {
1, /* Code */
10415, /* Vendor */
"3GPP-IMSI", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-Charging-Id */
{
/*
Unsigned32. (3GPP TS 29.061 Rel7) . The
charging identifier for the PDP context. The Flexi
ISN generates the 3GPP charging ID for both
virtual and normal PDP contexts with one excep-
tion. If the Flexi ISN acts as a NAS server and the
charging ID selection is set to NAS Client, the
charging ID will be the NAand not the 3GPP charging ID of Flexi ISN.
Present in the initial CCR only.S client
*/
struct dict_avp_data data = {
2, /* Code */
10415, /* Vendor */
"3GPP-Charging-Id", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_UNSIGNED32 /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* 3GPP-PDP-Type */
{
/*
Enumerated. (3GPP TS 29.061 Rel7 ). Type of
PDP context, for example, IP or PPP. Present in
the initial CCR only.
0 = IPv4
1 = PPP
2 = IPv6
3 = IPv4v6
*/
struct dict_avp_data data = {
3, /* Code */
10415, /* Vendor */
"3GPP-PDP-Type", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_UNSIGNED32 /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* 3GPP-CG-Address */
{
/*
OctetString. (3GPP TS 29.061 Rel4). The address
of the charging gateway that has been marked as
the default charging gateway for the PDP context.
The address is expressed as a four-byte integer.
Present in the initial CCR only.
*/
struct dict_avp_data data = {
4, /* Code */
10415, /* Vendor */
"3GPP-CG-Address", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
}
/* 3GPP-GPRS-Negotiated-QoS-Profile */
{
/*
UTF8String. (3GPP TS 29.061 Rel7 ). The QoS
profile applied by the Flexi ISN. In update and ter-
mination requests, this AVP is present only when
the CCR has been triggered by a PDP context
update affecting the negotiated QoS
Each octet is described by two UTF-8-encoded
characters denoting the hexadecimal
representation.
*/
struct dict_avp_data data = {
5, /* Code */
10415, /* Vendor */
"3GPP-GPRS-Negotiated-QoS-Profile", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-SGSN-Address */
{
/*
OctetString. (3GPP TS 29.061 Rel4). The address
of the charging gateway that has been marked as
the default charging gateway for the PDP context.
The address is expressed as a four-byte integer.
Present in the initial CCR only.
*/
struct dict_avp_data data = {
6, /* Code */
10415, /* Vendor */
"3GPP-SGSN-Address", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
}
/* 3GPP-GGSN-Address */
{
/*
OctetString. (3GPP TS 29.061 Rel4). Usually the
IP address of Flexi ISN. The only exception is
when the Flexi ISN acts as a NAS server and the
charging ID selection is set to NAS Client; then the
GGSN IP address will be the NAIP address. Present in the initial CCR only.S client
*/
struct dict_avp_data data = {
7, /* Code */
10415, /* Vendor */
"3GPP-GGSN-Address", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
}
/* 3GPP-IMSI-MCC-MNC */
{
/*
UTF8String. MCC and MNC extracted from the
user's IMSI (first 5 or 6 digits, as applicable from
the presented IMSI). The MCC-MNCs are
extracted from the tables configured in FlexiISN
configuration under the General and Roaming
configurations.
*/
struct dict_avp_data data = {
8, /* Code */
10415, /* Vendor */
"3GPP-IMSI-MCC-MNC", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-GGSN-MCC-MNC */
{
/*
UTF8String. (3GPP TS 29.061 Rel7 ). Contains
the mobile country and network code of the PLMN
that the Flexi ISN belongs to. Present in the initial
CCR only. The first entry in the list of local PLMNs
in the Flexi ISN configuration determines the value
of this AVP.
*/
struct dict_avp_data data = {
9, /* Code */
10415, /* Vendor */
"3GPP-GGSN-MCC-MNC", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-NSAPI */
{
/*
UTF8String. (3GPP TS 29.061 Rel7 ). Indicates
the NSAPI of the PDP context. Contains one octet
consisting of a single digit. Present in the initial
CCR only.
*/
struct dict_avp_data data = {
10, /* Code */
10415, /* Vendor */
"3GPP-NSAPI", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-Session-Stop-Indicator */
{
/*
OctetString. (3GPP TS 29.061 Rel4). The
presence of this AVP indicates that the last
context of the PDP session has been deleted. May
be present in the termination CCR only. Contains
one octet that has a value of 0xff.
*/
struct dict_avp_data data = {
11, /* Code */
10415, /* Vendor */
"3GPP-Session-Stop-Indicator", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* 3GPP-Selection-Mode */
{
/*
UTF8String. (3GPP TS 29.061 Rel7 ). Consists of
one octet containing the selection mode as
received from SGSN in the Create PDP Context
Request. Present in the initial CCR only.
*/
struct dict_avp_data data = {
12, /* Code */
10415, /* Vendor */
"3GPP-Selection-Mode", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-Charging-Characteristics */
{
/*
UTF8String. (3GPP TS 29.061 Rel7 ). The
charging characteristics for the PDP context.
Present in the initial CCR only. Consists of four
octets. Each octet contains a single UTF-8
encoded digit. The content of the charging charac-
teristics is described in 3GPP TS 32.215.
*/
struct dict_avp_data data = {
13, /* Code */
10415, /* Vendor */
"3GPP-Charging-Characteristics", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-CG-IPv6-Address */
{
/*
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). The
IPv6 address of the charging gateway.
*/
struct dict_avp_data data = {
14, /* Code */
10415, /* Vendor */
"3GPP-CG-IPv6-Address", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-SGSN-IPv6-Address */
{
/*
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). The
IPv6 address of the SGSN.
*/
struct dict_avp_data data = {
15, /* Code */
10415, /* Vendor */
"3GPP-SGSN-IPv6-Address", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-GGSN-IPv6-Address */
{
/*
