Braid: Add mirror 'lib/freeDiameter' at 'bf79bb4'
This commit is contained in:
parent
a9a9ea92dc
commit
719fe0196d
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"lib/freeDiameter": {
|
||||
"url": "https://github.com/Metaswitch/freeDiameter.git",
|
||||
"remote": "master/braid/lib/freeDiameter",
|
||||
"branch": "master",
|
||||
"squashed": true,
|
||||
"revision": "bf79bb4fa239459ae7946f9250604a625f6db470"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
syntax: glob
|
||||
*.orig
|
||||
*.rej
|
||||
*~
|
||||
*.log
|
||||
*.sum
|
||||
.hg
|
||||
build*
|
||||
test.*
|
||||
GPATH
|
||||
GRTAGS
|
||||
GTAGS
|
|
@ -0,0 +1,104 @@
|
|||
# This file is the source for generating the Makefile for the project, using cmake tool (cmake.org)
|
||||
|
||||
# Name of the project
|
||||
PROJECT("freeDiameter")
|
||||
|
||||
# Informations to display in daemon's help
|
||||
SET(FD_PROJECT_NAME freeDiameter CACHE STRING "Project name")
|
||||
SET(FD_PROJECT_BINARY freeDiameterd)
|
||||
SET(FD_PROJECT_COPYRIGHT "Copyright (c) 2008-2013, WIDE Project (www.wide.ad.jp) and NICT (www.nict.go.jp)")
|
||||
SET(FD_PROJECT_VENDOR_ID 0 CACHE STRING "Project vendor ID")
|
||||
|
||||
# Version of the source code
|
||||
SET(FD_PROJECT_VERSION_MAJOR 1)
|
||||
SET(FD_PROJECT_VERSION_MINOR 2)
|
||||
SET(FD_PROJECT_VERSION_REV 0)
|
||||
|
||||
# Version of the API with the library
|
||||
SET(FD_PROJECT_VERSION_API 6)
|
||||
|
||||
# The test framework, using CTest and CDash.
|
||||
INCLUDE(CTest)
|
||||
|
||||
# CMake version
|
||||
CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
|
||||
|
||||
# Location of additional CMake modules
|
||||
SET(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/")
|
||||
|
||||
# The default directories
|
||||
SET(DEFAULT_CONF_PATH ${CMAKE_INSTALL_PREFIX}/etc/freeDiameter CACHE PATH "Default location of freeDiameter configuration files")
|
||||
|
||||
IF (NOT DEFINED LIB_INSTALL_DIR)
|
||||
SET(LIB_INSTALL_DIR lib CACHE PATH "Default library path name on the system, to accomodate RPM-based systems that use lib64")
|
||||
ENDIF (NOT DEFINED LIB_INSTALL_DIR)
|
||||
|
||||
SET(INSTALL_HEADERS_SUFFIX include/freeDiameter CACHE PATH "Directory where the headers are installed (relative to CMAKE_INSTALL_PREFIX).")
|
||||
SET(INSTALL_DAEMON_SUFFIX bin CACHE PATH "Directory where the daemon binary is installed (relative to CMAKE_INSTALL_PREFIX).")
|
||||
SET(INSTALL_LIBRARY_SUFFIX ${LIB_INSTALL_DIR} CACHE PATH "Directory where the freeDiameter libraries are installed (relative to CMAKE_INSTALL_PREFIX).")
|
||||
SET(INSTALL_EXTENSIONS_SUFFIX ${LIB_INSTALL_DIR}/freeDiameter CACHE PATH "Directory where the extensions are installed / searched (relative to CMAKE_INSTALL_PREFIX).")
|
||||
|
||||
# All source code should be POSIX 200112L compatible, but some other extensions might be used, so:
|
||||
ADD_DEFINITIONS(-D_GNU_SOURCE)
|
||||
|
||||
# Add a "Profiling" build type
|
||||
# SET(CMAKE_BUILD_TYPE Profiling)
|
||||
SET(CMAKE_C_FLAGS_PROFILING "-fprofile-arcs -ftest-coverage -fstack-protector -g -Wall")
|
||||
|
||||
# Add a "MaxPerformance" build type -- this is very silent...
|
||||
# SET(CMAKE_BUILD_TYPE MaxPerformance)
|
||||
SET(CMAKE_C_FLAGS_MAXPERFORMANCE "${CMAKE_C_FLAGS_RELEASE} -DSTRIP_DEBUG_CODE")
|
||||
|
||||
# Add a "DebianPackage" build type used when creating the Debian packages
|
||||
SET(CMAKE_C_FLAGS_DEBIANPACKAGE "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
|
||||
|
||||
# Set the "Debug" flags
|
||||
SET(CMAKE_C_FLAGS_DEBUG "-Wall -g -O0")
|
||||
|
||||
# Add a "DebugValgrind" build type used for checking execution with Valgrind tool
|
||||
SET(CMAKE_C_FLAGS_DEBUGVALGRIND "-Wall -g -O0")
|
||||
|
||||
# Set the DEBUG flag for Debug and Profiling builds
|
||||
IF (CMAKE_BUILD_TYPE MATCHES "Debug|Profiling|DebugValgrind")
|
||||
SET(DEBUG 1)
|
||||
ENDIF (CMAKE_BUILD_TYPE MATCHES "Debug|Profiling|DebugValgrind")
|
||||
|
||||
# some subfolders use yacc and lex parsers
|
||||
SET(BISON_GENERATE_DEFINES TRUE)
|
||||
SET(BISON_PREFIX_OUTPUTS TRUE)
|
||||
INCLUDE(CMakeUserUseBison)
|
||||
SET(FLEX_PREFIX_OUTPUTS TRUE)
|
||||
INCLUDE(CMakeUserUseFlex)
|
||||
IF( NOT BISON_EXECUTABLE OR NOT FLEX_EXECUTABLE )
|
||||
MESSAGE( SEND_ERROR "Bison and Flex are required" )
|
||||
ENDIF( NOT BISON_EXECUTABLE OR NOT FLEX_EXECUTABLE )
|
||||
# Check that flex is at least 2.5.20 to support bison-bridge
|
||||
# how to do the check with cmake???
|
||||
|
||||
# Add this to workaround an apparent bug in FreeBSD cmake (already defined in Linux)
|
||||
SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "-rdynamic")
|
||||
|
||||
# For Darwin systems
|
||||
IF(APPLE)
|
||||
SET(CMAKE_SHARED_MODULE_CREATE_C_FLAGS "${CMAKE_SHARED_MODULE_CREATE_C_FLAGS} -flat_namespace -undefined dynamic_lookup")
|
||||
SET(CMAKE_SHARED_MODULE_CREATE_CXX_FLAGS "${CMAKE_SHARED_MODULE_CREATE_CXX_FLAGS} -flat_namespace -undefined dynamic_lookup")
|
||||
ENDIF(APPLE)
|
||||
|
||||
# Location for the include files
|
||||
INCLUDE_DIRECTORIES(include)
|
||||
INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR}/include)
|
||||
SUBDIRS(include/freeDiameter)
|
||||
|
||||
# Location for the source code
|
||||
SUBDIRS(libfdproto)
|
||||
SUBDIRS(libfdcore)
|
||||
SUBDIRS(freeDiameterd)
|
||||
|
||||
# Extensions (there is no use of freeDiameter without any extension)
|
||||
SUBDIRS(extensions)
|
||||
|
||||
# The unary tests directory
|
||||
IF ( BUILD_TESTING )
|
||||
SUBDIRS(tests)
|
||||
ENDIF ( BUILD_TESTING )
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
# Configuration for sumitting the test result.
|
||||
# Check http://www.freediameter.net/CDash for detail.
|
||||
|
||||
set(CTEST_PROJECT_NAME "freeDiameter")
|
||||
set(CTEST_NIGHTLY_START_TIME "00:00:00 JST")
|
||||
|
||||
set(CTEST_DROP_METHOD "http")
|
||||
set(CTEST_DROP_SITE "www.freediameter.net")
|
||||
set(CTEST_DROP_LOCATION "/CDash/submit.php?project=freeDiameter")
|
||||
set(CTEST_DROP_SITE_CDASH TRUE)
|
|
@ -0,0 +1,39 @@
|
|||
This package uses CMake (cmake.org) as building system. You'll need the cmake tool in order
|
||||
to generate the Makefiles for your platform. You can also select which extensions must be built
|
||||
with cmake. After the initial cmake configuration, you will need several tools such as make, a
|
||||
C compiler (tested mostly with gcc), flex (> 2.5.4), bison, ...
|
||||
|
||||
You may retrieve the source package in several ways:
|
||||
- as a pre-packaged version for your platform. Check the website for supported platforms.
|
||||
- as a tarball containing the source.
|
||||
- directly from the repository using Mercurial tool:
|
||||
hg clone http://www.freediameter.net/hg/freeDiameter
|
||||
In order to update later:
|
||||
hg pull -u
|
||||
|
||||
Building in a separate directory is recommended:
|
||||
# mkdir build
|
||||
# cd build
|
||||
# cmake ../
|
||||
# make
|
||||
|
||||
You can pass options to instruct cmake about which components to compile on the command-line.
|
||||
You can also use a CMake front-end (for example ccmake or cmake-gui).
|
||||
If your cmake installation is recent, the edit_cache target is a good help as well:
|
||||
# mkdir build
|
||||
# cd build
|
||||
# cmake ../
|
||||
# make help
|
||||
# make edit_cache
|
||||
# make
|
||||
|
||||
You can disable the unit tests by doing:
|
||||
# cmake -DBUILD_TESTING:BOOL=OFF ../
|
||||
# make
|
||||
|
||||
When the tests are enabled, you can run them with:
|
||||
# make test
|
||||
|
||||
See the INSTALL.* files for additional platform-specific information.
|
||||
Note that the most up-to-date INSTALL file is the Ubuntu one. You may want to read there
|
||||
in addition to your own platform file.
|
|
@ -0,0 +1,37 @@
|
|||
### Very short install notes for Fedora (tested on Fedora 13 and 14)
|
||||
# Please refer to other INSTALL files for more detailed instructions (e.g. extension-specific notes).
|
||||
|
||||
|
||||
Dependencies on Fedora 13 (from minimal system):
|
||||
# yum install cmake make gcc gcc-c++ flex bison lksctp-tools-devel gnutls-devel libgcrypt-devel libidn-devel
|
||||
|
||||
In addition, if you have not already retrieved the latest source:
|
||||
# yum install mercurial
|
||||
|
||||
Following dependencies are optional, depending on which extensions you plan to compile
|
||||
app_acct:
|
||||
# yum install postgresql-devel
|
||||
optional:
|
||||
# yum install postgresql-server
|
||||
|
||||
app_sip:
|
||||
app_diameap:
|
||||
# yum install mysql-devel
|
||||
optional:
|
||||
# yum install mysql-server
|
||||
|
||||
dict_legacy_xml:
|
||||
# yum install libxml2 libxml2-devel
|
||||
|
||||
dbg_interactive:
|
||||
# yum install swig python-devel
|
||||
|
||||
|
||||
NOTE: You may need to change something in SELinux to allow binding the SCTP socket on Diameter port.
|
||||
The following command is the very naive way to do it, you can probably do better (feedback appreciated!)
|
||||
# setenforce Permissive
|
||||
|
||||
|
||||
There is currently no Fedora-specific package for freeDiameter.
|
||||
You are welcome to contribute packaging scripts.
|
||||
Please contact dev@freediameter.net for more details.
|
|
@ -0,0 +1,125 @@
|
|||
See INSTALL file for general instructions on building freeDiameter.
|
||||
|
||||
------------------
|
||||
QUICK INSTRUCTIONS
|
||||
------------------
|
||||
|
||||
On FreeBSD-8.0 at least the following ports packages were required (should be same on FreeBSD-7.x):
|
||||
cmake flex bison gnutls
|
||||
|
||||
Then the cmake command had to look like:
|
||||
cmake -DFLEX_EXECUTABLE:FILEPATH=/usr/local/bin/flex -DSCTP_USE_MAPPED_ADDRESSES:BOOL=ON ...
|
||||
|
||||
|
||||
---------------------
|
||||
COMPLETE INSTRUCTIONS
|
||||
---------------------
|
||||
|
||||
1) If you don't have freeBSD yet:
|
||||
Install minimal system + ports using initial installer /usr/sbin/sysinstall
|
||||
|
||||
|
||||
2) Install 'cmake'
|
||||
|
||||
a) from sources:
|
||||
# cd /usr/ports/devel/cmake
|
||||
# make install
|
||||
|
||||
b) or from package (don't forget to set your PACKAGEROOT appropriately. Ex: set PACKAGEROOT=ftp://ftp.jp.freebsd.org):
|
||||
# pkg_add -v -r cmake
|
||||
|
||||
|
||||
3) Install 'mercurial' (optional)
|
||||
(replace 'cmake' by 'mercurial' in the previous command)
|
||||
|
||||
4) Install 'flex' and 'bison', same way.
|
||||
|
||||
5) Install 'gnutls' and 'libidn', same way also.
|
||||
|
||||
6) Retrieve freeDiameter source code:
|
||||
# cd ~
|
||||
# /usr/local/bin/hg clone http://www.freediameter.net/hg/freeDiameter/
|
||||
|
||||
6b) Make a build directory
|
||||
# mkdir fD-build
|
||||
# cd fD-build
|
||||
|
||||
7) Run cmake for freeDiameter (add other flags as you see fit, see INSTALL for more details)
|
||||
# /usr/local/bin/cmake -DFLEX_EXECUTABLE:FILEPATH=/usr/local/bin/flex -DSCTP_USE_MAPPED_ADDRESSES:BOOL=ON ../freeDiameter
|
||||
|
||||
8) Compile, optionnaly test
|
||||
# make
|
||||
# make test
|
||||
|
||||
9) Install
|
||||
# make install
|
||||
|
||||
10) Run (the install path can be changed during cmake step):
|
||||
# /usr/local/bin/freeDiameterd --help
|
||||
|
||||
|
||||
------------------------------
|
||||
app_acct test ADDITIONAL STEPS
|
||||
------------------------------
|
||||
Here is additional steps in order to run the test for app_acct
|
||||
|
||||
1) Install the required packages
|
||||
# pkg_add -v -r postgresql84-client
|
||||
# pkg_add -v -r postgresql84-server
|
||||
|
||||
2) Prepare access to the database:
|
||||
# echo postgresql_enable=YES >> /etc/rc.conf
|
||||
# /usr/local/etc/rc.d/postgresql initdb
|
||||
# su - pgsql
|
||||
> /usr/local/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
|
||||
> /usr/local/bin/createuser root
|
||||
Shall the new user be allowed to create databases? (y/n) y
|
||||
> logout
|
||||
# /usr/local/bin/createdb root
|
||||
# /usr/local/bin/psql root
|
||||
root=# CREATE TABLE incoming_test (
|
||||
root(# recorded_on timestamp with time zone NOT NULL,
|
||||
root(# "Accounting-Record-Type" integer,
|
||||
root(# "Session-Id" bytea,
|
||||
root(# "Accounting-Record-Number" integer,
|
||||
root(# "Route-Record1" bytea,
|
||||
root(# "Route-Record2" bytea,
|
||||
root(# "Route-Record3" bytea,
|
||||
root(# "Route-Record4" bytea );
|
||||
root=# \q
|
||||
|
||||
3) configure the sources
|
||||
# make edit_cache
|
||||
BUILD_APP_ACCT:BOOL=ON
|
||||
TEST_APP_ACCT:BOOL=ON
|
||||
TEST_APP_ACCT_CONNINFO:STRING="user=root dbname=root"
|
||||
|
||||
4) run the test
|
||||
# tests/testappacct -d
|
||||
or
|
||||
# make test
|
||||
|
||||
|
||||
----------------------------------
|
||||
Segmentation fault on program exit
|
||||
----------------------------------
|
||||
|
||||
In case you encounter a segmentation fault on program termination like this:
|
||||
[...]
|
||||
freeDiameterd framework is terminated.