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). The
IPv6 address of the GGSN.
*/
struct dict_avp_data data = {
16, /* Code */
10415, /* Vendor */
"3GPP-GGSN-IPv6-Address", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-GGSN-IPv6-DNS-Servers */
{
/*
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). List
of IPv6 addresses of DNS servers for an APN in
order of preference (max. 15 servers, 16 bytes
each).
*/
struct dict_avp_data data = {
17, /* Code */
10415, /* Vendor */
"3GPP-GGSN-IPv6-DNS-Servers", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-SGSN-MCC-MNC */
{
/*
UTF8String. (3GPP TS 29.061 Rel7 ). MCC and
MNC extracted from the RAI within Create or
Update PDP Context Request. In update and ter-
mination requests, this AVP is present only when
the CCR has been triggered by a routing area
update.
*/
struct dict_avp_data data = {
18, /* Code */
10415, /* Vendor */
"3GPP-SGSN-MCC-MNC", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* Missing: 3GPP-Teardown-Indicator (19) */
/* 3GPP-IMEISV */
{
/*
IMEI(SV) encoded as sequence of UTF8 characters.
*/
struct dict_avp_data data = {
20, /* Code */
10415, /* Vendor */
"3GPP-IMEISV", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* 3GPP-RAT-Type */
{
/*
OctetString. (3GPP TS 29.061 Rel7 ) Defines the
method used to access the network. Consists of a
single octet. The following values may be sent:
UTRAN (1), GERAN (2), WLAN (3), NAS (254),
Unspecified (255).
This AVP is included in the initial CCR and in
update or termination CCRs if the value changes.
*/
struct dict_avp_data data = {
21, /* Code */
10415, /* Vendor */
"3GPP-RAT-Type", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* 3GPP-User-Location-Info */
{
/*
OctetString. (3GPP TS 29.061 Rel7 ) Contains
information about the user's current geographical
location as received from the SGSN. Present
always in initial CCR if the value is known and in
update and termination CCRs if the value
changes.
*/
struct dict_avp_data data = {
22, /* Code */
10415, /* Vendor */
"3GPP-User-Location-Info", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* 3GPP-MS-TimeZone */
{
/*
OctetString. (3GPP TS 29.061 Rel7 ) 3GPP-MS-
TimeZone is AVP is present always in the initial CCR if the
value is known and in the update and termination
CCRs if the value changes. This IE is encoded
according to 3GPP TS 29.061 Rel7
*/
struct dict_avp_data data = {
23, /* Code */
10415, /* Vendor */
"3GPP-MS-TimeZone", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Missing: 3GPP-CAMEL-Charging-Info (24) */
/* Missing: 3GPP-Packet-Filter (25) */
/* Missing: 3GPP-Negotiated-DSCP (26) */
/* Missing: 3GPP-Allocate-IP-Type (27) */
/* PDP-Context-Type */
{
/*
Enumerated. Indicates the type of a PDP context
and is only included in CCR initial.
values are 0 for primary and 1 for secondary
(3GPP 32.299 Rel7)
*/
struct dict_object *type;
struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(PDP-Context-Type)" , NULL, NULL, NULL };
struct dict_enumval_data t_0 = { "PRIMARY", { .i32 = 0 }};
struct dict_enumval_data t_1 = { "SECONDARY", { .i32 = 1 }};
struct dict_avp_data data = {
1247, /* Code */
10415, /* Vendor */
"PDP-Context-Type", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_INTEGER32 /* base type of data */
};
/* Create the Enumerated type, and then the AVP */
CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
CHECK_dict_new( DICT_ENUMVAL, &t_0 , type, NULL);
CHECK_dict_new( DICT_ENUMVAL, &t_1 , type, NULL);
CHECK_dict_new( DICT_AVP, &data , type, NULL);
}
/* IMS-Information */
{
/*
Grouped. Its purpose is to allow the transmission
of additional IMS service specific information ele-
ments. (3GPP 32.299 Rel7)
*/
struct dict_avp_data data = {
876, /* Code */
10415, /* Vendor */
"IMS-Information", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_GROUPED /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* IMS-Charging-Identifier */
{
/*
UTF8String. Contains the IMS charging identifier
as given to the Flexi ISN by the IMS. This AVP is
defined in 3GPP TS 32.225. This AVP is present
in IMS sessions only. Present in the initial CCR
only.
*/
struct dict_avp_data data = {
841, /* Code */
10415, /* Vendor */
"IMS-Charging-Identifier", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* Max-Requested-Bandwidth-UL */
{
/*
Unsigned32. The Max-Requested-Bandwidth-
UL/DL AVP indicates the maximum allowed bit
rate (in bits per second) for the uplink direction.
(Re-used from 3GPP 29.214)
*/
struct dict_avp_data data = {
515, /* Code */
10415, /* Vendor */
"Max-Requested-Bandwidth-UL", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_UNSIGNED32 /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Max-Requested-Bandwidth-DL */
{
/*
Unsigned32. The Max-Requested-Bandwidth-
UL/DL AVP indicates the maximum allowed bit
rate (in bits per second) for the uplink direction.
*/
struct dict_avp_data data = {
516, /* Code */
10415, /* Vendor */
"Max-Requested-Bandwidth-DL", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_UNSIGNED32 /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* QoS-Information */
{
/*
Grouped. This is the QoS that the DCCA
server requests from Flexi ISN to be applied for
this PDP context. This AVP and all AVPs con-
tained within are described in 3GPP TS 29.212
Release 7. The ARP AVP is introduced with
Release 8. The relevant types are defined on
table 5.3.1 of TS 29.212.
*/
struct dict_avp_data data = {
1016, /* Code */
10415, /* Vendor */
"QoS-Information", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_GROUPED /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
}
TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for DCCA 3GPP' initialized");
return 0;
}
EXTENSION_ENTRY("dict_dcca_3gpp", dict_dcca_3gpp_entry, "dict_dcca");