|
||||
Segmentation fault: 11 (core dumped)
|
||||
|
||||
with a backtrace like this:
|
||||
#0 0x0000000801a414a0 in ?? ()
|
||||
#1 0x0000000800f99274 in __cxa_finalize () from /lib/libc.so.7
|
||||
#2 0x0000000800f460b7 in exit () from /lib/libc.so.7
|
||||
|
||||
You may try to add the following compilation directive in cmake:
|
||||
-DSKIP_DLCLOSE:BOOL=ON
|
||||
|
||||
Note: this segmentation fault was experienced with:
|
||||
- FreeBSD 8.1
|
||||
- 64 bits architecture only.
|
||||
- Profiling mode only.
|
||||
|
||||
|
|
@ -0,0 +1,83 @@
|
|||
See INSTALL file for general instructions on building freeDiameter.
|
||||
|
||||
------------------
|
||||
QUICK INSTRUCTIONS
|
||||
------------------
|
||||
|
||||
Starting from version 1.1.5, freeDiameter is available through Homebrew:
|
||||
|
||||
1) Install Homebrew
|
||||
a) Install Command Line Tools for Xcode or Xcode:
|
||||
- Command Line Tools (your OS X Version) for Xcode:
|
||||
https://developer.apple.com/downloads (Free Apple Developer ID Registration Required)
|
||||
- or Xcode:
|
||||
https://itunes.apple.com/us/app/xcode/id497799835 (Free App Store Account Required)
|
||||
|
||||
b) Install Homebrew
|
||||
$ ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"
|
||||
|
||||
2) Install freeDiameter:
|
||||
$ brew install freediameter
|
||||
|
||||
After installation is done "Caveats" section will provide information
|
||||
how to start freeDiameterd through launchd at system startup.
|
||||
|
||||
To view this information again:
|
||||
$ brew info freediameter
|
||||
|
||||
To learn more about freeDiameter configuration options, read:
|
||||
http://www.freediameter.net/trac/wiki/Configuration
|
||||
|
||||
For more information on available extension and how to configure them, read:
|
||||
http://www.freediameter.net/trac/wiki/Extensions
|
||||
|
||||
------------
|
||||
FROM SOURCES
|
||||
------------
|
||||
|
||||
1) Install Homebrew:
|
||||
See QUICK INSTRUCTIONS Step #1 above.
|
||||
|
||||
2) Install dependencies:
|
||||
$ brew install mercurial cmake gnutls libgcrypt postgres mysql libidn
|
||||
|
||||
Notes:
|
||||
* GNU IDN (libidn) is optional, see below
|
||||
* When libusrsctp package is available, you can use it as well.
|
||||
|
||||
3) Retrieve source code:
|
||||
$ hg clone http://www.freediameter.net/hg/freeDiameter
|
||||
|
||||
4) Enter source folder:
|
||||
$ cd freeDiameter
|
||||
|
||||
5) Create build folder:
|
||||
$ mkdir freeDiameter-build
|
||||
|
||||
6) Enter build folder:
|
||||
$ cd freeDiameter-build
|
||||
|
||||
7) Configure:
|
||||
$ cmake .. -DDISABLE_SCTP:BOOL=ON
|
||||
|
||||
or for ncurses-based configuration:
|
||||
$ ccmake .. -DDISABLE_SCTP:BOOL=ON
|
||||
|
||||
Notes:
|
||||
* GNU IDN (Support for International Domain Names) can be disabled with:
|
||||
-DDIAMID_IDNA_IGNORE=ON or -DDIAMID_IDNA_REJECT=ON
|
||||
* For more information on available configuration options, read:
|
||||
http://www.freediameter.net/trac/wiki/Installation
|
||||
|
||||
8) Compile:
|
||||
$ make
|
||||
|
||||
9) Install (might require to be root):
|
||||
$ make install
|
||||
|
||||
------------------------------------------------
|
||||
|
||||
These instructions have been tested on OS X:
|
||||
- 10.6.8 (Snow Leopard)
|
||||
- 10.7.5 (Lion)
|
||||
- 10.8.2 (Mountain Lion)
|
|
@ -0,0 +1,29 @@
|
|||
### Very short install notes for OpenSUSE (tested on OpenSUSE 11.3)
|
||||
# Please refer to other INSTALL files for more detailed instructions (e.g. extension-specific notes).
|
||||
|
||||
|
||||
Dependencies on OpenSUSE 11.3 (from minimal server system installation):
|
||||
# zypper install cmake make gcc gcc-c++ flex bison lksctp-tools-devel libgnutls-devel libgcrypt-devel libidn-devel
|
||||
# zypper install mercurial
|
||||
|
||||
Following dependencies are optional, depending on which extensions you plan to compile
|
||||
app_acct:
|
||||
# zypper install postgresql-server postgresql-devel
|
||||
|
||||
app_sip:
|
||||
app_diameap:
|
||||
# zypper install libmysqlclient-devel
|
||||
(would also need a server, not sure which package is appropriate)
|
||||
|
||||
dict_legacy_xml:
|
||||
# zypper install libxml2 libxml2-devel
|
||||
|
||||
dbg_interactive:
|
||||
# zypper install swig python-devel
|
||||
|
||||
sample:
|
||||
# zypper install gcc-c++
|
||||
|
||||
There is currently no OpenSUSE-specific package for freeDiameter.
|
||||
You are welcome to contribute packaging scripts! Please contact with
|
||||
dev@freediameter.net for more details.
|
|
@ -0,0 +1,3 @@
|
|||
There is a package script available for the OpenWRT platform.
|
||||
|
||||
Please refer to contrib/OpenWRT/HOWTO for more information.
|
|
@ -0,0 +1,123 @@
|
|||
See http://www.freediameter.net/trac/wiki/DebRepository for instructions on how to
|
||||
install freeDiameter from existing package.
|
||||
|
||||
See INSTALL file for general instructions on building freeDiameter from sources.
|
||||
|
||||
The remaining of this file contains specific instructions for building the freeDiameter
|
||||
package files for Debian and Ubuntu systems.
|
||||
|
||||
|
||||
|
||||
|
||||
freeDiameter is shipped with the necessary files to generate the Debian package.
|
||||
All related files are in the directory "contrib/debian" of the distribution.
|
||||
As a first step, you have to link this directory from your top-level dir:
|
||||
ln -s contrib/debian
|
||||
|
||||
============================================
|
||||
|
||||
The following packages are required to compile freeDiameter from source:
|
||||
cmake make gcc g++ flex bison libsctp1 libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev
|
||||
|
||||
(note that libidn and libsctp can be avoided by defining DISABLE_SCTP and DIAMID_IDNA_REJECT)
|
||||
|
||||
Additionnaly, these ones may be useful:
|
||||
mercurial gdb
|
||||
|
||||
Extensions additional dependencies:
|
||||
app_acct:
|
||||
libpq-dev
|
||||
|
||||
app_sip:
|
||||
app_diameap:
|
||||
libmysqlclient-dev
|
||||
|
||||
dict_legacy_xml:
|
||||
libxml2-dev
|
||||
|
||||
dbg_interactive:
|
||||
swig python-dev
|
||||
|
||||
============================================
|
||||
|
||||
If your debhelper environment is recent (> 7.3.9 for cmake support),
|
||||
the following commands should generate the freeDiameter packages for you:
|
||||
|
||||
# Install the dependencies for building the source:
|
||||
sudo apt-get -y install mercurial cmake make gcc g++ bison flex libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev ssl-cert debhelper fakeroot \
|
||||
libpq-dev libmysqlclient-dev libxml2-dev swig python-dev
|
||||
|
||||
# Retrieve the latest version of the source package
|
||||
cd
|
||||
hg clone http://www.freediameter.net/hg/freeDiameter
|
||||
cd freeDiameter
|
||||
|
||||
# Prepare for Debian package
|
||||
ln -s contrib/debian
|
||||
|
||||
# Build the packages
|
||||
fakeroot dh binary
|
||||
|
||||
# Install the packages
|
||||
cd ..
|
||||
sudo dpkg -i *.deb
|
||||
|
||||
|
||||
# The following lines may help you getting started.... (execute as root)
|
||||
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/freeDiameter.pem
|
||||
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/freeDiameter.key
|
||||
zcat /usr/share/doc/freediameter-daemon/examples/freediameter.conf.sample.gz > /etc/freeDiameter/freeDiameter.conf
|
||||
echo "Identity=\"localhost.localdomain\";" >> /etc/freeDiameter/freeDiameter.conf
|
||||
freeDiameterd
|
||||
|
||||
===========================================
|
||||
|
||||
freeDiameter is tested regularly on all current Ubuntu distributions since Intrepid (compiled from source as described below)
|
||||
Ubuntu Hardy support is known to be broken.
|
||||
|
||||
The Debian package has been generated with success on Debian (>=Squeeze) and Ubuntu (>=Karmic).
|
||||
|
||||
|
||||
===========================================-
|
||||
Step by step instructions without using the debhelper tools:
|
||||
|
||||
1) Install all packages dependencies
|
||||
# sudo apt-get install mercurial cmake make gcc g++ bison flex libsctp-dev libgnutls-dev libgcrypt-dev libidn11-dev
|
||||
|
||||
2) (OPTION) If you will compile modules that require postgresql, also install:
|
||||
# sudo apt-get install libpq-dev
|
||||
and for mysql:
|
||||
# sudo apt-get install libmysqlclient-dev
|
||||
|
||||
3) (OPTION) If you want a more user-friendly interface, install this:
|
||||
# sudo apt-get install cmake-curses-gui
|
||||
|
||||
4) Retrieve the source files
|
||||
# hg clone http://www.freediameter.net/hg/freeDiameter
|
||||
|
||||
5) Create a build directory, and enter it
|
||||
# mkdir fDbuild
|
||||
# cd fDbuild
|
||||
|
||||
6) Configure and generate the Makefiles
|
||||
# cmake ../freeDiameter
|
||||
# make edit_cache
|
||||
|
||||
7) Compile all files:
|
||||
# make
|
||||
|
||||
8) (OPTION) See available targets:
|
||||
# make help
|
||||
|
||||
9) (OPTION) Check the software has a correct basic behavior on your environment. -- only if you did not disable the tests in step 6
|
||||
# make test
|
||||
|
||||
10) (OPTION) Install the software in configured locations:
|
||||
# sudo make install
|
||||
|
||||
|
||||
===========================================
|
||||
|
||||
Note: On Ubuntu Quantal Quetzal, you may have to force use of python 2.7
|
||||
library for the dbg_interactive extension, as on some systems CMake selects the 3.2 library
|
||||
by default.
|
|
@ -0,0 +1,21 @@
|
|||
The simplest way to install on NetBSD, DragonFly, MirBSD or other
|
||||
pkgsrc platforms is:
|
||||
pkg_add freeDiameter
|
||||
|
||||
If no binary package exists:
|
||||
cd /usr/pkgsrc/net/freeDiameter
|
||||
make install
|
||||
|
||||
If you want to build and install freeDiameter from the repository,
|
||||
you'll need to install:
|
||||
pkg_add bison pkg-config libidn gnutls libgcrypt mercurial
|
||||
and follow the usual installation note.
|
||||
|
||||
NetBSD does not support SCTP, so you have to add
|
||||
-DDISABLE_SCTP:BOOL=ON
|
||||
to the cmake command line.
|
||||
|
||||
For the optional extensions, you need mysql*-client, postgres*-client,
|
||||
libxml2. For the debugging extensions, you also need swig and a
|
||||
python -- install as usual.
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
Unless specified otherwise, this software package is copyrighted under the terms of the BSD license, as follow:
|
||||
|
||||
Software License Agreement (BSD License)
|
||||
|
||||
Copyright (c) 2008-2011, WIDE Project and NICT
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use of this software in source and binary forms, with or without modification, are
|
||||
permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above
|
||||
copyright notice, this list of conditions and the
|
||||
following disclaimer.
|
||||
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the
|
||||
following disclaimer in the documentation and/or other
|
||||
materials provided with the distribution.
|
||||
|
||||
* Neither the name of the WIDE Project or NICT nor the
|
||||
names of its contributors may be used to endorse or
|
||||
promote products derived from this software without
|
||||
specific prior written permission of WIDE Project and
|
||||
NICT.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
|
||||
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
|
||||
The following authors have contributed the following files. See source files for copyright information.
|
||||
|
||||
* Alexandre Westfahl:
|
||||
extensions/dict_sip/*
|
||||
extensions/app_sip/*
|
||||
extensions/app_radgw/rgwx_sip.c
|
||||
|
||||
* Souheil Ben Ayed:
|
||||
extensions/app_diameap/*
|
||||
|
||||
* Francois Bard:
|
||||
extensions/dict_mip6a/*
|
||||
extensions/dict_mip6i/*
|
||||
extensions/dict_nas_mipv6/*
|
||||
extensions/dict_rfc5777/*
|
|
@ -0,0 +1,5 @@
|
|||
The digested changelog can be found under:
|
||||
contrib/debian/changelog
|
||||
|
||||
You can also find the exhaustive list of change using mercurial history,
|
||||
or at the following URL: http://www.freediameter.net/hg/freeDiameter/shortlog
|
|
@ -0,0 +1,43 @@
|
|||
freeDiameter is an implementation of the Diameter protocol.
|
||||
|
||||
Diameter is a protocol designed to carry Authentication, Authorization and
|
||||
Accounting (AAA) payload. It is an evolution of the RADIUS protocol (as the
|
||||
name suggests).
|
||||
|
||||
Diameter is an extensible protocol. RFC3588 (currently under revision) defines the
|
||||
Base Protocol that all Diameter nodes must support, while other documents define
|
||||
the additional protocol support for specific applications. Such applications include
|
||||
for example Network Access Servers (RFC4005), EAP (RFC4072), ...
|
||||
|
||||
|
||||
The implementation consists in several components:
|
||||
- libfdproto : this shared library provides the functions to manipulate Diameter
|
||||
messages and dictionary. This library is meant to be re-used by other projects
|
||||
that would require parsing or manipulating Diameter messages.
|
||||
|
||||
- libfdcore : this shared library contains the core of the framework. It establishes
|
||||
the network connections with other Diameter peers and performs the tasks described
|
||||
in Diameter Base Protocol, such as watchdogs, basic routing, ... It also handles
|
||||
the loading of extensions (see below).
|
||||
|
||||
- freeDiameterd : this simple daemon parses the command line and initializes the
|
||||
freeDiameter framework. Use it for your Diameter server & agent components.
|
||||
In case of Diameter clients, you probably will prefer linking the libfdcore
|
||||
directly with your client application that must be made Diameter-aware.
|
||||
|
||||
- extensions : the extensions provide the mean to augment the features of the
|
||||
freeDiameterd framework. Extensions can provide the handling of a Diameter
|
||||
server application, but also advanced routing features, peer management, etc.
|
||||
|
||||
|
||||
See http://www.freediameter.net/ for more information on the project.
|
||||
|
||||
freeDiameter was previously known as the "waaad" project (WIDE AAA Daemon)
|
||||
|
||||
This project is not related to the "freediameter" project from Sun on sourceforge.
|
||||
|
||||
Author: Sebastien Decugis.
|
||||
|
||||
See LICENSE file for legal information on this software.
|
||||
|
||||
See INSTALL for information on building and using this software.
|
|
@ -0,0 +1,72 @@
|
|||
# - Look for GNU Bison, the parser generator
|
||||
# Based off a news post from Andy Cedilnik at Kitware
|
||||
# Defines the following:
|
||||
# BISON_EXECUTABLE - path to the bison executable
|
||||
# BISON_FILE - parse a file with bison
|
||||
# BISON_PREFIX_OUTPUTS - Set to true to make BISON_FILE produce prefixed
|
||||
# symbols in the generated output based on filename.
|
||||
# So for ${filename}.y, you'll get ${filename}parse(), etc.
|
||||
# instead of yyparse().
|
||||
# BISON_GENERATE_DEFINES - Set to true to make BISON_FILE output the matching
|
||||
# .h file for a .c file. You want this if you're using
|
||||
# flex.
|
||||
|
||||
IF(NOT DEFINED BISON_PREFIX_OUTPUTS)
|
||||
SET(BISON_PREFIX_OUTPUTS FALSE)
|
||||
ENDIF(NOT DEFINED BISON_PREFIX_OUTPUTS)
|
||||
|
||||
IF(NOT DEFINED BISON_GENERATE_DEFINES)
|
||||
SET(BISON_GENERATE_DEFINES FALSE)
|
||||
ENDIF(NOT DEFINED BISON_GENERATE_DEFINES)
|
||||
|
||||
IF(NOT BISON_EXECUTABLE)
|
||||
MESSAGE(STATUS "Looking for bison")
|
||||
FIND_PROGRAM(BISON_EXECUTABLE bison)
|
||||
IF(BISON_EXECUTABLE)
|
||||
MESSAGE(STATUS "Looking for bison -- ${BISON_EXECUTABLE}")
|
||||
ENDIF(BISON_EXECUTABLE)
|
||||
MARK_AS_ADVANCED(BISON_EXECUTABLE)
|
||||
ENDIF(NOT BISON_EXECUTABLE)
|
||||
|
||||
IF(BISON_EXECUTABLE)
|
||||
MACRO(BISON_FILE FILENAME)
|
||||
GET_FILENAME_COMPONENT(PATH "${FILENAME}" PATH)
|
||||
IF("${PATH}" STREQUAL "")
|
||||
SET(PATH_OPT "")
|
||||
ELSE("${PATH}" STREQUAL "")
|
||||
SET(PATH_OPT "/${PATH}")
|
||||
ENDIF("${PATH}" STREQUAL "")
|
||||
GET_FILENAME_COMPONENT(HEAD "${FILENAME}" NAME_WE)
|
||||
IF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
|
||||
FILE(MAKE_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
|
||||
ENDIF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
|
||||
IF(BISON_PREFIX_OUTPUTS)
|
||||
SET(PREFIX "${HEAD}")
|
||||
ELSE(BISON_PREFIX_OUTPUTS)
|
||||
SET(PREFIX "yy")
|
||||
ENDIF(BISON_PREFIX_OUTPUTS)
|
||||
SET(OUTFILE "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}/${HEAD}.tab.c")
|
||||
IF(BISON_GENERATE_DEFINES)
|
||||
SET(HEADER "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}/${HEAD}.tab.h")
|
||||
ADD_CUSTOM_COMMAND(
|
||||
OUTPUT "${OUTFILE}" "${HEADER}"
|
||||
COMMAND "${BISON_EXECUTABLE}"
|
||||
ARGS "--name-prefix=${PREFIX}"
|
||||
"--defines"
|
||||
"--output-file=${OUTFILE}"
|
||||
"${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}"
|
||||
DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}")
|
||||
SET_SOURCE_FILES_PROPERTIES("${OUTFILE}" "${HEADER}" PROPERTIES GENERATED TRUE)
|
||||
SET_SOURCE_FILES_PROPERTIES("${HEADER}" PROPERTIES HEADER_FILE_ONLY TRUE)
|
||||
ELSE(BISON_GENERATE_DEFINES)
|
||||
ADD_CUSTOM_COMMAND(
|
||||
OUTPUT "${OUTFILE}"
|
||||
COMMAND "${BISON_EXECUTABLE}"
|
||||
ARGS "--name-prefix=${PREFIX}"
|
||||
"--output-file=${OUTFILE}"
|
||||
"${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}"
|
||||
DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}")
|
||||
SET_SOURCE_FILES_PROPERTIES("${OUTFILE}" PROPERTIES GENERATED TRUE)
|
||||
ENDIF(BISON_GENERATE_DEFINES)
|
||||
ENDMACRO(BISON_FILE)
|
||||
ENDIF(BISON_EXECUTABLE)
|
|
@ -0,0 +1,47 @@
|
|||
# - Look for GNU flex, the lexer generator.
|
||||
# Defines the following:
|
||||
# FLEX_EXECUTABLE - path to the flex executable
|
||||
# FLEX_FILE - parse a file with flex
|
||||
# FLEX_PREFIX_OUTPUTS - Set to true to make FLEX_FILE produce outputs of
|
||||
# lex.${filename}.c, not lex.yy.c . Passes -P to flex.
|
||||
|
||||
IF(NOT DEFINED FLEX_PREFIX_OUTPUTS)
|
||||
SET(FLEX_PREFIX_OUTPUTS FALSE)
|
||||
ENDIF(NOT DEFINED FLEX_PREFIX_OUTPUTS)
|
||||
|
||||
IF(NOT FLEX_EXECUTABLE)
|
||||
MESSAGE(STATUS "Looking for flex")
|
||||
FIND_PROGRAM(FLEX_EXECUTABLE flex)
|
||||
IF(FLEX_EXECUTABLE)
|
||||
MESSAGE(STATUS "Looking for flex -- ${FLEX_EXECUTABLE}")
|
||||
ENDIF(FLEX_EXECUTABLE)
|
||||
MARK_AS_ADVANCED(FLEX_EXECUTABLE)
|
||||
ENDIF(NOT FLEX_EXECUTABLE)
|
||||
|
||||
IF(FLEX_EXECUTABLE)
|
||||
MACRO(FLEX_FILE FILENAME)
|
||||
GET_FILENAME_COMPONENT(PATH "${FILENAME}" PATH)
|
||||
IF("${PATH}" STREQUAL "")
|
||||
SET(PATH_OPT "")
|
||||
ELSE("${PATH}" STREQUAL "")
|
||||
SET(PATH_OPT "/${PATH}")
|
||||
ENDIF("${PATH}" STREQUAL "")
|
||||
IF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
|
||||
FILE(MAKE_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
|
||||
ENDIF(NOT EXISTS "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}")
|
||||
IF(FLEX_PREFIX_OUTPUTS)
|
||||
GET_FILENAME_COMPONENT(PREFIX "${FILENAME}" NAME_WE)
|
||||
ELSE(FLEX_PREFIX_OUTPUTS)
|
||||
SET(PREFIX "yy")
|
||||
ENDIF(FLEX_PREFIX_OUTPUTS)
|
||||
SET(OUTFILE "${CMAKE_CURRENT_BINARY_DIR}${PATH_OPT}/lex.${PREFIX}.c")
|
||||
ADD_CUSTOM_COMMAND(
|
||||
OUTPUT "${OUTFILE}"
|
||||
COMMAND "${FLEX_EXECUTABLE}"
|
||||
ARGS "-P${PREFIX}"
|
||||
"-o${OUTFILE}"
|
||||
"${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}"
|
||||
DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${FILENAME}")
|
||||
SET_SOURCE_FILES_PROPERTIES("${OUTFILE}" PROPERTIES GENERATED TRUE)
|
||||
ENDMACRO(FLEX_FILE)
|
||||
ENDIF(FLEX_EXECUTABLE)
|
|
@ -0,0 +1,36 @@
|
|||
# - Find gnutls
|
||||
# Find the native GCRYPT includes and library
|
||||
#
|
||||
# GCRYPT_FOUND - True if gnutls found.
|
||||
# GCRYPT_INCLUDE_DIR - where to find gnutls.h, etc.
|
||||
# GCRYPT_LIBRARIES - List of libraries when using gnutls.
|
||||
|
||||
if (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES)
|
||||
set(GCRYPT_FIND_QUIETLY TRUE)
|
||||
endif (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES)
|
||||
|
||||
# Include dir
|
||||
find_path(GCRYPT_INCLUDE_DIR
|
||||
NAMES
|
||||
gcrypt.h
|
||||
)
|
||||
|
||||
# Library
|
||||
find_library(GCRYPT_LIBRARY
|
||||
NAMES gcrypt
|
||||
)
|
||||
|
||||
# handle the QUIETLY and REQUIRED arguments and set GCRYPT_FOUND to TRUE if
|
||||
# all listed variables are TRUE
|
||||
INCLUDE(FindPackageHandleStandardArgs)
|
||||
FIND_PACKAGE_HANDLE_STANDARD_ARGS(GCRYPT DEFAULT_MSG GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR)
|
||||
|
||||
IF(GCRYPT_FOUND)
|
||||
SET( GCRYPT_LIBRARIES ${GCRYPT_LIBRARY} )
|
||||
ELSE(GCRYPT_FOUND)
|
||||
SET( GCRYPT_LIBRARIES )
|
||||
ENDIF(GCRYPT_FOUND)
|
||||
|
||||
# Lastly make it so that the GCRYPT_LIBRARY and GCRYPT_INCLUDE_DIR variables
|
||||
# only show up under the advanced options in the gui cmake applications.
|
||||
MARK_AS_ADVANCED( GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR )
|
|
@ -0,0 +1,64 @@
|
|||
# - Find gnutls
|
||||
# Find the native GNUTLS includes and library
|
||||
#
|
||||
# GNUTLS_FOUND - True if gnutls found.
|
||||
# GNUTLS_INCLUDE_DIR - where to find gnutls.h, etc.
|
||||
# GNUTLS_LIBRARIES - List of libraries when using gnutls.
|
||||
# GNUTLS_VERSION_210 - true if GnuTLS version is >= 2.10.0 (does not require additional separate gcrypt initialization)
|
||||
# GNUTLS_VERSION_212 - true if GnuTLS version is >= 2.12.0 (supports gnutls_transport_set_vec_push_function)
|
||||
# GNUTLS_VERSION_300 - true if GnuTLS version is >= 3.00.0 (x509 verification functions changed)
|
||||
# GNUTLS_VERSION_310 - true if GnuTLS version is >= 3.01.0 (stabilization branch with new APIs)
|
||||
|
||||
if (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARIES)
|
||||
set(GNUTLS_FIND_QUIETLY TRUE)
|
||||
endif (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARIES)
|
||||
|
||||
# Include dir
|
||||
find_path(GNUTLS_INCLUDE_DIR
|
||||
NAMES
|
||||
gnutls.h
|
||||
gnutls/gnutls.h
|
||||
)
|
||||
|
||||
# Library
|
||||
find_library(GNUTLS_LIBRARY
|
||||
NAMES gnutls
|
||||
)
|
||||
|
||||
# handle the QUIETLY and REQUIRED arguments and set GNUTLS_FOUND to TRUE if
|
||||
# all listed variables are TRUE
|
||||
INCLUDE(FindPackageHandleStandardArgs)
|
||||
FIND_PACKAGE_HANDLE_STANDARD_ARGS(GNUTLS DEFAULT_MSG GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR)
|
||||
|
||||
IF(GNUTLS_FOUND)
|
||||
SET( GNUTLS_LIBRARIES ${GNUTLS_LIBRARY} )
|
||||
ELSE(GNUTLS_FOUND)
|
||||
SET( GNUTLS_LIBRARIES )
|
||||
ENDIF(GNUTLS_FOUND)
|
||||
|
||||
# Lastly make it so that the GNUTLS_LIBRARY and GNUTLS_INCLUDE_DIR variables
|
||||
# only show up under the advanced options in the gui cmake applications.
|
||||
MARK_AS_ADVANCED( GNUTLS_LIBRARY GNUTLS_INCLUDE_DIR )
|
||||
|
||||
# Now check if the library is recent. gnutls_hash was added in 2.10.0.
|
||||
# Also test library is even more recent. gnutls_x509_trust_list_verify_crt was added in 3.00.0.
|
||||
IF(GNUTLS_FOUND)
|
||||
IF( NOT( "${GNUTLS_VERSION_TEST_FOR}" STREQUAL "${GNUTLS_LIBRARY}" ))
|
||||
INCLUDE (CheckLibraryExists)
|
||||
MESSAGE(STATUS "Checking GNUTLS version")
|
||||
UNSET(GNUTLS_VERSION_210)
|
||||
UNSET(GNUTLS_VERSION_210 CACHE)
|
||||
UNSET(GNUTLS_VERSION_212)
|
||||
UNSET(GNUTLS_VERSION_212 CACHE)
|
||||
UNSET(GNUTLS_VERSION_300)
|
||||
UNSET(GNUTLS_VERSION_300 CACHE)
|
||||
UNSET(GNUTLS_VERSION_310)
|
||||
UNSET(GNUTLS_VERSION_310 CACHE)
|
||||
GET_FILENAME_COMPONENT(GNUTLS_PATH ${GNUTLS_LIBRARY} PATH)
|
||||
CHECK_LIBRARY_EXISTS(gnutls gnutls_hash ${GNUTLS_PATH} GNUTLS_VERSION_210)
|
||||
CHECK_LIBRARY_EXISTS(gnutls gnutls_transport_set_vec_push_function ${GNUTLS_PATH} GNUTLS_VERSION_212)
|
||||
CHECK_LIBRARY_EXISTS(gnutls gnutls_x509_trust_list_verify_crt ${GNUTLS_PATH} GNUTLS_VERSION_300)
|
||||
CHECK_LIBRARY_EXISTS(gnutls gnutls_handshake_set_timeout ${GNUTLS_PATH} GNUTLS_VERSION_310)
|
||||
SET( GNUTLS_VERSION_TEST_FOR ${GNUTLS_LIBRARY} CACHE INTERNAL "Version the test was made against" )
|
||||
ENDIF (NOT( "${GNUTLS_VERSION_TEST_FOR}" STREQUAL "${GNUTLS_LIBRARY}" ))
|
||||
ENDIF(GNUTLS_FOUND)
|
|
@ -0,0 +1,40 @@
|
|||
# - Try to find GNU IDN library and headers
|
||||
# Once done, this will define
|
||||
#
|
||||
# IDNA_FOUND - system has IDNA
|
||||
# IDNA_INCLUDE_DIR - the IDNA include directories (<idna.h>)
|
||||
# IDNA_LIBRARIES - link these to use IDNA (idna_to_ascii_8z)
|
||||
|
||||
if (IDNA_INCLUDE_DIR AND IDNA_LIBRARIES)
|
||||
set(IDNA_FIND_QUIETLY TRUE)
|
||||
endif (IDNA_INCLUDE_DIR AND IDNA_LIBRARIES)
|
||||
|
||||
# Include dir
|
||||
find_path(IDNA_INCLUDE_DIR
|
||||
NAMES idna.h
|
||||
)
|
||||
|
||||
# Library
|
||||
find_library(IDNA_LIBRARY
|
||||
NAMES idn
|
||||
)
|
||||
|
||||
|
||||
# handle the QUIETLY and REQUIRED arguments and set IDNA_FOUND to TRUE if
|
||||
# all listed variables are TRUE
|
||||
INCLUDE(FindPackageHandleStandardArgs)
|
||||
FIND_PACKAGE_HANDLE_STANDARD_ARGS(IDNA DEFAULT_MSG IDNA_LIBRARY IDNA_INCLUDE_DIR)
|
||||
|
||||
# If we successfully found the idn library then add the library to the
|
||||
# IDNA_LIBRARIES cmake variable otherwise set IDNA_LIBRARIES to nothing.
|
||||
IF(IDNA_FOUND)
|
||||
SET( IDNA_LIBRARIES ${IDNA_LIBRARY} )
|
||||
ELSE(IDNA_FOUND)
|
||||
SET( IDNA_LIBRARIES )
|
||||
ENDIF(IDNA_FOUND)
|
||||
|
||||
|
||||
# Lastly make it so that the IDNA_LIBRARY and IDNA_INCLUDE_DIR variables
|
||||
# only show up under the advanced options in the gui cmake applications.
|
||||
MARK_AS_ADVANCED( IDNA_LIBRARY IDNA_INCLUDE_DIR )