281
lib/freeDiameter/contrib/dict_dcca/dict_dcca_nokia.c Normal file
View File

@ -0,0 +1,281 @@
/*
* Dictionary definitions of objects specified in DCCA (Nokia, 3GPP).
*/
#include <freeDiameter/extension.h>
/* The content of this file follows the same structure as dict_base_proto.c */
#define CHECK_dict_new( _type, _data, _parent, _ref ) \
CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) );
#define CHECK_dict_search( _type, _criteria, _what, _result ) \
CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) );
struct local_rules_definition {
char *avp_name;
enum rule_position position;
int min;
int max;
};
#define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 )
#define PARSE_loc_rules( _rulearray, _parent) { \
int __ar; \
for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \
struct dict_rule_data __data = { NULL, \
(_rulearray)[__ar].position, \
0, \
(_rulearray)[__ar].min, \
(_rulearray)[__ar].max}; \
__data.rule_order = RULE_ORDER(__data.rule_position); \
CHECK_FCT( fd_dict_search( \
fd_g_config->cnf_dict, \
DICT_AVP, \
AVP_BY_NAME, \
(_rulearray)[__ar].avp_name, \
&__data.rule_avp, 0 ) ); \
if ( !__data.rule_avp ) { \
TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \
return ENOENT; \
} \
CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \
{ \
TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \
(_rulearray)[__ar].avp_name ); \
return EINVAL; \
} ); \
} \
}
#define enumval_def_u32( _val_, _str_ ) \
{ _str_, { .u32 = _val_ }}
#define enumval_def_os( _len_, _val_, _str_ ) \
{ _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}}
static int dict_dcca_nokia_entry(char * conffile)
{
TRACE_ENTRY("%p", conffile);
/* Applications section */
{
/* Create the vendors */
{
struct dict_vendor_data vendor_data = { 94, "Nokia" };
CHECK_FCT(fd_dict_new(fd_g_config->cnf_dict, DICT_VENDOR, &vendor_data, NULL, NULL));
}
}
/* AVP section */
{
struct dict_object * Address_type;
struct dict_object * UTF8String_type;
struct dict_object * DiameterIdentity_type;
struct dict_object * DiameterURI_type;
struct dict_object * Time_type;
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Address", &Address_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterIdentity", &DiameterIdentity_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterURI", &DiameterURI_type);
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Time", &Time_type);
/* NSN-Token-Value */
{
/*
OctetString. A token that was received, for
example, from the subscription portal [14]. The
maximum length of the token is 64 octets.
When this AVP is included in the MSCC, the USU
and Reporting-Reason AVPs will not be included
(because the token is not a trigger to report quota
usage). Additionally, the Rating-Group and
Service-Id AVPs will have the values received
from the subscription portal.
*/
struct dict_avp_data data = {
5113, /* Code */
94, /* Vendor */
"NSN-Token-Value", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Quota-Consumption-Time */
{
/*
Unsigned32. Contains the time quota envelope
expiration time in seconds. This is the time
elapsed from the previous service request, to
the moment the Flexi ISN considers that the
time envelope finishes. The value of this AVP
will be in effect for the remainder of the session
or until a new value is received. If this AVP is
not present, the default value configured for the
rating group will be used. The OCS may
disable the time quota envelope expiration by
setting the value of this AVP to 0. The value of
QCT sent from the OCS for a certain MSCC
instance is stored in the Flexi ISN and it is used
if the OCS does not sent a new value in the
CCAs that follow
*/
struct dict_avp_data data = {
5109, /* Code */
94, /* Vendor */
"Quota-Consumption-Time", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_UNSIGNED32 /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Quota-Holding-Time */
{
/*
Unsigned32. Indicates how long the Flexi ISN
will keep the granted quota after a service
request has been received. The unit is in
seconds. When this time elapses, the Flexi ISN
ends the MSCC instance and reports the used
quota without requesting more. The value of
this AVP will be in effect for the remainder of
the session or until a new value is received. If
this AVP is not present, the default value con-
figured for the rating group will be used. The
OCS may disable the Quota Holding Timer by
setting the value of this AVP to 0. The value of
the QHT sent from the OCS for a certain
MSCC instance is stored in the Flexi ISN, and
it is used if the OCS does not sent a new value
in the CCAs that follow.
*/
struct dict_avp_data data = {
5110, /* Code */
94, /* Vendor */
"Quota-Holding-Time", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_UNSIGNED32 /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Default-Quota */
{
/*
Grouped. Indicates the absolute number of
units that are available for consumption during
each upcoming OCS interrogation (e.g. after a
CCR has been sent but before the CCA is
received). If this AVP is not present, the Flexi
ISN will use the configured or earlier received
default quota. If this AVP is present but does
not include the default quota for a certain unit
type, that unit type is considered to have no
default quota.
The usage of default quota can be disabled in
certain situations by modifying the Flexi ISN
settings
*/
struct dict_avp_data data = {
5111, /* Code */
94, /* Vendor */
"Default-Quota", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
AVP_TYPE_GROUPED /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Session-Start-Indicator */
{
/*
OctetString. (3GPP TS 29.061 Rel4). The address
of the charging gateway that has been marked as
the default charging gateway for the PDP context.
The address is expressed as a four-byte integer.
Present in the initial CCR only.
*/
struct dict_avp_data data = {
5105, /* Code */
94, /* Vendor */
"Session-Start-Indicator", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
}
/* Rulebase-id */
{
/*
*/
struct dict_avp_data data = {
5106, /* Code */
94, /* Vendor */
"Rulebase-id", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
}
/* Time-Of-First-Usage */
{
/*
Time. Contains a time-stamp identifying the date
and time of the first increment of the used units
counter since the previous report. If no used units
were gathered during the previous reporting inter-
val, this AVP will not be present.
*/
struct dict_avp_data data = {
5103, /* Code */
94, /* Vendor */
"Time-Of-First-Usage", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , Time_type, NULL);
}
/* Time-Of-Last-Usage */
{
/*
Time. Contains a time-stamp identifying the date
and time of the first increment of the used units
counter since the previous report. If no used units
were gathered during the previous reporting inter-
val, this AVP will not be present.
*/
struct dict_avp_data data = {
5104, /* Code */
94, /* Vendor */
"Time-Of-Last-Usage", /* Name */
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
AVP_FLAG_VENDOR, /* Fixed flag values */
AVP_TYPE_OCTETSTRING /* base type of data */
};
CHECK_dict_new( DICT_AVP, &data , Time_type, NULL);
}
}
TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for DCCA Nokia' initialized");
return 0;
}
EXTENSION_ENTRY("dict_dcca_nokia", dict_dcca_nokia_entry, "dict_dcca");

3
lib/freeDiameter/contrib/dict_gx/README Normal file
View File

@ -0,0 +1,3 @@
File sent to the mailing-list by German Barros <gbarros@ipcomsa.com>.
To be used with the dict_legacy_xml extension.