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
# - Try to find the LibXml2 xml processing library
|
||||
# Once done this will define
|
||||
#
|
||||
# LIBXML2_FOUND - System has LibXml2
|
||||
# LIBXML2_INCLUDE_DIR - The LibXml2 include directory
|
||||
# LIBXML2_LIBRARIES - The libraries needed to use LibXml2
|
||||
# LIBXML2_DEFINITIONS - Compiler switches required for using LibXml2
|
||||
# LIBXML2_XMLLINT_EXECUTABLE - The XML checking tool xmllint coming with LibXml2
|
||||
|
||||
#=============================================================================
|
||||
# Copyright 2006-2009 Kitware, Inc.
|
||||
# Copyright 2006 Alexander Neundorf <neundorf@kde.org>
|
||||
#
|
||||
# Distributed under the OSI-approved BSD License (the "License");
|
||||
# see accompanying file Copyright.txt for details.
|
||||
#
|
||||
# This software is distributed WITHOUT ANY WARRANTY; without even the
|
||||
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
# See the License for more information.
|
||||
#=============================================================================
|
||||
# (To distributed this file outside of CMake, substitute the full
|
||||
# License text for the above reference.)
|
||||
|
||||
# use pkg-config to get the directories and then use these values
|
||||
# in the FIND_PATH() and FIND_LIBRARY() calls
|
||||
FIND_PACKAGE(PkgConfig)
|
||||
PKG_CHECK_MODULES(PC_LIBXML libxml-2.0)
|
||||
SET(LIBXML2_DEFINITIONS ${PC_LIBXML_CFLAGS_OTHER})
|
||||
|
||||
FIND_PATH(LIBXML2_INCLUDE_DIR NAMES libxml/xpath.h
|
||||
HINTS
|
||||
${PC_LIBXML_INCLUDEDIR}
|
||||
${PC_LIBXML_INCLUDE_DIRS}
|
||||
PATH_SUFFIXES libxml2
|
||||
)
|
||||
|
||||
FIND_LIBRARY(LIBXML2_LIBRARIES NAMES xml2 libxml2
|
||||
HINTS
|
||||
${PC_LIBXML_LIBDIR}
|
||||
${PC_LIBXML_LIBRARY_DIRS}
|
||||
)
|
||||
|
||||
FIND_PROGRAM(LIBXML2_XMLLINT_EXECUTABLE xmllint)
|
||||
# for backwards compat. with KDE 4.0.x:
|
||||
SET(XMLLINT_EXECUTABLE "${LIBXML2_XMLLINT_EXECUTABLE}")
|
||||
|
||||
# handle the QUIETLY and REQUIRED arguments and set LIBXML2_FOUND to TRUE if
|
||||
# all listed variables are TRUE
|
||||
INCLUDE(FindPackageHandleStandardArgs)
|
||||
FIND_PACKAGE_HANDLE_STANDARD_ARGS(LibXml2 DEFAULT_MSG LIBXML2_LIBRARIES LIBXML2_INCLUDE_DIR)
|
||||
|
||||
MARK_AS_ADVANCED(LIBXML2_INCLUDE_DIR LIBXML2_LIBRARIES LIBXML2_XMLLINT_EXECUTABLE)
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
# - Find mysqlclient
|
||||
#
|
||||
# -*- cmake -*-
|
||||
#
|
||||
# Find the native MySQL includes and library
|
||||
#
|
||||
# MySQL_INCLUDE_DIR - where to find mysql.h, etc.
|
||||
# MySQL_LIBRARIES - List of libraries when using MySQL.
|
||||
# MySQL_FOUND - True if MySQL found.
|
||||
|
||||
IF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
|
||||
# Already in cache, be silent
|
||||
SET(MySQL_FIND_QUIETLY TRUE)
|
||||
ENDIF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
|
||||
|
||||
# Include dir
|
||||
FIND_PATH(MySQL_INCLUDE_DIR
|
||||
NAMES mysql.h
|
||||
PATH_SUFFIXES mysql
|
||||
)
|
||||
|
||||
# Library
|
||||
#SET(MySQL_NAMES mysqlclient mysqlclient_r)
|
||||
SET(MySQL_NAMES mysqlclient_r)
|
||||
FIND_LIBRARY(MySQL_LIBRARY
|
||||
NAMES ${MySQL_NAMES}
|
||||
PATHS /usr/lib /usr/local/lib
|
||||
PATH_SUFFIXES mysql
|
||||
)
|
||||
|
||||
IF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
|
||||
SET(MySQL_FOUND TRUE)
|
||||
SET( MySQL_LIBRARIES ${MySQL_LIBRARY} )
|
||||
ELSE (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
|
||||
SET(MySQL_FOUND FALSE)
|
||||
SET( MySQL_LIBRARIES )
|
||||
ENDIF (MySQL_INCLUDE_DIR AND MySQL_LIBRARY)
|
||||
|
||||
|
||||
IF (MySQL_FOUND)
|
||||
IF (NOT MySQL_FIND_QUIETLY)
|
||||
MESSAGE(STATUS "Found MySQL: ${MySQL_LIBRARY}")
|
||||
ENDIF (NOT MySQL_FIND_QUIETLY)
|
||||
ELSE (MySQL_FOUND)
|
||||
IF (MySQL_FIND_REQUIRED)
|
||||
MESSAGE(STATUS "Looked for MySQL libraries named ${MySQL_NAMES}.")
|
||||
MESSAGE(FATAL_ERROR "Could NOT find MySQL library")
|
||||
ENDIF (MySQL_FIND_REQUIRED)
|
||||
ENDIF (MySQL_FOUND)
|
||||
|
||||
MARK_AS_ADVANCED(
|
||||
MySQL_LIBRARY
|
||||
MySQL_INCLUDE_DIR
|
||||
)
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
# - Find PostgreSQL library
|
||||
#
|
||||
# This module defines:
|
||||
# POSTGRESQL_FOUND - True if the package is found
|
||||
# POSTGRESQL_INCLUDE_DIR - containing libpq-fe.h
|
||||
# POSTGRESQL_LIBRARIES - Libraries to link to use PQ functions.
|
||||
|
||||
if (POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
|
||||
set(POSTGRESQL_FIND_QUIETLY TRUE)
|
||||
endif (POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
|
||||
|
||||
# Include dir
|
||||
find_path(POSTGRESQL_INCLUDE_DIR
|
||||
NAMES libpq-fe.h
|
||||
PATH_SUFFIXES pgsql postgresql
|
||||
)
|
||||
|
||||
# Library
|
||||
find_library(POSTGRESQL_LIBRARY
|
||||
NAMES pq
|
||||
)
|
||||
|
||||
# handle the QUIETLY and REQUIRED arguments and set POSTGRESQL_FOUND to TRUE if
|
||||
# all listed variables are TRUE
|
||||
INCLUDE(FindPackageHandleStandardArgs)
|
||||
FIND_PACKAGE_HANDLE_STANDARD_ARGS(POSTGRESQL DEFAULT_MSG POSTGRESQL_LIBRARY POSTGRESQL_INCLUDE_DIR)
|
||||
|
||||
IF(POSTGRESQL_FOUND)
|
||||
SET( POSTGRESQL_LIBRARIES ${POSTGRESQL_LIBRARY} )
|
||||
ELSE(POSTGRESQL_FOUND)
|
||||
SET( POSTGRESQL_LIBRARIES )
|
||||
ENDIF(POSTGRESQL_FOUND)
|
||||
|
||||
# Lastly make it so that the POSTGRESQL_LIBRARY and POSTGRESQL_INCLUDE_DIR variables
|
||||
# only show up under the advanced options in the gui cmake applications.
|
||||
MARK_AS_ADVANCED( POSTGRESQL_LIBRARY POSTGRESQL_INCLUDE_DIR )
|
|
@ -0,0 +1,46 @@
|
|||
# - Try to find SCTP library and headers
|
||||
# Once done, this will define
|
||||
#
|
||||
# SCTP_FOUND - system has SCTP
|
||||
# SCTP_INCLUDE_DIR - the SCTP include directories
|
||||
# SCTP_LIBRARIES - link these to use SCTP
|
||||
|
||||
if (SCTP_INCLUDE_DIR AND SCTP_LIBRARIES)
|
||||
set(SCTP_FIND_QUIETLY TRUE)
|
||||
endif (SCTP_INCLUDE_DIR AND SCTP_LIBRARIES)
|
||||
|
||||
# Include dir
|
||||
find_path(SCTP_INCLUDE_DIR
|
||||
NAMES netinet/sctp.h
|
||||
)
|
||||
|
||||
# Library
|
||||
find_library(SCTP_LIBRARY
|
||||
NAMES sctp
|
||||
)
|
||||
|
||||
# Set the include dir variables and the libraries and let libfind_process do the rest.
|
||||
# NOTE: Singular variables for this library, plural for libraries this this lib depends on.
|
||||
#set(SCTP_PROCESS_INCLUDES SCTP_INCLUDE_DIR)
|
||||
#set(SCTP_PROCESS_LIBS SCTP_LIBRARY)
|
||||
#libfind_process(SCTP)
|
||||
|
||||
|
||||
# handle the QUIETLY and REQUIRED arguments and set SCTP_FOUND to TRUE if
|
||||
# all listed variables are TRUE
|
||||
INCLUDE(FindPackageHandleStandardArgs)
|
||||
FIND_PACKAGE_HANDLE_STANDARD_ARGS(SCTP DEFAULT_MSG SCTP_LIBRARY SCTP_INCLUDE_DIR)
|
||||
|
||||
# If we successfully found the sctp library then add the library to the
|
||||
# SCTP_LIBRARIES cmake variable otherwise set SCTP_LIBRARIES to nothing.
|
||||
IF(SCTP_FOUND)
|
||||
SET( SCTP_LIBRARIES ${SCTP_LIBRARY} )
|
||||
ELSE(SCTP_FOUND)
|
||||
SET( SCTP_LIBRARIES )
|
||||
ENDIF(SCTP_FOUND)
|
||||
|
||||
|
||||
# Lastly make it so that the SCTP_LIBRARY and SCTP_INCLUDE_DIR variables
|
||||
# only show up under the advanced options in the gui cmake applications.
|
||||
MARK_AS_ADVANCED( SCTP_LIBRARY SCTP_INCLUDE_DIR )
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# This file is called at build time. It regenerates the version.h file based on the hg version.
|
||||
|
||||
EXECUTE_PROCESS(
|
||||
COMMAND ${HGCOMMAND} id -i
|
||||
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
|
||||
RESULT_VARIABLE reshash
|
||||
OUTPUT_VARIABLE verhash
|
||||
ERROR_QUIET
|
||||
OUTPUT_STRIP_TRAILING_WHITESPACE)
|
||||
EXECUTE_PROCESS(
|
||||
COMMAND ${HGCOMMAND} id -n
|
||||
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
|
||||
RESULT_VARIABLE resval
|
||||
OUTPUT_VARIABLE verval
|
||||
ERROR_QUIET
|
||||
OUTPUT_STRIP_TRAILING_WHITESPACE)
|
||||
|
||||
if (reshash EQUAL 0)
|
||||
SET(FD_PROJECT_VERSION_HG "${verval}(${verhash})")
|
||||
message(STATUS "Source version: ${FD_PROJECT_VERSION_HG}")
|
||||
endif (reshash EQUAL 0)
|
||||
|
||||
CONFIGURE_FILE(${SRC} ${DST})
|
|
@ -0,0 +1,17 @@
|
|||
Date: Thu, 13 Oct 2011 14:01:40 -0300
|
||||
From: "Norberto R. de Goes Jr." <norberto@cpqd.com.br>
|
||||
To: help@freediameter.net
|
||||
Subject: [Help] Cx dictionary (samples "c" and "xml")
|
||||
|
||||
Hi.
|
||||
|
||||
Just a contribution, they were not tested.
|
||||
Best regards,
|
||||
|
||||
--
|
||||
Norberto R. de Goes Jr.
|
||||
CPqD - DRC
|
||||
Tel.: +55 19 3705-4241 / Fax: +55 19 3705-6125
|
||||
norberto@cpqd.com.br
|
||||
www.cpqd.com.br
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,407 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE dictionary SYSTEM "dictionary.dtd">
|
||||
|
||||
|
||||
<!--**************************************************************************************
|
||||
|
||||
=== CpqD/DRC - Projeto ADRIMS - Mar/2011 ===
|
||||
=== Dicionario Dx/Cx ===
|
||||
Baseado no "dict_sip" do FreeDiameter (www.freediameter.net)
|
||||
Norberto R Goes Jr
|
||||
**************************************************************************************-->
|
||||
|
||||
|
||||
<dictionary>
|
||||
|
||||
<!-- ******************************************************** -->
|
||||
<!-- ********************* Vendors ************************** -->
|
||||
<!-- ******************************************************** -->
|
||||
|
||||
<vendor id="13019" name="ETSI" />
|
||||
|
||||
<vendor id="10415" name="3GPP" />
|
||||
|
||||
<!-- ******************************************************** -->
|
||||
<!-- ***************** CxDx Application *********************-->
|
||||
<!-- ******************************************************** -->
|
||||
|
||||
<application id="16777216" name="Diameter CxDx Application"
|
||||
uri="http://www.cpqd.com.br">
|
||||
|
||||
<!-- ******************************************************** -->
|
||||
<!-- ******************** Commands ************************** -->
|
||||
<!-- ******************************************************** -->
|
||||
|
||||
<command name="User-Authorization" code="300" >
|
||||
|
||||
<requestrules>
|
||||
<fixed>
|
||||
<avprule name="Session-Id" minimum="1" maximum="1"/>
|
||||
</fixed>
|
||||
|
||||
<required>
|
||||
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
|
||||
<avprule name="Auth-Session-State" maximum="1" />
|
||||
<avprule name="Origin-Host" maximum="1" />
|
||||
<avprule name="Origin-Realm" maximum="1" />
|
||||
<avprule name="Destination-Realm" maximum="1" />
|
||||
<avprule name="User-Name" maximum="1" />
|
||||
<avprule name="Public-Identity" maximum="1" />
|
||||
<avprule name="Visited-Network-Identifier" maximum="1" />
|
||||
</required>
|
||||
|
||||
<optional>
|
||||
<avprule name="Destination-Host" maximum="1"/>
|
||||
<avprule name="Supported-Features" />
|
||||
<avprule name="User-Authorization-Type" maximum="1"/>
|
||||
<avprule name="UAR-Flags" maximum="1" />
|
||||
<avprule name="AVP" />
|
||||
<avprule name="Proxy-Info" />
|
||||
<avprule name="Route-Record" />
|
||||
</optional>
|
||||
</requestrules>
|
||||
|
||||
|
||||
<answerrules>
|
||||
<fixed>
|
||||
<avprule name="Session-Id" minimum="1" maximum="1"/>
|
||||
</fixed>
|
||||
|
||||
<required>
|
||||
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
|
||||
<avprule name="Auth-Session-State" maximum="1" />
|
||||
<avprule name="Origin-Host" maximum="1" />
|
||||
<avprule name="Origin-Realm" maximum="1"/>
|
||||
|
||||
</required>
|
||||
|
||||
<optional>
|
||||
<avprule name="Result-Code" maximum="1"/>
|
||||
<avprule name="Experimental-Result" maximum="1"/>
|
||||
<avprule name="Supported-Features" />
|
||||
<avprule name="Server-Name" maximum="1"/>
|
||||
<avprule name="Server-Capabilities" maximum="1"/>
|
||||
<avprule name="Wildcarded-IMPU" maximum="1"/>
|
||||
<avprule name="AVP" />
|
||||
<avprule name="Failed-AVP" />
|
||||
<avprule name="Proxy-Info" />
|
||||
<avprule name="Route-Record" />
|
||||
</optional>
|
||||
|
||||
</answerrules>
|
||||
|
||||
</command>
|
||||
|
||||
|
||||
|
||||
<command name="Server-Assignment" code="301" >
|
||||
|
||||
<requestrules>
|
||||
<fixed>
|
||||
<avprule name="Session-Id" minimum="1" maximum="1"/>
|
||||
</fixed>
|
||||
|
||||
<required>
|
||||
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
|
||||
<avprule name="Auth-Session-State" maximum="1" />
|
||||
<avprule name="Origin-Host" maximum="1" />
|
||||
<avprule name="Origin-Realm" maximum="1" />
|
||||
<avprule name="Destination-Realm" maximum="1" />
|
||||
<avprule name="Server-Name" maximum="1"/>
|
||||
<avprule name="Server-Assignment-Type" maximum="1" />
|
||||
<avprule name="User-Data-Already-Available" maximum="1" />
|
||||
</required>
|
||||
|
||||
<optional>
|
||||
<avprule name="Destination-Host" maximum="1"/>
|
||||
<avprule name="User-Name" maximum="1" />
|
||||
<avprule name="Supported-Features" />
|
||||
<avprule name="Public-Identity" />
|
||||
<avprule name="Wildcarded-PSI" maximum="1"/>
|
||||
<avprule name="Wildcarded-IMPU" maximum="1"/>
|
||||
<!-- avprule name="SCSCF-Restoration-Info" maximum="1"/> -->
|
||||
<!-- avprule name="Multiple-Registration-Indication" maximum="1"/> -->
|
||||
<!--avprule name="Session-Priority" maximum="1"/> -->
|
||||
<avprule name="AVP" />
|
||||
<avprule name="Proxy-Info" />
|
||||
<avprule name="Route-Record" />
|
||||
</optional>
|
||||
</requestrules>
|
||||
|
||||
|
||||
<answerrules>
|
||||
<fixed>
|
||||
<avprule name="Session-Id" minimum="1" maximum="1"/>
|
||||
</fixed>
|
||||
|
||||
<required>
|
||||
<avprule name="Vendor-Specific-Application-Id" maximum="1" />
|
||||
<avprule name="Auth-Session-State" maximum="1" />
|
||||
<avprule name="Origin-Host" maximum="1" />
|
||||
<avprule name="Origin-Realm" maximum="1"/>
|
||||
</required>
|
||||
|
||||
<optional>
|
||||
<avprule name="Result-Code" maximum="1"/>
|
||||
<avprule name="Experimental-Result" maximum="1"/>
|
||||
<avprule name="User-Name" maximum="1" />
|
||||
<avprule name="Supported-Features" />
|
||||
<!--avprule name="User-Data" maximum="1"/> -->
|
||||
<!--avprule name="Charging-Information" maximum="1"/> -->
|
||||
<!--avprule name="Associated-Identities" maximum="1"/> -->
|
||||
<!--avprule name="Loose-Route-Indication" maximum="1"/> -->
|
||||
<!--avprule name="SCSCF-Restoration-Info" /> -->
|
||||
<!--avprule name="Associated-Registered-Identities " maximum="1"/> -->
|
||||
<avprule name="AVP" />
|
||||
<avprule name="Server-Name" maximum="1"/>
|
||||
<avprule name="Failed-AVP" />
|
||||
<avprule name="Proxy-Info" />
|
||||
<avprule name="Route-Record" />
|
||||
|
||||
</optional>
|
||||
|
||||
</answerrules>
|
||||
|
||||
</command>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<!-- ******************************************************** -->