709
lib/freeDiameter/contrib/dict_gx/dict_gx.xml Normal file
View File

@ -0,0 +1,709 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dictionary SYSTEM "dictionary.dtd">
<!--******************* Diccionario Gx === German Barros ******************************************************************* -->
<dictionary>
<!-- ******************************************************** -->
<!-- ********************* Vendors ************************** -->
<!-- ******************************************************** -->
<vendor id="10415" name="3GPP" />
<!-- ******************************************************** -->
<!-- ***************** Gx Application ********************* -->
<!-- ******************************************************** -->
<application id="16777238" name="Gx">
<!-- ====================================================================== -->
<!-- ========================== COMMAND CODES =========================== -->
<!-- ====================================================================== -->
<!-- *** Command-Codes *** -->
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.6.2 and 5.6.3 -->
<command name="CC" code="272" vendor-id="10415">
</command>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.6.4 and 5.6.5 -->
<command name="RA" code="258" vendor-id="10415" />
<!-- ====================================================================== -->
<!-- ========================= Gx Specific AVPs ======================== -->
<!-- ====================================================================== -->
<!-- Ref = [3GPP - 29.214] 5.3.2 -->
<avp name="Access-Network-Charging-Address" code="501" mandatory="must"
may-encrypt="yes" vendor-id="10415">
<type type-name="Address" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.1 -->
<avp name="Bearer-Usage" vendor-id="10415" code="1000" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="GENERAL" code="0" />
<enum name="IMS_SIGNALLING" code="1" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.23 -->
<avp name="Bearer-Control-Mode" vendor-id="10415" code="1023"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="UE_ONLY" code="0" />
<enum name="RESERVED" code="1" />
<enum name="UE_NW" code="2" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.8 -->
<avp name="Metering-Method" vendor-id="10415" code="1007"
mandatory="must" may-encrypt="yes" protected="may" type="Enumerated">
<type type-name="Enumerated" />
<enum name="DURATION" code="0" />
<enum name="VOLUME" code="1" />
<enum name="DURATION_VOLUME" code="2" />
</avp>
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.20 -->
<avp name="Primary-Event-Charging-Function-Name" vendor-id="10415"
code="619" mandatory="must" may-encrypt="yes">
<type type-name="DiameterURI" />
</avp>
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.21 -->
<avp name="Secondary-Event-Charging-Function-Name" vendor-id="10415"
code="620" mandatory="must" may-encrypt="yes">
<type type-name="DiameterURI" />
</avp>
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.22 -->
<avp name="Primary-Charging-Collection-Function-Name" vendor-id="10415"
code="621" mandatory="must" may-encrypt="yes">
<type type-name="DiameterURI" />
</avp>
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.23 -->
<avp name="Secondary-Charging-Collection-Function-Name" vendor-id="10415"
code="622" mandatory="must" may-encrypt="yes">
<type type-name="DiameterURI" />
</avp>
<!-- [3GPP TS 29.214 v7.3.0] , clause 5.3.4 -->
<avp name="Access-Network-Charging-Identifier-Value" vendor-id="10415"
code="503" mandatory="must" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [3GPP TS 29.061 V7.9.0] , clause 16.4.7 -->
<avp name="3GPP-RAT-Type" vendor-id="10415" code="21" mandatory="mustnot"
may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- Ref = RFC 4006 chap 8.48 -->
<avp name="Subscription-Id-Data" code="444" mandatory="must"
may-encrypt="yes">
<type type-name="UTF8String" />
</avp>
<!-- Ref = RFC 4006 chap 8.47 -->
<avp name="Subscription-Id-Type" code="450" mandatory="must"
protected="may" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="END_USER_E164" code="0" />
<enum name="END_USER_IMSI" code="1" />
<enum name="END_USER_SIP_URI" code="2" />
<enum name="END_USER_NAI" code="3" />
<enum name="END_USER_PRIVATE" code="4" />
</avp>
<!-- [RFC 4006] , clause 8.2 -->
<avp name="CC-Request-Number" code="415" mandatory="must"
may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [RFC 4006] , clause 8.3 -->
<avp name="CC-Request-Type" code="416" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="INITIAL_REQUEST" code="1" />
<enum name="UPDATE_REQUEST" code="2" />
<enum name="TERMINATION_REQUEST" code="3" />
<enum name="EVENT_REQUEST" code="4" />
</avp>
<!-- [RFC 4006] , clause 8.38 -->
<avp name="Redirect-Address-Type" code="433" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="IPV4_ADDRESS" code="0" />
<enum name="IPV6_ADDRESS" code="1" />
<enum name="URL" code="2" />
<enum name="SIP_URI" code="3" />
</avp>
<!-- [RFC 4006] , clause 8.39 -->
<avp name="Redirect-Server-Address" code="435" mandatory="must"
may-encrypt="yes">
<type type-name="UTF8String" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.19 -->
<avp name="PCC-Rule-Status" vendor-id="10415" code="1019"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="ACTIVE" code="0" />
<enum name="INACTIVE" code="1" />
<enum name="TEMPORARILY INACTIVE" code="2" />
</avp>
<!-- [RFC 4005] , clause 6.11.1 -->
<avp name="Framed-IP-Address" code="8" mandatory="must"
may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [RFC 4005] , clause 6.11.6 -->
<avp name="Framed-IPv6-Prefix" code="97" mandatory="must"
may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [RFC 4005] , clause 4.5 -->
<avp name="Called-Station-Id" code="30" mandatory="must"
may-encrypt="yes">
<type type-name="UTF8String" />
</avp>
<!-- [RFC 4005] , clause 6.7 -->
<avp name="Filter-Id" code="11" mandatory="must" may-encrypt="yes">
<type type-name="UTF8String" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.21 -->
<avp name="Bearer-Operation" vendor-id="10415" code="1021"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="TERMINATION" code="0" />
<enum name="ESTABLISHMENT" code="1" />
<enum name="MODIFICATION" code="2" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.24 -->
<avp name="Network-Request-Support" vendor-id="10415" code="1024"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated"/>
<enum name="NETWORK_REQUEST_NOT_SUPPORTED" code="0" />
<enum name="NETWORK_REQUEST_SUPPORTED" code="1" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.5 -->
<avp name="Charging-Rule-Base-Name" vendor-id="10415" code="1004"
mandatory="must" may-encrypt="yes">
<type type-name="UTF8String" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.15 -->
<avp name="ToS-Traffic-Class" vendor-id="10415" code="1014"
mandatory="must" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.27 -->
<avp name="IP-CAN-Type" vendor-id="10415" code="1027" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="3GPP" code="0" />
<enum name="DOCSIS" code="1" />
<enum name="xDSL" code="2" />
<enum name="WiMAX" code="3" />
<enum name="3GPP2" code="4" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.28 -->
<avp name="QoS-Negotiation" vendor-id="10415" code="1029"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="NO_QOS_NEGOTIATION" code="0" />
<enum name="QOS_NEGOTIATION_SUPPORTED" code="1" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.29 -->
<avp name="QoS-Upgrade" vendor-id="10415" code="1030" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="QOS_UPGRADE_NOT_SUPPORTED" code="0" />
<enum name="QOS_UPGRADE_SUPPORTED" code="1" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.30 -->
<avp name="Rule-Failure-Code" vendor-id="10415" code="1031"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="UNKNOWN_RULE_NAME" code="1" />
<enum name="RATING_GROUP_ERROR" code="2" />
<enum name="SERVICE_IDENTIFIER_ERROR" code="3" />
<enum name="GW/PCEF_MALFUNCTION" code="4" />
<enum name="RESOURCES_LIMITATION" code="5" />
<enum name="MAX_NR_BEARERS_REACHED" code="6" />
<enum name="UNKNOWN_BEARER_ID" code="7" />
<enum name="MISSING_BEARER_ID" code="8" />
<enum name="MISSING_FLOW_DESCRIPTION" code="9" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.34 -->
<avp name="Session-Release-Cause" vendor-id="10415" code="1035"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="UNSPECIFIED_REASONS" code="0" />
<enum name="UE_SUBSCRIPTION_REASON" code="1" />
<enum name="INSUFFICIENT_SERVER_RESOURCES" code="2" />
</avp>
<!-- [3GPP TS 29.061 V7.9.0] , clause 16.4.7. -->
<avp name="3GPP-SGSN-MCC-MNC" vendor-id="10415" code="18"
mandatory="mustnot" may-encrypt="yes">
<type type-name="UTF8String" />
</avp>
<!-- [3GPP TS 29.061 V7.9.0] , clause 16.4.7 -->
<avp name="3GPP-User-Location-Info" vendor-id="10415" code="22"
mandatory="mustnot" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.31 -->
<avp name="Revalidation-Time" vendor-id="10415" code="1032"
mandatory="must" may-encrypt="yes">
<type type-name="Time" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.32 -->
<avp name="Rule-Activation-Time" code="1033" mandatory="must"
may-encrypt="yes">
<type type-name="Time" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.33 -->
<avp name="Rule-Deactivation-Time" vendor-id="10415" code="1034"
mandatory="must" may-encrypt="yes">
<type type-name="Time" />
</avp>
<!-- [3GPP TS 29.061 V7.7.0] , clause 16.4.7.1 -->
<avp name="3GPP-SGSN-Address" vendor-id="10415" code="6" mandatory="mustnot"
may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [3GPP TS 29.061 V7.7.0] , clause 16.4.7.1 -->
<avp name="3GPP-SGSN-IPv6-Address" vendor-id="10415" code="15"
mandatory="mustnot" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [3GPP TS 29.061 V7.7.0] , clause 17.7.12 -->
<avp name="RAI" vendor-id="10415" code="909" mandatory="must"
may-encrypt="yes">
<type type-name="UTF8String" />
</avp>
<!-- [3GPP TS 29.061 V7.7.0] , clause 16.4.7 -->
<avp name="3GPP-MS-TimeZone" vendor-id="10415" code="23" mandatory="mustnot"
may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.20 -->
<avp name="Bearer-Identifier" vendor-id="10415" code="1020"
mandatory="must" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.6 -->
<avp name="Charging-Rule-Name" vendor-id="10415" code="1005"
mandatory="must" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- [RFC 4006] , clause 8.28 -->
<avp name="Service-Identifier" code="439" mandatory="must"
may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [RFC 4006] , clause 8.29 -->
<avp name="Rating-Group" code="432" mandatory="must" may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.11 -->
<avp name="Flow-Status" vendor-id="10415" code="511" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="ENABLED-UPLINK" code="0" />
<enum name="ENABLED-DOWNLINK" code="1" />
<enum name="ENABLED" code="2" />
<enum name="DISABLED" code="3" />
<enum name="REMOVED" code="4" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.17 -->
<avp name="QoS-Class-Identifier" vendor-id="10415" code="1028"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="FINAL_SERVICE_INFORMATION" code="0" />
<enum name="PRELIMINARY_SERVICE_INFORMATION" code="1" />
</avp>
<!-- Ref = [3GPP - 29.214] 5.3.15 -->
<avp name="Max-Requested-Bandwidth-UL" code="516" vendor-id="10415"
mandatory="must" may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.25 -->
<avp name="Guaranteed-Bitrate-DL" vendor-id="10415" code="1025"
mandatory="must" may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.26 -->
<avp name="Guaranteed-Bitrate-UL" vendor-id="10415" code="1026"
mandatory="must" may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.20 -->
<avp name="Bearer-Identifier" vendor-id="10415" code="1020"
mandatory="must" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<avp name="Max-Requested-Bandwidth-UL" code="516" mandatory="must" vendor-id="10415" may-encrypt="yes">
<type type-name="Unsigned32"/>
</avp>
<avp name="Max-Requested-Bandwidth-DL" code="515" mandatory="must" vendor-id="10415" may-encrypt="yes">
<type type-name="Unsigned32"/>
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.16 -->
<avp name="QoS-Information" vendor-id="10415" code="1016"
mandatory="must" may-encrypt="yes">
<grouped>
<required>
<avprule name="QoS-Class-Identifier" minimum="1" maximum="1" />
<avprule name="Max-Requested-Bandwidth-UL" minimum="1"
maximum="1" />
<avprule name="Max-Requested-Bandwidth-DL" minimum="1"
maximum="1" />
<avprule name="Guaranteed-Bitrate-UL" minimum="1" maximum="1" />
<avprule name="Guaranteed-Bitrate-DL" minimum="1" maximum="1" />
<avprule name="Bearer-Identifier" minimum="1" maximum="1" />
</required>
</grouped>
</avp>
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.8 -->
<avp name="Flow-Description" vendor-id="10415" code="507"
mandatory="must" may-encrypt="yes">
<type type-name="IPFilterRule" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.12 -->
<avp name="Reporting-Level" vendor-id="10415" code="1011"
mandatory="must" may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="SERVICE_IDENTIFIER_LEVEL" code="0" />
<enum name="RATING_GROUP_LEVEL" code="1" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.9 -->
<avp name="Offline" vendor-id="10415" code="1008" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="DISABLE_OFFLINE" code="0" />
<enum name="ENABLE_OFFLINE" code="1" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.10 -->
<avp name="Online" vendor-id="10415" code="1009" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="DISABLE_ONLINE" code="0" />
<enum name="ENABLE_ONLINE" code="1" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.11 -->
<avp name="Precedence" vendor-id="10415" code="1010" mandatory="must"
may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.6 -->
<avp name="AF-Charging-Identifier" vendor-id="10415" code="505"
mandatory="must" may-encrypt="yes">