|
||||
<!-- *********************** AVPs *************************** -->
|
||||
<!-- ******************************************************** -->
|
||||
|
||||
<avp name="Visited-Network-Identifier" code="600" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<avp name="Public-Identity" code="601" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<avp name="Server-Name" code="602" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<!-- "Server-Capabilites" (603) usa as duas AVPs a seguir : -->
|
||||
<avp name="Feature-List-ID" code="629" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<avp name="Feature-List" code="630" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<avp name="Server-Capabilities" code="603" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<grouped>
|
||||
<optional>
|
||||
<avprule name="Vendor-Id" maximum="1" />
|
||||
<avprule name="Feature-List-ID" maximum="1" />
|
||||
<avprule name="Feature-List" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
<avp name="Mandatory-Capability" code="604" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<avp name="Optional-Capability" code="605" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<avp name="User-Data" code="606" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<avp name="SIP-Number-Auth-Items" code="607" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<avp name="SIP-Authentication-Scheme" code="608" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<avp name="SIP-Authenticate" code="609" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<avp name="SIP-Authorization" code="610" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<avp name="SIP-Authentication-Context" code="611" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
<!-- "SIP-Auth-Data-Item" (612) usa as AVPs a seguir : -->
|
||||
|
||||
<avp name="SIP-Item-Number" code="613" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<avp name="Confidentiality-Key" code="625" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<avp name="Integrity-Key" code="626" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<avp name="Digest-Realm" code="104" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<avp name="Digest-Algorithm" code="111" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<avp name="Digest-QoP" code="110" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<avp name="Digest-HA1" code="121" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
|
||||
<avp name="SIP-Digest-Authenticate" code="635" vendor-id="10415"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Digest-Realm" minimum="1" maximum="1" />
|
||||
</required>
|
||||
<optional>
|
||||
<avprule name="Digest-Algorithm" maximum="1" />
|
||||
<avprule name="Digest-QoP" maximum="1" />
|
||||
<avprule name="Digest-HA1" maximum="1" />
|
||||
<avprule name="AVP" />
|
||||
</optional>
|
||||
</grouped>
|
||||
|
||||
</avp>
|
||||
|
||||
<avp name="Line-Identifier" code="500" vendor-id="13019" mandatory="must"
|
||||
may-encrypt="no"> <!-- verificar flags / NRGJ -->
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<avp name="SIP-Auth-Data-Item" code="612" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<grouped>
|
||||
<optional>
|
||||
<avprule name="SIP-Item-Number" maximum="1" />
|
||||
<avprule name="SIP-Authentication-Scheme" maximum="1" />
|
||||
<avprule name="SIP-Authenticate" maximum="1" />
|
||||
<avprule name="SIP-Authorization" maximum="1" />
|
||||
<avprule name="SIP-Authentication-Context" maximum="1" />
|
||||
<avprule name="Confidentiality-Key" maximum="1" />
|
||||
<avprule name="Integrity-Key" maximum="1" />
|
||||
<avprule name="SIP-Digest-Authenticate" maximum="1" />
|
||||
<avprule name="Framed-IP-Address" maximum="1" />
|
||||
<avprule name="Framed-IPv6-Prefix" maximum="1" />
|
||||
<avprule name="Framed-Interface-Id" maximum="1" />
|
||||
<avprule name="Line-Identifier" />
|
||||
<avprule name="AVP" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
|
||||
<avp name="Server-Assignment-Type" code="614" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="Enumerated"/>
|
||||
<enum name="NO_ASSIGNMENT" code="0"/>
|
||||
<enum name="REGISTRATION" code="1"/>
|
||||
<enum name="RE_REGISTRATION" code="2"/>
|
||||
<enum name="UNREGISTERED_USER" code="3"/>
|
||||
<enum name="TIMEOUT_DEREGISTRATION" code="4"/>
|
||||
<enum name="USER_DEREGISTRATION" code="5"/>
|
||||
<enum name="TIMEOUT_DEREGISTRATION_STORE_SERVER_NAME" code="6"/>
|
||||
<enum name="USER_DEREGISTRATION_STORE_SERVER_NAME" code="7"/>
|
||||
<enum name="ADMINISTRATIVE_DEREGISTRATION " code="8"/>
|
||||
<enum name="AUTHENTICATION_FAILURE" code="9"/>
|
||||
<enum name="AUTHENTICATION_TIMEOUT" code="10"/>
|
||||
<enum name="DEREGISTRATION_TOO_MUCH_DATA" code="11"/>
|
||||
<enum name="AAA_USER_DATA_REQUEST" code="12"/>
|
||||
<enum name="PGW_UPDATE " code="13"/>
|
||||
</avp>
|
||||
|
||||
|
||||
<avp name="User-Data-Already-Available" code="624" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="Enumerated"/>
|
||||
<enum name="USER_DATA_NOT_AVAILABLE" code="0"/>
|
||||
<enum name="USER_DATA_ALREADY_AVAILABLE" code="1"/>
|
||||
</avp>
|
||||
|
||||
|
||||
<avp name="Wildcarded-PSI" code="634" vendor-id="10415"
|
||||
may-encrypt="no">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
|
||||
<avp name="User-Authorization-Type" code="623" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
<avp name="Wildcarded-IMPU" code="636" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<avp name="UAR-Flags" code="637" vendor-id="10415" mandatory="must"
|
||||
may-encrypt="no">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
|
||||
<avp name="Supported-Features" code="628" vendor-id="10415"
|
||||
may-encrypt="no">
|
||||
<grouped>
|
||||
<optional>
|
||||
<avprule name="Vendor-Id" maximum="1" />
|
||||
<avprule name="Feature-List-ID" maximum="1" />
|
||||
<avprule name="Feature-List" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
</application>
|
||||
|
||||
|
||||
</dictionary>
|
||||
|
||||
|
|
@ -0,0 +1,305 @@
|
|||
#####################
|
||||
# !! IMPORTANT !! #
|
||||
#####################
|
||||
|
||||
The uClibc library that is shipped with OpenWRT lacks support for several POSIX thread
|
||||
features, such as pthread_cleanup_{push,pop}, that are required by the freeDiameter
|
||||
framework.
|
||||
|
||||
Until these features are included in the base OpenWRT system, the framework will not
|
||||
behave correctly on this platform.
|
||||
|
||||
Therefore, the OpenWRT port is NOT usable properly at this moment with uClibc.
|
||||
|
||||
A test software is included in test_required for checking if new uClibc distributions
|
||||
support the required features. You'll have to adapt the Makefile according to your environment.
|
||||
|
||||
An alternative choice if your hardware allows it is to use (e)glibc in your openwrt image.
|
||||
|
||||
#####################
|
||||
|
||||
|
||||
|
||||
This HOWTO describes how to generate a set of ipkg modules for
|
||||
providing support of freeDiameter in an OpenWRT system.
|
||||
|
||||
This HOWTO is written for OpenWRT 10.03 (BackFire) and no guarantee is provided
|
||||
that it will work for you. Be prepared to eventually brick your routeur...
|
||||
|
||||
Table of contents:
|
||||
0) Quick HOWTO: optimistic step-by-step instructions.
|
||||
1) Prerequisites: get the OpenWRT development environment ready.
|
||||
2) Supplied packages: use the existing packages when possible (gnutls, ...)
|
||||
3) Other dependencies: provide for additional missing dependencies (sctp ...)
|
||||
4) freediameter package: now create the freeDiameter package
|
||||
5) Configuration: how to set the configuration on the router.
|
||||
|
||||
This HOWTO will NOT cover how to install OpenWRT on your access device, nor
|
||||
its basic configuration. Please refer to OpenWRT website for this type of HOWTOs.
|
||||
|
||||
|
||||
==============================================
|
||||
0) Quick HOWTO
|
||||
==============================================
|
||||
The following instructions should allow you to put freeDiameter on your OpenWRT-compatible router.
|
||||
In case something goes wrong, you should follow the detailed instructions in the remaining of
|
||||
this file.
|
||||
|
||||
Be warned: playing with the software in your router may brick it, i.e. make it unusable forever.
|
||||
Do it at your own risk.
|
||||
|
||||
1) Get the OpenWRT environment:
|
||||
$ git clone git://nbd.name/openwrt.git
|
||||
$ cd openwrt
|
||||
|
||||
2) Get the feeds
|
||||
$ cp feeds.conf.default feeds.conf
|
||||
$ echo "src-hg freediameter http://www.freediameter.net/hg/fD-OWRT-packages" >> feeds.conf
|
||||
$ scripts/feeds update
|
||||
$ scripts/feeds install freeDiameter
|
||||
|
||||
3) Configure your image
|
||||
$ make menuconfig
|
||||
(set Target System and Target Profile as needed for your equipment)
|
||||
|
||||
- Network --->
|
||||
freeDiameter (M)
|
||||
freeDiameter-test (M)
|
||||
wpad (*)
|
||||
wpad-mini ( )
|
||||
|
||||
|
||||
4) Set the C library to glibc instead of uClibc (broken support, see #26)
|
||||
|
||||
- Advanced configuration options (for developers) --->
|
||||
- Toolchain Options ---->
|
||||
C Library implementation (Use eglibc)
|
||||
|
||||
|
||||
5) Build the image and packages, this takes a while
|
||||
$ make world
|
||||
|
||||
6) Export the bin/* directory through a webserver.
|
||||
We assume it is available at http://192.168.1.25/owrt
|
||||
|
||||
7) Flash the router with your new image -- THIS DESTROYS ALL CONFIG ON THE ROUTER!
|
||||
$ ssh root@192.168.1.1
|
||||
# cd /tmp
|
||||
# wget http://192.168.1.25/owrt/openwrt-brcm47xx-squashfs.trx
|
||||
;; change the file name with yours
|
||||
# mtd -r write openwrt-brcm47xx-squashfs.trx linux
|
||||
;; wait for reboot
|
||||
$ telnet 192.168.1.1
|
||||
# passwd
|
||||
# sync
|
||||
# exit
|
||||
|
||||
8) Update the opkg router's config to get your new packages
|
||||
ssh root@192.168.1.1
|
||||
# echo "src/gz localrepo http://192.168.1.25/owrt/packages" >> /etc/opkg.conf
|
||||
# opkg update
|
||||
|
||||
9) Install freeDiameter, you're done. Optionnaly, install also certtool on the router before, to
|
||||
generate the TLS certificate automatically.
|
||||
# opkg install freeDiameter
|
||||
|
||||
==============================================
|
||||
1) Prerequisites:
|
||||
==============================================
|
||||
|
||||
We will first need a working OpenWRT toolchain environment. You can retrieve
|
||||
pre-compiled binaries of such toolchains ("Image builder") on the OpenWRT website. Anyway,
|
||||
in case the architecture you are interested in is not listed, you can build
|
||||
the full toolchain from source. This is the path we are following in this HOWTO.
|
||||
|
||||
a) Retrieve the latest OpenWRT source, using subversion or git.
|
||||
Since I have to go through a proxy, I use the later here, svn being quite annoying with proxies.
|
||||
Note, the following commands must not be run as root.
|
||||
$ git clone git://nbd.name/openwrt.git
|
||||
(Note: you might instead use "backfire.git" if you want to stick with an OpenWRT release.)
|
||||
$ cd openwrt
|
||||
$ cp feeds.conf.default feeds.conf
|
||||
|
||||
b) If you are using git, you have to edit the feeds.conf file to use git as well for packages.
|
||||
Do the following modifications in this case:
|
||||
$ vi feeds.conf
|
||||
Comment out this line:
|
||||
src-svn packages https://svn.openwrt.org/openwrt/packages
|
||||
Add this line instead:
|
||||
src-git packages git://nbd.name/packages.git
|
||||
|
||||
You can leave uncommented the luci (for GNUTLS) and Xwrt (webif) repositories. Since these repositories
|
||||
use svn over http, you can use subversion even if you are behind a proxy.
|
||||
|
||||
c) Then issue the following command to update the package list:
|
||||
$ scripts/feeds update
|
||||
|
||||
d) Now, let's already create the toolchain and basic image.
|
||||
$ make menuconfig
|
||||
|
||||
This will open a menu for you. You must select the target you are building for.
|
||||
See http://wiki.openwrt.org/toh/start for the table of hardware and associated information.
|
||||
In my case, I am using a Buffalo WZR-HP-G300NH router. I therefore select these options:
|
||||
- Target System --->
|
||||
Atheros AR71xx/AR7240/AR913x
|
||||
- Target Profile --->
|
||||
Buffalo WZR-HP-G300NH
|
||||
|
||||
For many routeurs, the recommended kernel is a 2.4x version. I have NOT tried with such kernel,
|
||||
and the SCTP support is likely to be different in this generation of kernels. I strongly recommend
|
||||
to go with a 2.6x kernel, whenever possible.
|
||||
|
||||
e) As per freeDiameter ticket #26, you also need to change the library to glibc instead of uClibc.
|
||||
Change the option as follow:
|
||||
|
||||
- Advanced configuration options (for developers) --->
|
||||
- Toolchain Options ---->
|
||||
C Library implementation (Use eglibc)
|
||||
|
||||
f) Once configured, create the toolchain and default image (this takes a while):
|
||||
$ make world
|
||||
|
||||
After this command completes successfully, your build environment is ready.
|
||||
The resulting image and packages are stored in the "bin/" subdirectory.
|
||||
It is very convenient if you make this repository available in http to your routeur.
|
||||
|
||||
You should probably try at this early stage to flash your device with the image you have generated.
|
||||
If the default basic image does not work, it is probably not worth adding new problems on top of it.
|
||||
|
||||
For troubleshooting, please consult OpenWRT documentation directly.
|
||||
"make prereq" may help you building the initial image also.
|
||||
See http://downloads.openwrt.org/docs/buildroot-documentation.html for additional information
|
||||
concerning this step.
|
||||
|
||||
You should now be able to login on your routeur with telnet (first time) or ssh (after setting a password).
|
||||
|
||||
==============================================
|
||||
2) Supplied packages:
|
||||
==============================================
|
||||
|
||||
There are some dependencies of freeDiameter already available in the OpenWRT packages repository.
|
||||
You can check for the available packages with the script:
|
||||
$ ./scripts/feeds search <package>
|
||||
|
||||
We will now describe how to install these dependencies. At the time this HOWTO is written,
|
||||
the OpenWRT repositories contains packages for sctp, ipv6, gnutls, pthreads and hostapd.
|
||||
Follow these instructions to build them.
|
||||
|
||||
Alternatively, you can find these packages pre-compiled in the OpenWRT packages repository.