<type type-name="OctetString" />
</avp>
<!-- Ref = [3GPP - 29.214] 5.3.14 -->
<avp name="Max-Requested-Bandwidth-DL" code="515" vendor-id="10415"
mandatory="must" may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.17 -->
<avp name="Media-Component-Number" vendor-id="10415" code="518"
mandatory="must" may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.9 -->
<avp name="Flow-Number" vendor-id="10415" code="509" mandatory="must"
may-encrypt="yes">
<type type-name="Unsigned32" />
</avp>
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.10 -->
<avp name="Flows" vendor-id="10415" code="510" mandatory="must"
may-encrypt="yes">
<grouped>
<required>
<avprule name="Media-Component-Number" minimum="1" maximum="1" />
</required>
<optional>
<avprule name="Flow-Number" maximum="1" />
</optional>
</grouped>
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.4 -->
<avp name="Charging-Rule-Definition" vendor-id="10415" code="1003"
mandatory="must" may-encrypt="yes">
<grouped>
<required>
<avprule name="Charging-Rule-Name" minimum="1" maximum="1" />
<avprule name="Service-Identifier" maximum="1" />
<avprule name="Rating-Group" maximum="1" />
</required>
<optional>
<avprule name="Flow-Description" maximum="1" />
</optional>
<required>
<avprule name="Flow-Status" maximum="1" />
<avprule name="QoS-Information" maximum="1" />
<avprule name="Reporting-Level" maximum="1" />
<avprule name="Online" maximum="1" />
<avprule name="Offline" maximum="1" />
<avprule name="Metering-Method" maximum="1" />
<avprule name="Precedence" maximum="1" />
<avprule name="AF-Charging-Identifier" maximum="1" />
</required>
<optional>
<avprule name="Flows" maximum="1" />
</optional>
</grouped>
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.2 -->
<avp name="Charging-Rule-Install" vendor-id="10415" code="1001"
mandatory="must" may-encrypt="yes">
<grouped>
<optional>
<avprule name="Charging-Rule-Definition" maximum="1" />
<avprule name="Charging-Rule-Name" maximum="1" />
<avprule name="Charging-Rule-Base-Name" maximum="1" />
</optional>
<required>
<avprule name="Bearer-Identifier" minumin="1" maximum="1" />
</required>
<optional>
<avprule name="Rule-Activation-Time" maximum="1" />
<avprule name="Rule-Deactivation-Time" maximum="1" />
</optional>
</grouped>
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.3 -->
<avp name="Charging-Rule-Remove" vendor-id="10415" code="1002"
mandatory="must" may-encrypt="yes">
<grouped>
<optional>
<avprule name="Charging-Rule-Name" maximum="1" />
<avprule name="Charging-Rule-Base-Name" maximum="1" />
</optional>
</grouped>
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.7 -->
<avp name="Event-Trigger" vendor-id="10415" code="1006" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="SGSN_CHANGE" code="0" />
<enum name="QOS_CHANGE" code="1" />
<enum name="RAT_CHANGE" code="2" />
<enum name="TFT_CHANGE" code="3" />
<enum name="PLMN_CHANGE" code="4" />
<enum name="LOSS_OF_BEARER" code="5" />
<enum name="RECOVERY_OF_BEARER" code="6" />
<enum name="IP-CAN_CHANGE" code="7" />
<enum name="PCEF_MALFUNCTION" code="8" />
<enum name="RESOURCES_LIMITATION" code="9" />
<enum name="MAX_NR_BEARERS_REACHED" code="10" />
<enum name="QOS_CHANGE_EXCEEDING_AUTHORIZATION" code="11" />
<enum name="RAI_CHANGE" code="12" />
<enum name="USER_LOCATION_CHANGE" code="13" />
<enum name="NO_EVENT_TRIGGERS" code="14" />
<enum name="OUT_OF_CREDIT" code="15" />
<enum name="REALLOCATION_OF_CREDIT" code="16" />
<enum name="REVALIDATION_TIMEOUT" code="17" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.13 -->
<avp name="TFT-Filter" vendor-id="10415" code="1012" mandatory="must"
may-encrypt="yes">
<type type-name="IPFilterRule" />
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.14 -->
<avp name="TFT-Packet-Filter-Information" vendor-id="10415" code="1013"
mandatory="must" may-encrypt="yes">
<grouped>
<required>
<avprule name="Precedence" minimum="1" maximum="1" />
<avprule name="TFT-Filter" minimum="1" maximum="1" />
<avprule name="ToS-Traffic-Class" minimum="1" maximum="1" />
</required>
</grouped>
</avp>
<!-- [RFC 4006] , clause 8.35 -->
<avp name="Final-Unit-Action" code="449" mandatory="must"
may-encrypt="yes">
<type type-name="Enumerated" />
<enum name="TERMINATE" code="0" />
<enum name="REDIRECT" code="1" />
<enum name="RESTRICT_ACCESS" code="2" />
</avp>
<!-- [RFC 4006] , clause 8.36 -->
<avp name="Restriction-Filter-Rule" code="438" mandatory="must"
may-encrypt="yes">
<type type-name="IPFilterRule" />
</avp>
<!-- [RFC 4006] , clause 8.37 -->
<avp name="Redirect-Server" code="434" mandatory="must"
may-encrypt="yes">
<grouped>
<required>
<avprule name="Redirect-Address-Type" minimum="1" maximum="1" />
<avprule name="Redirect-Server-Address" minimum="1"
maximum="1" />
</required>
</grouped>
</avp>
<!-- [RFC 4006] , clause 8.34 -->
<avp name="Final-Unit-Indication" code="430" mandatory="must"
may-encrypt="yes">
<grouped>
<required>
<avprule name="Final-Unit-Action" minimum="1" maximum="1" />
<avprule name="Restriction-Filter-Rule" minimum="1"
maximum="1" />
<avprule name="Filter-Id" minimum="1" maximum="1" />
<avprule name="Redirect-Server" minimum="1" maximum="1" />
</required>
</grouped>
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.18 -->
<avp name="Charging-Rule-Report" vendor-id="10415" code="1018"
mandatory="must" may-encrypt="yes">
<grouped>
<optional>
<avprule name="Charging-Rule-Name" maximum="1" />
<avprule name="Charging-Rule-Base-Name" maximum="1" />
</optional>
<required>
<avprule name="PCC-Rule-Status" minimum="1" maximum="1" />
</required>
<optional>
<avprule name="Rule-Failure-Code" maximum="1" />
<avprule name="Final-Unit-Indication" maximum="1" />
</optional>
</grouped>
</avp>
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.22 -->
<avp name="Access-Network-Charging-Identifier-Gx" vendor-id="10415"
code="1022" mandatory="must" may-encrypt="yes">
<grouped>
<required>
<avprule name="Access-Network-Charging-Identifier-Value"
minimum="1" maximum="1" />
</required>
<optional>
<avprule name="Charging-Rule-Base-Name" maximum="1" />
<avprule name="Charging-Rule-Name" maximum="1" />
</optional>
</grouped>
</avp>
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.19 -->
<avp name="Charging-Information" vendor-id="10415" code="618"
mandatory="must" may-encrypt="yes">
<grouped>
<required>
<avprule name="Primary-Event-Charging-Function-Name"
minimum="1" maximum="1" />
<avprule name="Secondary-Event-Charging-Function-Name"
minimum="1" maximum="1" />
<avprule name="Primary-Charging-Collection-Function-Name"
minimum="1" maximum="1" />
<avprule name="Secondary-Charging-Collection-Function-Name"
minimum="1" maximum="1" />
</required>
</grouped>
</avp>
<!-- Ref = RFC 4006 chap 8.46 -->
<avp name="Subscription-Id" code="443" mandatory="must"
may-encrypt="yes">
<grouped>
<required>
<avprule name="Subscription-Id-Type" />
<avprule name="Subscription-Id-Data" />
</required>
</grouped>
</avp>
</application>
</dictionary>