|
||||
|
||||
a) Add the packages
|
||||
$ scripts/feeds install libgnutls
|
||||
$ scripts/feeds install sctp
|
||||
|
||||
b) Select the following components in the menu:
|
||||
$ make menuconfig
|
||||
- Base system --->
|
||||
libpthread (M)
|
||||
|
||||
- Network --->
|
||||
sctp (M)
|
||||
hostapd (M)
|
||||
wpad-mini ( )
|
||||
|
||||
- Libraries --->
|
||||
SSL --->
|
||||
libgnutls (M)
|
||||
|
||||
- Kernel modules --->
|
||||
Network Support --->
|
||||
kmod-ipv6 (M)
|
||||
|
||||
Quit and save the new config, then:
|
||||
$ make world
|
||||
|
||||
This will add a bunch of modules in your bin directory that will be required for freeDiameter.
|
||||
Since we are removing the wpad-mini daemon from the base image, this image (trx or bin file) is also recompiled.
|
||||
|
||||
Note that if you are setting your device as WPA supplicant also (wireless client), you must select wpad instead of hostapd.
|
||||
(in any case, the -mini version is not suitable since we will use the RADIUS authentication).
|
||||
|
||||
|
||||
You should now reflash your routeur with the new firmware image. The simplest way to achieve if your routeur has enough
|
||||
flash memory is to:
|
||||
- copy the new trx image to your routeur's /tmp (using wget or scp)
|
||||
- run this command (on the device) -- replace <newfile.trx> with your actual filename:
|
||||
root@OpenWrt:~# mtd -r write <newfile.trx> linux
|
||||
|
||||
WARNING: this will erase your existing configuration on the routeur.
|
||||
In case you need to save it, you may try the sysupgrade command instead.
|
||||
|
||||
This will reboot the device after writing the new image file.
|
||||
Afterwards, if you have set up the http server on your development machine properly
|
||||
(let's assume it has IP address 192.168.1.25)
|
||||
you can run the following command on your router:
|
||||
root@OpenWrt:~# echo "src/gz mydev http://192.168.1.25/packages" >> /etc/opkg.conf
|
||||
root@OpenWrt:~# opkg update
|
||||
|
||||
Install the newly compiled packages with:
|
||||
root@OpenWrt:~# opkg install kmod-ipv6 hostapd libpthread sctp
|
||||
|
||||
==============================================
|
||||
3) Missing packages:
|
||||
==============================================
|
||||
|
||||
UPDATE: Starting from revision r22917, sctp and kmod-sctp are included in the OpenWRT distribution, and have been removed
|
||||
from freeDiameter package. One may consider using a freeDiameter package prior to 2010/09/05 in order to get the sctp
|
||||
package, or a more recent OpenWRT environment.
|
||||
|
||||
PREVIOUS SITUATION: If you are using components prior to 2010/09/05, the following applies:
|
||||
P:
|
||||
P: There are other dependencies for freeDiameter that are not provided by OpenWRT packages.
|
||||
P: For convenience, we include these meta-packages in the freeDiameter distribution -- but they
|
||||
P: might not be up-to-date.
|
||||
P:
|
||||
P: a) Adding the contributed directory to the feeds
|
||||
P: Add the following line in your feeds.conf file:
|
||||
P: src-link freediameter /path/to/freediameter/contrib/OpenWRT/packages/
|
||||
P:
|
||||
P: Then run:
|
||||
P: $ scripts/feeds update
|
||||
P:
|
||||
P: This should allow you to install the missing dependencies as follow:
|
||||
P:
|
||||
P:
|
||||
P: b) SCTP library (note: you might alternatively compile freeDiameter without SCTP support).
|
||||
P: $ scripts/feeds install sctp
|
||||
P:
|
||||
P:
|
||||
P: c) Select these components in the menu:
|
||||
P: $ make menuconfig
|
||||
P: - Libraries --->
|
||||
P: sctp (M)
|
||||
P:
|
||||
P: Quit and save the new config, then:
|
||||
P: $ make world
|
||||
P:
|
||||
P:
|
||||
P: d) Install this on the router as well:
|
||||
P: root@OpenWrt:~# opkg update
|
||||
P: root@OpenWrt:~# opkg install sctp
|
||||
|
||||
|
||||
==============================================
|
||||
4) freediameter package:
|
||||
==============================================
|
||||
|
||||
Now, your environment should be ready to compile the freeDiameter ipkg package.
|
||||
$ scripts/feeds install freeDiameter
|
||||
|
||||
Note that in order to build this package, you need to have cmake & flex on your compilation machine.
|
||||
|
||||
$ make menuconfig
|
||||
- Network --->
|
||||
freeDiameter (M)
|
||||
freeDiameter-test (M)
|
||||
|
||||
Quit and save the new config, then:
|
||||
$ make world
|
||||
|
||||
On your router, run:
|
||||
# opkg update
|
||||
# opkg install freeDiameter
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
diff --git a/target/linux/brcm47xx/base-files/etc/init.d/netconfig b/target/linux/brcm47xx/base-files/etc/init.d/netconfig
|
||||
index d7839b6..6446483 100755
|
||||
--- a/target/linux/brcm47xx/base-files/etc/init.d/netconfig
|
||||
+++ b/target/linux/brcm47xx/base-files/etc/init.d/netconfig
|
||||
@@ -150,6 +150,30 @@ start() {
|
||||
}
|
||||
}
|
||||
}
|
||||
+ if (model == "D-Link DIR-330") { # boardtype is 0x0472, so we need to reset the parameters
|
||||
+ # The switch is on eth1, this script defaults to switch on eth0, so we write the values directly instead.
|
||||
+ print "#### DIR-330: eth1 must be up for configuring the switch "
|
||||
+ print "config interface switchport"
|
||||
+ print " option ifname \"eth1\""
|
||||
+ print " option proto none"
|
||||
+ print ""
|
||||
+ print "config switch eth1"
|
||||
+ print " option enable 1"
|
||||
+ print ""
|
||||
+ print "config switch_vlan eth1_0"
|
||||
+ print " option device \"eth1\""
|
||||
+ print " option vlan 0"
|
||||
+ print " option ports \"0 1 2 3 5t\""
|
||||
+ print ""
|
||||
+ print "config switch_vlan eth1_1"
|
||||
+ print " option device \"eth1\""
|
||||
+ print " option vlan 1"
|
||||
+ print " option ports \"4 5t\""
|
||||
+ print ""
|
||||
+ c["lan_ifname"] = "eth0.0"
|
||||
+ c["wan_ifname"] = "eth0.1"
|
||||
+ }
|
||||
+
|
||||
# Buffalo WBR-B11 and Buffalo WBR-G54
|
||||
if (nvram["boardtype"] == "bcm94710ap") {
|
||||
c["vlan0ports"] = "0 1 2 3 4 5u"
|
|
@ -0,0 +1,241 @@
|
|||
#
|
||||
# Software License Agreement (BSD License)
|
||||
#
|
||||
# Copyright (c) 2013, WIDE Project and NICT
|
||||
# All rights reserved.
|
||||
#
|
||||
# See LICENSE file from freeDiameter source package for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=freeDiameter
|
||||
PKG_REV:=696
|
||||
PKG_VERSION:=r$(PKG_REV)
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_PROTO:=hg
|
||||
PKG_SOURCE_VERSION:=$(PKG_REV)
|
||||
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://www.freediameter.net/hg/freeDiameter
|
||||
# PKG_MD5SUM:=
|
||||
|
||||
PKG_FIXUP:=libtool
|
||||
PKG_INSTALL:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/freeDiameter
|
||||
SECTION:=freeDiameter
|
||||
CATEGORY:=Network
|
||||
TITLE:=freeDiameter
|
||||
URL:=http://www.freediameter.net
|
||||
DEPENDS:=+sctp +libgnutls +libpthread +kmod-ipv6
|
||||
endef
|
||||
|
||||
define Package/freeDiameter-test
|
||||
SECTION:=freeDiameter
|
||||
CATEGORY:=Network
|
||||
TITLE:=freeDiameter-test
|
||||
URL:=http://www.freediameter.net
|
||||
DEPENDS:=+freeDiameter
|
||||
endef
|
||||
|
||||
define Package/freeDiameter/description
|
||||
freeDiameter + RADIUS/Diameter gateway extension package.
|
||||
endef
|
||||
|
||||
define Package/freeDiameter-test/description
|
||||
The app_test.fdx extension for freeDiameter, useful only to perform some
|
||||
tests between freeDiameter peers (ping-like for Diameter).
|
||||
endef
|
||||
|
||||
define Package/freeDiameter/conffiles
|
||||
/etc/freeDiameter/freeDiameter.conf
|
||||
/etc/freeDiameter/rgw.conf
|
||||
endef
|
||||
|
||||
define Build/Configure
|
||||
IN_OPENWRT=1 \
|
||||
AR="$(TARGET_CROSS)ar" \
|
||||
AS="$(TARGET_CC) -c $(TARGET_CFLAGS)" \
|
||||
LD="$(TARGET_CROSS)ld" \
|
||||
NM="$(TARGET_CROSS)nm" \
|
||||
CC="$(TARGET_CC)" \
|
||||
GCC="$(TARGET_CC)" \
|
||||
CXX="$(TARGET_CROSS)g++" \
|
||||
RANLIB="$(TARGET_CROSS)ranlib" \
|
||||
STRIP="$(TARGET_CROSS)strip" \
|
||||
OBJCOPY="$(TARGET_CROSS)objcopy" \
|
||||
OBJDUMP="$(TARGET_CROSS)objdump" \
|
||||
TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
|
||||
TARGET_CFLAGS="$(TARGET_CFLAGS)" \
|
||||
TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
|
||||
cmake \
|
||||
-DCMAKE_PREFIX_PATH:PATH=$(STAGING_DIR)/usr \
|
||||
-DCMAKE_INSTALL_PREFIX:PATH=/usr \
|
||||
-DDIAMID_IDNA_REJECT:BOOL=ON \
|
||||
-DBUILD_TESTING:BOOL=OFF \
|
||||
-DCMAKE_BUILD_TYPE:STRING=DebianPackage \
|
||||
-DDEFAULT_CONF_PATH:PATH=/etc/freeDiameter \
|
||||
-DBUILD_APP_RADGW:BOOL=ON \
|
||||
-DBUILD_DBG_MONITOR:BOOL=ON \
|
||||
-DBUILD_TEST_APP:BOOL=ON \
|
||||
VERBOSE=1 \
|
||||
$(PKG_BUILD_DIR)/CMakeLists.txt
|
||||
endef
|
||||
|
||||
TARGET_LDFLAGS := -L$(STAGING_DIR)/usr/lib $(TARGET_LDFLAGS)
|
||||
define Package/freeDiameter/install
|
||||
# binaries
|
||||
$(INSTALL_DIR) $(1)/usr/bin
|
||||
$(CP) \
|
||||
$(PKG_INSTALL_DIR)/usr/bin/freeDiameterd* \
|
||||
$(1)/usr/bin/
|
||||
# libraries & extensions
|
||||
$(INSTALL_DIR) $(1)/usr/lib/
|
||||
$(CP) \
|
||||
$(PKG_INSTALL_DIR)/usr/lib/* \
|
||||
$(1)/usr/lib/
|
||||
# Remove the test_app from the main package (see freeDiameter-test)
|
||||
$(RM) $(1)/usr/lib/freeDiameter/test_app*
|
||||
|
||||
# configuration files
|
||||
$(INSTALL_DIR) $(1)/etc/freeDiameter
|
||||
$(INSTALL_CONF) \
|
||||
$(PKG_BUILD_DIR)/doc/freediameter.conf.sample \
|
||||
$(1)/etc/freeDiameter/freeDiameter.conf
|
||||
$(SED) 's,TLS_Cred,#TLS_Cred,g' $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "" >> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "### OPENWRT specific" >> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "TLS_Cred = \"/etc/freeDiameter/freeDiameter.pem\", \"/etc/freeDiameter/freeDiameter.key\";" \
|
||||
>> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "TLS_CA = \"/etc/freeDiameter/freeDiameter.ca.pem\";" \
|
||||
>> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "TLS_DH_File = \"/etc/freeDiameter/dh.pem\";" \
|
||||
>> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "SCTP_streams = 3;" >> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "LoadExtension = \"dict_nasreq.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "LoadExtension = \"dict_eap.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "LoadExtension = \"app_radgw.fdx\":\"rgw.conf\";" \
|
||||
>> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "# test_app.fdx provided in freeDiameter-test package:" \
|
||||
>> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "# LoadExtension = \"test_app.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
echo "## Add overrides below this point" >> $(1)/etc/freeDiameter/freeDiameter.conf
|
||||
|
||||
|
||||
$(INSTALL_CONF) \
|
||||
$(PKG_BUILD_DIR)/doc/app_radgw.conf.sample \
|
||||
$(1)/etc/freeDiameter/rgw.conf
|
||||
$(SED) 's,RGWX,#RGWX,g' $(1)/etc/freeDiameter/rgw.conf
|
||||
echo "" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo "### OPENWRT specific" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo " RGWX = \"auth.rgwx\" : auth;" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo " RGWX = \"acct.rgwx\" : acct;" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo "" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo " cli = 127.0.0.1 / \"secret key\" ;" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo " auth_server_ip4 = 127.0.0.1;" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo " auth_server_ip6 = ::1 ;" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo " acct_server_ip4 = 127.0.0.1;" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
echo " acct_server_ip6 = ::1 ;" >> $(1)/etc/freeDiameter/rgw.conf
|
||||
endef
|
||||
|
||||
define Package/freeDiameter-test/install
|
||||
# Only the test_app extension
|
||||
$(INSTALL_DIR) $(1)/usr/lib/freeDiameter/
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/freeDiameter/test_app* \
|
||||
$(1)/usr/lib/freeDiameter/
|
||||
endef
|
||||
|
||||
define Package/freeDiameter/postinst
|
||||
#!/bin/sh
|
||||
|
||||
# Test if the configuration file contains the local identity already
|
||||
localid=`sed -n -r -e "s/^[[:space:]]*Identity[[:space:]]*=[[:space:]]*\"([^\"]*)\"[[:space:]]*;/\1/p" /etc/freeDiameter/freeDiameter.conf`
|
||||
if [ -z "$$localid" ]; then
|
||||
# Ask for the local name
|
||||
echo -n "Full name of your access point? (openwrt.localdomain) : "
|
||||
read localid
|
||||
if [ -z "$$localid" ]; then
|
||||
localid="openwrt.localdomain"
|
||||
fi
|
||||
echo "Identity = \"$$localid\";" >> /etc/freeDiameter/freeDiameter.conf
|
||||
fi
|
||||
|
||||
# Is there already a ConnectPeer directive?
|
||||
grep -q -E -e "^[[:space:]]*ConnectPeer[[:space:]]*=" /etc/freeDiameter/freeDiameter.conf
|
||||
if [ "$$?" -eq "1" ]; then
|
||||
echo -n "Diameter Identity of your Diameter server: "
|
||||
read serverid
|
||||
if [ -z "$$serverid" ]; then
|
||||
echo "Skipped. Please add ConnectPeer directive to your /etc/freeDiameter/freeDiameter.conf file later."
|
||||
else
|
||||
echo -n "IP or IPv6 address of your Diameter server? (leave blank for dynamic resolution) "
|
||||
read serverip
|
||||
connstr=""
|
||||
if [ -n "$$serverip" ]; then
|
||||
connstr=" { ConnectTo = \"$$serverip\"; }"
|
||||
fi
|
||||
echo "ConnectPeer = \"$$serverid\"$$connstr;" >> /etc/freeDiameter/freeDiameter.conf
|
||||
fi
|
||||
fi
|
||||
|
||||
# Certificate configuration
|
||||
if [ ! -f "/usr/bin/certtool" ]; then
|
||||
echo "certtool is not installed, skipping creation of default certificate and DH parameters."
|
||||
echo "The following files are expected by freeDiameter:"
|
||||
echo " /etc/freeDiameter/freeDiameter.key"
|
||||
echo " /etc/freeDiameter/freeDiameter.pem"
|
||||
echo " /etc/freeDiameter/freeDiameter.ca.pem"
|
||||
echo " /etc/freeDiameter/dh.pem"
|
||||
exit 0
|
||||
fi
|
||||
if [ ! -f "/etc/freeDiameter/freeDiameter.key" ]; then
|
||||
echo "Creating a new private key for freeDiameter, please wait"
|
||||
certtool -p --outfile /etc/freeDiameter/freeDiameter.key
|
||||
fi
|
||||
if [ ! -f "/etc/freeDiameter/freeDiameter.pem" ]; then
|
||||
echo "organization = freeDiameter" > /tmp/template.cnf
|
||||
echo "unit = OpenWRT" >>/tmp/template.cnf
|
||||
echo "state = internet" >>/tmp/template.cnf
|
||||
echo "country = net" >>/tmp/template.cnf
|
||||
echo "cn = $$localid" >>/tmp/template.cnf
|
||||
echo "expiration_days = 3650" >>/tmp/template.cnf
|
||||
echo "signing_key" >>/tmp/template.cnf
|
||||
echo "encryption_key" >>/tmp/template.cnf
|
||||
if [ ! -f "/etc/freeDiameter/freeDiameter.csr" ]; then
|
||||
echo "Creating a new CSR (use if you have a separate CA)"
|
||||
certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \
|
||||
--outfile /etc/freeDiameter/freeDiameter.csr \
|
||||
--template /tmp/template.cnf
|
||||
fi
|
||||
echo "Creating a new certificate for freeDiameter"
|
||||
certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \
|
||||
--outfile /etc/freeDiameter/freeDiameter.pem \
|
||||
--template /tmp/template.cnf
|
||||
rm -f /tmp/template.cnf
|
||||
cat /etc/freeDiameter/freeDiameter.pem >> /etc/freeDiameter/freeDiameter.ca.pem
|
||||
echo "Done."
|
||||
echo "========================================================================"
|
||||
echo "To enable TLS communication, you should either:"
|
||||
echo " - use a real certificate signed by your server's CA:"
|
||||
echo " Use the CSR provided in /etc/freeDiameter/freeDiameter.csr"
|
||||
echo " Save the new certificate as /etc/freeDiameter/freeDiameter.pem"
|
||||
echo " Replace the contents of /etc/freeDiameter/freeDiameter.ca.pem with your CA's certificate"
|
||||
echo " - or, declare the certificates as trusted as follow: "
|
||||
echo " Add your server's CA certificate into /etc/freeDiameter/freeDiameter.ca.pem"
|
||||
echo " Add the content of /etc/freeDiameter/freeDiameter.pem into your server's trusted CA file"
|
||||
echo "========================================================================"
|
||||
fi
|
||||
if [ ! -f "/etc/freeDiameter/dh.pem" ]; then
|
||||
echo "Creating new Diffie-Hellman parameters file. This operation takes a while..."
|
||||
certtool --generate-dh-params --outfile /etc/freeDiameter/dh.pem
|
||||
echo "Done."
|
||||
fi
|
||||
echo "freeDiameter configuration completed and stored in /etc/freeDiameter/."
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,freeDiameter))
|
||||
$(eval $(call BuildPackage,freeDiameter-test))
|
|
@ -0,0 +1,19 @@
|
|||
diff -Nur freeDiameter/CMakeLists.txt freeDiameter-OpenWRT/CMakeLists.txt
|
||||
--- freeDiameter/CMakeLists.txt 2010-08-13 16:19:35.000000000 +0900
|
||||
+++ freeDiameter-OpenWRT/CMakeLists.txt 2010-08-13 16:21:32.000000000 +0900
|
||||
@@ -51,6 +51,14 @@
|
||||
SET(DEBUG 1)
|
||||
ENDIF (CMAKE_BUILD_TYPE MATCHES "Debug|Profiling|DebugValgrind")
|
||||
|
||||
+# OpenWRT
|
||||
+SET(IN_OPENWRT $ENV{IN_OPENWRT})
|
||||
+IF (IN_OPENWRT)
|
||||
+ ADD_DEFINITIONS("$ENV{TARGET_LDFLAGS}" "$ENV{TARGET_CPPFLAGS}" "$ENV{TARGET_CFLAGS}")
|
||||
+ INCLUDE_DIRECTORIES("$ENV{TARGET_LDFLAGS}" "$ENV{TARGET_CPPFLAGS}" "$ENV{TARGET_CFLAGS}")
|
||||
+ENDIF(IN_OPENWRT)
|
||||
+
|
||||
+
|
||||
# some subfolders use yacc and lex parsers
|
||||
SET(BISON_GENERATE_DEFINES TRUE)
|
||||
SET(BISON_PREFIX_OUTPUTS TRUE)
|
||||
Binary files freeDiameter/.hg/dirstate and freeDiameter-OpenWRT/.hg/dirstate differ
|
|
@ -0,0 +1,15 @@
|
|||
OWRT_ENV_ROOT=/root/openwrt-env/openwrt
|
||||
STAGING_UCLIBC_ROOT=$(OWRT_ENV_ROOT)/staging_dir/target-mipsel_uClibc-0.9.31
|
||||
STAGING_GCC_ROOT=$(OWRT_ENV_ROOT)/staging_dir/toolchain-mipsel_gcc-4.3.3+cs_uClibc-0.9.31
|
||||
|
||||
CFLAGS=-Os -pipe -mips32 -mtune=mips32 -funit-at-a-time -fhonour-copts -msoft-float -I$(STAGING_UCLIBC_ROOT)/usr/include -I$(STAGING_UCLIBC_ROOT)/include -I$(STAGING_GCC_ROOT)/usr/include -I$(STAGING_GCC_ROOT)/include
|
||||
LDFLAGS=-L$(STAGING_UCLIBC_ROOT)/usr/lib -L$(STAGING_UCLIBC_ROOT)/lib -L$(STAGING_GCC_ROOT)/usr/lib -L$(STAGING_GCC_ROOT)/lib
|
||||
|
||||
GCC=mipsel-openwrt-linux-uclibc-gcc
|
||||
PATH:=$(STAGING_GCC_ROOT)/bin/:$(PATH)
|
||||
|
||||
testcase: testcase.o
|
||||
$(GCC) $(LDFLAGS) -lpthread testcase.o -o testcase
|
||||
|
||||
testcase.o: testcase.c
|
||||
$(GCC) $(CFLAGS) -o testcase.o -c testcase.c
|
|
@ -0,0 +1,90 @@
|
|||
#include <pthread.h>
|
||||
#include <stdio.h>
|
||||
#include <strings.h>
|
||||
#include <assert.h>
|
||||
|
||||
static pthread_barrier_t bar;
|
||||
static pthread_mutex_t mtx = PTHREAD_MUTEX_INITIALIZER;
|
||||
static pthread_cond_t cnd = PTHREAD_COND_INITIALIZER;
|
||||
static int called = 0;
|
||||
|
||||
#ifndef ASSERT
|
||||
#define ASSERT(x) assert(x)
|
||||
#endif /* ASSERT */
|
||||
|
||||
static void cleanupmutex(void * arg)
|
||||
{
|
||||
printf("cancelation cleanup handler called\n");
|
||||
if (arg) {
|
||||
ASSERT( pthread_mutex_unlock((pthread_mutex_t *)arg) == 0 );
|
||||
called++;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
static void * mythread(void * a)
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* lock mutex */
|
||||
ASSERT( pthread_mutex_lock(&mtx) == 0 );
|
||||
|
||||
/* Push cleanup */
|
||||
pthread_cleanup_push(cleanupmutex, &mtx);
|
||||
|
||||
printf("thread synchronization (mutex acquired)\n");
|
||||
|
||||
/* Wake the other thread */
|
||||
ret = pthread_barrier_wait(&bar);
|
||||
ASSERT( (ret == 0) || (ret == PTHREAD_BARRIER_SERIAL_THREAD) );
|
||||
|
||||
/* Now wait for the condition, this unlocks the mutex */
|
||||
do {
|
||||
printf("thread waiting cond\n");
|
||||
ASSERT( pthread_cond_wait(&cnd, &mtx) == 0);
|
||||
printf("thread woken\n");
|
||||
} while (1);
|
||||
|
||||
/* Cleanup, never reached */
|
||||
pthread_cleanup_pop(1);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int main(int argc, char * argv[])
|
||||
{
|
||||
int ret;
|
||||
pthread_t thr;
|
||||
void * dummy;
|
||||
|
||||
/* initialize the barrier */
|
||||
ASSERT( pthread_barrier_init(&bar, NULL, 2) == 0 );
|
||||
|
||||
printf("Creating thread\n");
|
||||
|
||||
/* Create the thread */
|
||||
ASSERT( pthread_create(&thr, NULL, mythread, NULL) == 0 );
|
||||
|
||||
printf("main synchronization\n");
|
||||
ret = pthread_barrier_wait(&bar);
|
||||
ASSERT( (ret == 0) || (ret == PTHREAD_BARRIER_SERIAL_THREAD) );
|
||||
|
||||
ASSERT( pthread_mutex_lock(&mtx) == 0 );
|
||||
printf("main: thread is now waiting for condvar\n");
|
||||
|
||||
/* Cancel the thread */
|
||||
ASSERT( pthread_cancel(thr) == 0 );
|
||||
|
||||
/* Now, unlock, so that the thread can actually really exit */
|
||||
ASSERT( pthread_mutex_unlock(&mtx) == 0 );
|
||||
|
||||
/* Release thread resources */
|
||||
ASSERT( pthread_join(thr, &dummy) == 0 );
|
||||
|
||||
if (called == 1)
|
||||
printf("Test successful!\n");
|
||||
else
|
||||
printf("Test failed! Cleanup was not called (& lock not released)\n");
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
|
@ -0,0 +1,149 @@
|
|||
#!/usr/bin/make -s
|
||||
#
|
||||
# This file is designed to automatize the CA tasks such as:
|
||||
# -> init : create the initial CA tree and the CA root certificate.
|
||||
# -> newcsr: create a new private key and csr. $name and $email must be set. C, ST, L, O, OU may be overwitten (example: make newcsr C=FR)
|
||||
# -> cert : sign a pending CSR and generate the certificate. $name must be provided.
|
||||
# -> revoke: revoke a certificate. $name must be provided.
|
||||
# -> gencrl: update/create the CRL.
|
||||
#
|
||||
# The file should be located in the directory STATIC_DIR as defined below.
|
||||
# The DIR directory will contain the data of the CA. It might be placed in /var.
|
||||
# The DIR should also be configured in openssl.cnf file under [ CA_default ]->dir.
|
||||
#
|
||||
# Here are the steps to install the CA scripts in default environment:
|
||||
## mkdir /etc/openssl-ca.static
|
||||
## cp Makefile openssl.cnf /etc/openssl-ca.static
|
||||
# ( configure the default parameters of your CA in /etc/openssl-ca/openssl.cnf ) ##
|
||||
## mkdir /etc/openssl-ca
|
||||
## make -f /etc/openssl-ca.static/Makefile destroy force=y
|
||||
## cd /etc/openssl-ca
|
||||
## make init
|
||||
## make help
|
||||
|
||||
DIR = /home/thedoc/testbed.aaa/ca
|
||||
STATIC_DIR = /home/thedoc/testbed.aaa/ca
|
||||
CONFIG = -config $(DIR)/openssl.cnf
|
||||
|
||||
#Defaults for new CSR
|
||||
C = JP
|
||||
ST = Tokyo
|
||||
L = Koganei
|
||||
O = WIDE
|
||||
OU = "AAA WG"
|
||||
|
||||
#Default lifetime
|
||||
DAYS = 365
|
||||
|
||||
#Values for the CA
|
||||
CA_CN = mgr.testbed.aaa
|
||||
CA_mail = sdecugis@freediameter.net
|
||||
|
||||
#Disable "make destroy"
|
||||
force =
|
||||
|
||||
|
||||
# Default: print the help
|
||||
all: help
|
||||
|
||||
# Help message
|
||||
help:
|
||||
@echo "\n\
|
||||
Default values (can be overwritten on command-line):\n\
|
||||
[C=$(C)] [ST=$(ST)] [L=$(L)] [O=$(O)] [OU=$(OU)]\n\
|
||||
[CA_CN=$(CA_CN)] [CA_mail=$(CA_mail)]\n\n\
|
||||
Available commands:\n\
|
||||
make init\n\
|
||||
Creates the initial CA structure in $(DIR)\n\
|
||||
make gencrl\n\
|
||||
Regenerates the CRL. Should be run at least once a month.\n\
|
||||
make newcsr name=foo email=b@r [type=ca]\n\
|
||||
Create private key and csr in clients subdir (named foo.*)\n\
|
||||
make cert name=foo\n\
|
||||
Signs the CSR foo.csr and creates the certificate foo.cert.\n\
|
||||
make revoke name=foo\n\
|
||||
Revokes the certificate foo.cert and regenerates the CRL.\n\
|
||||
\n\
|
||||
Notes:\n\
|
||||
Content from public-www should be available from Internet. \n\
|
||||
The URL to CRL should be set in openssl.cnf.\n\
|
||||
A cron job should execute make gencrl once a month.\n\
|
||||
";
|
||||
|
||||
# Destroy the CA completely. Use with care.
|
||||
destroy:
|
||||
@if [ -z "$(force)" ]; then echo "Restart disabled, use: make destroy force=y"; exit 1; fi
|
||||
@if [ ! -d $(STATIC_DIR) ]; then echo "Error in setup"; exit 1; fi
|
||||
@echo "Removing everything (for debug purpose)..."
|
||||
@rm -rf $(DIR)/*
|
||||
@ln -sf $(STATIC_DIR)/Makefile $(DIR)
|
||||
@ln -sf $(STATIC_DIR)/openssl.cnf $(DIR)
|
||||
|
||||
# Initialize the CA structure and keys.
|
||||
init:
|
||||
@if [ -d $(DIR)/private ]; then echo "CA already initialized."; exit 1; fi
|
||||
@echo "Creating CA structure..."