14
lib/freeDiameter/contrib/dict_legacy/README Normal file
View File

@ -0,0 +1,14 @@
The dictionary.dtd file originates from draft-frascone-xml-dictionary-00.
A few modifications may have been performed (see file history in Mercurial)
However, no DTD validation is performed by the parser, but the extension
expects a known format therefore the flexibility is limited.
Additional XML dictionary files can be found:
- Circum project (circum.sf.net)
under share/*.xml
- OpenDiameter project (diameter.sf.net)
under libdiameter/config/dictionary.xml (will probably require some stripping)

69
lib/freeDiameter/contrib/dict_legacy/dictionary.dtd Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="UTF-8"?>
<!ELEMENT dictionary (vendor*, base*, application*)>
<!ELEMENT vendor EMPTY>
<!ATTLIST vendor
id CDATA #REQUIRED
name CDATA #REQUIRED
>
<!ELEMENT base (command*, typedefn*, avp*)>
<!ATTLIST base
uri CDATA #IMPLIED
>
<!ELEMENT application (command*, typedefn*, avp*)>
<!ATTLIST application
id CDATA #REQUIRED
name CDATA #IMPLIED
uri CDATA #IMPLIED
>
<!ELEMENT command (requestrules*, answerrules*)>
<!ATTLIST command
name CDATA #REQUIRED
code CDATA #REQUIRED
vendor-id CDATA #IMPLIED
pbit (0 | 1) "1"
>
<!ELEMENT typedefn EMPTY>
<!ATTLIST typedefn
type-name ID #REQUIRED
type-parent IDREF #IMPLIED
description CDATA #IMPLIED
>
<!ELEMENT avp ((type | grouped), (enum*))>
<!ATTLIST avp
name ID #REQUIRED
description CDATA #IMPLIED
code CDATA #REQUIRED
mandatory CDATA #IMPLIED
vendor-id CDATA #IMPLIED
>
<!ELEMENT type EMPTY>
<!ATTLIST type
type-name IDREF #REQUIRED
>
<!ELEMENT grouped (fixed*, required*, optional*)>
<!ELEMENT enum EMPTY>
<!ATTLIST enum
name CDATA #REQUIRED
code CDATA #REQUIRED
>
<!ELEMENT requestrules (fixed*, required*, optional*)>
<!ELEMENT answerrules (fixed*, required*, optional*)>
<!ELEMENT fixed (avprule*)>
<!ELEMENT required (avprule*)>
<!ELEMENT optional (avprule*)>
<!ELEMENT avprule EMPTY>
<!ATTLIST avprule
name IDREF #REQUIRED
position (first | last | unspecified) "unspecified"
maximum CDATA #IMPLIED
minimum CDATA #IMPLIED
>

86
lib/freeDiameter/contrib/nightly_tests/README Normal file
View File

@ -0,0 +1,86 @@
This folder contains information and scripts to run a new test configuration for nightly builds
and reporting the results to freeDiameter dashboard at:
http://www.freediameter.net/CDash/index.php?project=freeDiameter
The information gathered here mostly comes from the following pages:
http://www.itk.org/Wiki/CMake_Testing_With_CTest
http://www.itk.org/Wiki/CMake_Scripting_Of_CTest
http://www.itk.org/Wiki/CTest:Buildserver
=============
INSTRUCTIONS to setup a new build slave for the freeDiameter buildserver:
-- note: the build slave should have cmake version 2.8 at least so that ctest will update the source tree properly.
1) Install all dependencies for freeDiameter as follow:
a) Debian / Ubuntu: See the "prereqs.ubuntu" file
$ sudo aptitude install `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.ubuntu -O - | grep -v -e "^#"`
b) FreeBSD: See the "prereqs.freebsd" file
- install base system and ports
- install freediameter dependencies as follow:
# pkg_add -r -v wget
# pkg_add -r -v `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.freebsd -O - | grep -v -e "^#"`
c) OpenSUSE:
$ sudo zypper install `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.opensuse -O - | grep -v -e "^#"`
d) Fedora:
$ sudo yum install wget
$ sudo yum install `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.fedora -O - | grep -v -e "^#"`
You may also have issues with SELinux later, an easy workaround is to disable it (until better solution)
# setenforce Permissive
2) Create the "test" database for app_acct test (we assume the tests are run as user "test" here)
- check INSTALL.FreeBSD file for specific PostgreSQL pre-install instructions.
- These are the instructions for Debian/Ubuntu/OpenSUSE, adjust as needed:
# su - postgres
# createuser --interactive test
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) n
# logout
$ whoami
test
$ createdb test
$ psql test
psql (8.4.4)
Type "help" for help.
test=>
CREATE TABLE incoming_test (
recorded_on timestamp with time zone NOT NULL,
"Accounting-Record-Type" integer,
"Session-Id" bytea,
"Accounting-Record-Number" integer,
"Route-Record1" bytea,
"Route-Record2" bytea,
"Route-Record3" bytea,
"Route-Record4" bytea );
\q
3) Create a directory ~/fDtests
$ cd
$ mkdir fDtests
$ cd fDtests
4) Retrieve the runtests.sh script and save in this directory
$ wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/runtests.sh
$ chmod +x runtests.sh
5) Create a file local.cmake defining the name of the build slave in this directory also.
$ echo "SET(CTEST_SITE \""`hostname`"\")" > local.cmake
For FreeBSD, in addition do:
$ echo "set(CTEST_BUILD_OPTIONS \"\${CTEST_BUILD_OPTIONS} -DFLEX_EXECUTABLE:FILEPATH=/usr/local/bin/flex\")" >> local.cmake
6) Run the runtests.sh script once to check it works properly (freeBSD might require: ln -s /usr/local/bin/bash /bin/bash)
7) Set up a crontab to run the script
$ wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/cronjob.sh
$ chmod +x cronjob.sh
$ crontab -l
0 0 * * * /home/test/fDtests/cronjob.sh > /home/test/fDtests/cronjob.log 2>&1

2
lib/freeDiameter/contrib/nightly_tests/alldefault.conf Normal file
View File

@ -0,0 +1,2 @@
set(CTEST_BUILD_NAME "Default")

9
lib/freeDiameter/contrib/nightly_tests/allext.conf Normal file
View File

@ -0,0 +1,9 @@
# This configuration compiles all the extensions. It also performs a coverage test.
# For this to pass, you need to setup the pg database for app_acct test.
set(CTEST_BUILD_NAME "All extensions (default)")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")

11
lib/freeDiameter/contrib/nightly_tests/allextdbg.conf Normal file
View File

@ -0,0 +1,11 @@
# This configuration compiles all the extensions. It also performs a coverage test.
# For this to pass, you need to setup the pg database for app_acct test.
set(WITH_COVERAGE TRUE)
set(CTEST_BUILD_NAME "All extensions (Debug)")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=Debug")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")

10
lib/freeDiameter/contrib/nightly_tests/allextdeb.conf Normal file
View File

@ -0,0 +1,10 @@
# This configuration compiles all the extensions. It also performs a coverage test.
# For this to pass, you need to setup the pg database for app_acct test.
set(CTEST_BUILD_NAME "All extensions (DebianPackage)")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=DebianPackage")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")

10
lib/freeDiameter/contrib/nightly_tests/allextmax.conf Normal file
View File

@ -0,0 +1,10 @@
# This configuration compiles all the extensions. It also performs a coverage test.
# For this to pass, you need to setup the pg database for app_acct test.
set(CTEST_BUILD_NAME "All extensions (MaxPerformance)")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=MaxPerformance")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")

11
lib/freeDiameter/contrib/nightly_tests/allextprof.conf Normal file
View File

@ -0,0 +1,11 @@
# This configuration compiles all the extensions. It also performs a coverage test.
# For this to pass, you need to setup the pg database for app_acct test.
set(WITH_COVERAGE TRUE)
set(CTEST_BUILD_NAME "All extensions (Profiling)")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=Profiling")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")

10
lib/freeDiameter/contrib/nightly_tests/allextrel.conf Normal file
View File

@ -0,0 +1,10 @@
# This configuration compiles all the extensions. It also performs a coverage test.
# For this to pass, you need to setup the pg database for app_acct test.
set(CTEST_BUILD_NAME "All extensions (Release)")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=Release")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")

11
lib/freeDiameter/contrib/nightly_tests/allextval.conf Normal file
View File

@ -0,0 +1,11 @@
# This configuration compiles all the extensions. It also performs a coverage test.
# For this to pass, you need to setup the pg database for app_acct test.
set(WITH_COVERAGE TRUE)
set(CTEST_BUILD_NAME "All extensions (DebugValgrind)")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=DebugValgrind")
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")

9
lib/freeDiameter/contrib/nightly_tests/cronjob.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
# This script will simply retrieve the latest "runtest" script and run it.
pushd ~/fDtests
mv -f runtests.sh runtests.sh.prev
wget "http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/runtests.sh"
chmod +x runtests.sh
popd
~/fDtests/runtests.sh

4
lib/freeDiameter/contrib/nightly_tests/idnaignore.conf Normal file
View File

@ -0,0 +1,4 @@
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DDIAMID_IDNA_IGNORE:BOOL=ON")
set(CTEST_BUILD_NAME "IDNA Ignore")

4
lib/freeDiameter/contrib/nightly_tests/idnareject.conf Normal file
View File

@ -0,0 +1,4 @@
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DDIAMID_IDNA_REJECT:BOOL=ON")
set(CTEST_BUILD_NAME "IDNA Reject")

Some files were not shown because too many files have changed in this diff Show More