|
||||
@mkdir $(DIR)/crl
|
||||
@mkdir $(DIR)/certs
|
||||
@mkdir $(DIR)/newcerts
|
||||
@mkdir $(DIR)/public-www
|
||||
@mkdir $(DIR)/private
|
||||
@chmod 700 $(DIR)/private
|
||||
@mkdir $(DIR)/clients
|
||||
@mkdir $(DIR)/clients/privkeys
|
||||
@mkdir $(DIR)/clients/csr
|
||||
@mkdir $(DIR)/clients/certs
|
||||
@echo "01" > $(DIR)/serial
|
||||
@touch $(DIR)/index.txt
|
||||
@openssl req $(CONFIG) -new -batch -x509 -days 3650 -nodes -newkey rsa:2048 -out $(DIR)/public-www/cacert.pem \
|
||||
-keyout $(DIR)/private/cakey.pem -subj /C=$(C)/ST=$(ST)/L=$(L)/O=$(O)/OU=$(OU)/CN=$(CA_CN)/emailAddress=$(CA_mail)
|
||||
@ln -s $(DIR)/public-www/cacert.pem $(DIR)/certs/`openssl x509 -noout -hash < $(DIR)/public-www/cacert.pem`.0
|
||||
@$(MAKE) -f $(DIR)/Makefile gencrl
|
||||
|
||||
# Regenerate the Certificate Revocation List.
|
||||
# This list should be available publicly
|
||||
gencrl:
|
||||
@openssl ca $(CONFIG) -gencrl -out $(DIR)/public-www/crl.pem
|
||||
@ln -sf $(DIR)/public-www/crl.pem $(DIR)/crl/`openssl crl -noout -hash < $(DIR)/public-www/crl.pem`.r0
|
||||
|
||||
# Create a new private key and a CSR, in case the client does not provide the CSR by another mean.
|
||||
# Usage is: make newcsr name=peer.client.fqdn email=admin@client.fqdn
|
||||
newcsr:
|
||||
@if [ -z "$(name)" -o -z "$(email)" ]; then echo "Please provide certificate name and email address: make newcsr name=mn.nautilus.org email=you@mail.com"; exit 1; fi
|
||||
@if [ -e $(DIR)/clients/csr/$(name).csr ]; then echo "There is already a pending csr for this name."; exit 1; fi
|
||||
@if [ ! -e $(DIR)/clients/privkeys/$(name).key.pem ]; \
|
||||
then echo "Generating a private key for $(name) ..."; \
|
||||
openssl genrsa -out $(DIR)/clients/privkeys/$(name).key.pem 1024; \
|
||||
fi;
|
||||
@echo "Creating the CSR in $(DIR)/clients/csr/$(name).csr";
|
||||
@openssl req $(CONFIG) -new -batch -out $(DIR)/clients/csr/$(name).csr \
|
||||
-key $(DIR)/clients/privkeys/$(name).key.pem \
|
||||
-subj /C=$(C)/ST=$(ST)/L=$(L)/O=$(O)/OU=$(OU)/CN=$(name)/emailAddress=$(email)
|
||||
|
||||
# Process a CSR to create a x509 certificate. The certificate is valid for 1 year.
|
||||
# It should be sent to the client by any mean.
|
||||
cert:
|
||||
@if [ -z "$(name)" ]; then echo "name must be provided: make cert name=mn.n6.org"; exit 1; fi
|
||||
@if [ ! -e $(DIR)/clients/csr/$(name).csr ]; then echo "Could not find CSR in $(DIR)/clients/csr/$(name).csr."; exit 1; fi
|
||||
@if [ -e $(DIR)/clients/certs/$(name).cert ]; \
|
||||
then echo "Revoking old certificate..."; \
|
||||
$(MAKE) revoke name=$(name); \
|
||||
fi;
|
||||
@openssl ca $(CONFIG) -in $(DIR)/clients/csr/$(name).csr \
|
||||
-out $(DIR)/clients/certs/$(name).cert \
|
||||
-days $(DAYS) \
|
||||
-batch
|
||||
@ln -s $(DIR)/clients/certs/$(name).cert $(DIR)/certs/`openssl x509 -noout -hash < $(DIR)/clients/certs/$(name).cert`.0
|
||||
|
||||
# Revoke a certificate.
|
||||
revoke:
|
||||
@if [ -z "$(name)" ]; then echo "name must be provided: make revoke name=mn.n6.org"; exit 1; fi
|
||||
@if [ ! -e $(DIR)/clients/certs/$(name).cert ]; \
|
||||
then echo "$(DIR)/clients/certs/$(name).cert not found"; \
|
||||
exit 1; \
|
||||
fi;
|
||||
@openssl ca $(CONFIG) -revoke $(DIR)/clients/certs/$(name).cert;
|
||||
@rm -f $(DIR)/certs/`openssl x509 -noout -hash < $(DIR)/clients/certs/$(name).cert`.0
|
||||
@$(MAKE) gencrl
|
||||
|
||||
# End of file...
|
|
@ -0,0 +1,315 @@
|
|||
#
|
||||
# OpenSSL example configuration file.
|
||||
# This is mostly being used for generation of certificate requests.
|
||||
#
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = /etc/openssl-ca # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
#unique_subject = no # Set to 'no' to allow creation of
|
||||
# several ctificates with same subject.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/public-www/cacert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
# crlnumber = $dir/crlnumber # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/public-www/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem# The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
name_opt = ca_default # Subject Name options
|
||||
cert_opt = ca_default # Certificate field options
|
||||
|
||||
# Extension copying option: use with caution.
|
||||
# copy_extensions = copy
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crlnumber must also be commented out to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = sha1 # which md to use.
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
# policy = policy_match
|
||||
policy = policy_anything
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = fdsecret
|
||||
# output_password = fdsecret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString.
|
||||
# utf8only: only UTF8Strings.
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
||||
# so use this option with caution!
|
||||
string_mask = utf8only
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = JP
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = Tokyo
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = Koganei
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = WIDE
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
1.organizationName = Second Organization Name (eg, company)
|
||||
1.organizationName_default = NICT
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = AAA WG
|
||||
|
||||
commonName = Common Name (i.e. Diameter Agent hostname)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address (i.e. Diameter agent administrator)
|
||||
emailAddress_max = 64
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 0
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical,CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
[ proxy_cert_ext ]
|
||||
# These extensions should be added when creating a proxy certificate
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This really needs to be in place for it to be a proxy certificate.
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
|
@ -0,0 +1,178 @@
|
|||
#!/usr/bin/make -s
|
||||
#
|
||||
# This file is inspired from freeDiameter's contrib/ca_script and
|
||||
# improved to handle multiple CA in a hierarchical fashion.
|
||||
# Warning: the directory structure is flat, does not reflect the CA hierarchy
|
||||
|
||||
SCRIPT_DIR = .
|
||||
DATA_DIR = ./ca_data
|
||||
|
||||
CONFIG = -config $(SCRIPT_DIR)/openssl.cnf
|
||||
REMAKE = $(MAKE) -f $(SCRIPT_DIR)/Makefile
|
||||
|
||||
#Disable "make destroy" -- overwrite on command line
|
||||
force =
|
||||
|
||||
#RSA key sizes, can be overwritten on command line
|
||||
cakeysize = 2048
|
||||
keysize = 1024
|
||||
|
||||
# Save current date
|
||||
DATE=`date +%Y%m%d-%H%M%S`
|
||||
|
||||
# Default: print the help
|
||||
all: help
|
||||
|
||||
# Help message
|
||||
help:
|
||||
@echo "\n\
|
||||
Available commands:\n\
|
||||
make init topca=name\n\
|
||||
Creates the initial top-level CA structure\n\
|
||||
make newca name=newcaname ca=parentca\n\
|
||||
Creates a new sub-CA that can be used for certificates later.\n\
|
||||
make newcert name=foo ca=parentca\n\
|
||||
Create private key and csr, then issue the certificate (named foo.*)\n\
|
||||
make p12 name=foo ca=parentca\n\
|
||||
Same as newcert, but additionnaly creates a pkcs12 file to ship client certificate to Windows or Mac\n\
|
||||
make ship name=foo ca=parentca\n\
|
||||
Create an archive with the data for the client (useful for freeDiameter peers)\n\
|
||||
make revoke name=foo ca=parentca\n\
|
||||
Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\
|
||||
make gencrl ca=caname\n\
|
||||
Regenerates the CRL of CA caname. Should be run periodically.\n\
|
||||
\n\
|
||||
";
|
||||
|
||||
# Destroy the CA hierarchy completely. Use with care.
|
||||
destroy:
|
||||
@if [ -z "$(force)" ]; then echo "Destroy disabled, use: make destroy force=y"; exit 1; fi
|
||||
@if [ ! -d $(SCRIPT_DIR) ]; then echo "Error in setup"; exit 1; fi
|
||||
@echo "Removing everything (for debug purpose)..."
|
||||
@rm -rf $(DATA_DIR)/*
|
||||
|
||||
# Initialize the CA structure
|
||||
structure:
|
||||
@if [ -z "$(caname)" ]; then echo "Internal error: caname is missing"; exit 1; fi
|
||||
@if [ -d $(DATA_DIR)/$(caname) ]; then echo "CA $(caname) already exists."; exit 1; fi
|
||||
# Creating CA structure
|
||||
@mkdir -p $(DATA_DIR)/$(caname)
|
||||
@mkdir $(DATA_DIR)/$(caname)/public
|
||||
@mkdir $(DATA_DIR)/$(caname)/public/crl
|
||||
@mkdir $(DATA_DIR)/$(caname)/private
|
||||
@chmod 700 $(DATA_DIR)/$(caname)/private
|
||||
@mkdir $(DATA_DIR)/$(caname)/clients
|
||||
@echo "01" > $(DATA_DIR)/$(caname)/serial
|
||||
@echo "01" > $(DATA_DIR)/$(caname)/crlnumber
|
||||
@touch $(DATA_DIR)/$(caname)/index.txt
|
||||
|
||||
# Initialize the top-level CA structure and keys.
|
||||
init:
|
||||
@if [ -z "$(topca)" ]; then echo "Please specify the name of the root CA. Ex: make init topca=rootca.testbed.aaa"; exit 1; fi
|
||||
# Create the folder hierarchy
|
||||
@$(REMAKE) structure caname=$(topca)
|
||||
# Generate the self-signed certificate
|
||||
@CA_ROOT_DIR=$(DATA_DIR)/$(topca) openssl req $(CONFIG) -new -batch -x509 -days 3650 -nodes -newkey rsa:$(cakeysize) -out $(DATA_DIR)/$(topca)/public/cacert.pem \
|
||||
-keyout $(DATA_DIR)/$(topca)/private/cakey.pem -extensions ca_cert -subj /CN=$(topca)
|
||||
@ln -s cacert.pem $(DATA_DIR)/$(topca)/public/`openssl x509 -noout -hash < $(DATA_DIR)/$(topca)/public/cacert.pem`.0
|
||||
@touch $(DATA_DIR)/$(topca)/public/cachain.pem
|
||||
@ln -s ../../$(topca)/public/cacert.pem $(DATA_DIR)/$(topca)/public/caroot.pem
|
||||
@$(REMAKE) gencrl ca=$(topca)
|
||||
|
||||
# Create a secondary CA
|
||||
newca:
|
||||
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make newca name=subca.testbed.aaa ca=rootca.testbed.aaa"; exit 1; fi
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
|
||||
@if [ ! -d $(DATA_DIR)/$(name) ]; then $(REMAKE) structure caname=$(name); fi
|
||||
# Generate the private key and CSR for the new CA if needed
|
||||
@if [ ! -e $(DATA_DIR)/$(name)/private/cakey.pem ]; then \
|
||||
openssl genrsa -out $(DATA_DIR)/$(name)/private/cakey.pem $(cakeysize) ; fi
|
||||
@if [ ! -e $(DATA_DIR)/$(name)/private/cacsr.pem ]; then \
|
||||
CA_ROOT_DIR=$(DATA_DIR)/$(name) openssl req $(CONFIG) -new -batch -out $(DATA_DIR)/$(name)/private/cacsr.pem \
|
||||
-key $(DATA_DIR)/$(name)/private/cakey.pem \
|
||||
-subj /CN=$(name) -reqexts v3_req_ca; fi
|
||||
# Revoke a previous certificate for this CA if any
|
||||
@if [ -e $(DATA_DIR)/$(name)/public/cacert.pem ]; then \
|
||||
echo "Revoking previous certificate ..."; \
|
||||
$(REMAKE) revoke name=$(name) ca=$(ca); \
|
||||
mv $(DATA_DIR)/$(name)/public/cacert.pem $(DATA_DIR)/$(name)/public/cacert-$(DATE).pem; fi
|
||||
# Issue the new CA certificate
|
||||
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -in $(DATA_DIR)/$(name)/private/cacsr.pem \
|
||||
-out $(DATA_DIR)/$(name)/public/cacert.pem \
|
||||
-batch -extensions ca_cert
|
||||
# Hash and link to parent
|
||||
@ln -s cacert.pem $(DATA_DIR)/$(ca)/public/`openssl x509 -noout -hash < $(DATA_DIR)/$(name)/public/cacert.pem`.0
|
||||
@rm -f $(DATA_DIR)/$(name)/parent
|
||||
@ln -s ../$(ca) $(DATA_DIR)/$(name)/parent
|
||||
@cat $(DATA_DIR)/$(name)/public/cacert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(name)/public/cachain.pem
|
||||
@ln -s ../../$(ca)/public/caroot.pem $(DATA_DIR)/$(name)/public/caroot.pem
|
||||
@for CRLFILE in `cd $(DATA_DIR)/$(ca)/public/crl && ls -1`; do ln -sf ../../../$(ca)/public/crl/$$CRLFILE $(DATA_DIR)/$(name)/public/crl/$$CRLFILE; done
|
||||
@$(REMAKE) gencrl ca=$(name)
|
||||
|
||||
# Create a new certificate for use in TLS communications and other terminal usages
|
||||
newcert:
|
||||
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make newcert name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
|
||||
@if [ ! -d $(DATA_DIR)/$(ca)/clients/$(name) ]; then mkdir $(DATA_DIR)/$(ca)/clients/$(name); fi
|
||||
# Create a private key if needed
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then \
|
||||
openssl genrsa -out $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem $(keysize); fi
|
||||
# Create a CSR if needed
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/csr.pem ]; then \
|
||||
CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl req $(CONFIG) -new -batch -out $(DATA_DIR)/$(ca)/clients/$(name)/csr.pem \
|
||||
-key $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \
|
||||
-subj /CN=$(name); fi
|
||||
# Revoke a previous certificate if any
|
||||
@if [ -e $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem ]; then \
|
||||
$(REMAKE) revoke name=$(name) ca=$(ca); \
|
||||
mv $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/clients/$(name)/cert-$(DATE).pem; fi
|
||||
# Now sign the new certificate with the CA key
|
||||
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -in $(DATA_DIR)/$(ca)/clients/$(name)/csr.pem \
|
||||
-out $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem \
|
||||
-batch
|
||||
# Hash
|
||||
@ln -sf `cat $(DATA_DIR)/$(ca)/serial.old`.pem $(DATA_DIR)/$(ca)/public/`openssl x509 -noout -hash < $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem`.0
|
||||
# Compiled informations for the client
|
||||
@cat $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem $(DATA_DIR)/$(ca)/public/cachain.pem > $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem
|
||||
@ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl
|
||||
@ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem
|
||||
|
||||
# Create a PKCS#12 file containing the client's information
|
||||
p12: newcert
|
||||
# Create the PKCS#12 file
|
||||
@cat $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \
|
||||
$(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem \
|
||||
$(DATA_DIR)/$(ca)/clients/$(name)/ca.pem \
|
||||
| openssl pkcs12 -export -out $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12
|
||||
@echo "Client certificate is created in $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12"
|
||||
|
||||
# Create an archive to send the data to the client node
|
||||
ship:
|
||||
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem ]; then echo "The client $(name) does not exist, use 'make newcert' first."; exit 1; fi
|
||||
# Ship the data
|
||||
@tar -c -C $(DATA_DIR)/$(ca)/clients/$(name) -z -f $(ca)_$(name).tar.gz -h .
|
||||
@echo "The files have been packaged into archive: $(ca)_$(name).tar.gz"
|
||||
|
||||
# Revoke a certificate
|
||||
revoke:
|
||||
@if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make revoke name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/private/cakey.pem ]; then echo "The parent CA $(ca) does not exist."; exit 1; fi
|
||||
@if [ ! -e $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem ]; \
|
||||
then echo "$(DATA_DIR)/$(ca)/clients/$(name)/cert.pem not found"; \
|
||||
exit 1; \
|
||||
fi;
|
||||
# Revoke the certificate
|
||||
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -revoke $(DATA_DIR)/$(ca)/clients/$(name)/cert.pem;
|
||||
@$(REMAKE) gencrl ca=$(ca)
|
||||
|
||||
# Regenerate the Certificate Revocation List.
|
||||
gencrl:
|
||||
@if [ -z "$(ca)" ]; then echo "Missing parameter. Ex: make gencrl ca=ca.testbed.aaa"; exit 1; fi
|
||||
# Create the CRL
|
||||
@CA_ROOT_DIR=$(DATA_DIR)/$(ca) openssl ca $(CONFIG) -gencrl -out $(DATA_DIR)/$(ca)/public/crl/$(ca).pem
|
||||
@ln -s crl/$(ca).pem $(DATA_DIR)/$(ca)/public/local.pem
|
||||
@ln -s local.pem $(DATA_DIR)/$(ca)/public/`openssl crl -noout -hash < $(DATA_DIR)/$(ca)/public/crl/$(ca).pem`.r0
|
||||
|
||||
# End of file...
|
|
@ -0,0 +1,120 @@
|
|||
# Note: for this file to be working, an environment var CA_ROOT_DIR = directory
|
||||
# must be defined and pointing to the CA top-level directory.
|
||||
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
oid_section = new_oids
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
# default_keyfile = privkey.pem
|
||||
string_mask = utf8only
|
||||
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
req_extensions = v3_req # overwrite with -reqexts
|
||||
x509_extensions = ca_cert # overwrite with -extensions; used for self-signed keys only
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = JP
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = Tokyo
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = Koganei
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = WIDE
|
||||
1.organizationName = Second Organization Name (eg, company)
|
||||
1.organizationName_default = NICT
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = AAA WG testbed
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 0
|
||||
challengePassword_max = 20
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ v3_req ]
|
||||
# Extensions to add to a certificate request
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_req_ca ]
|
||||
# Extensions to add to a certificate request for CA
|
||||
basicConstraints = CA:TRUE
|
||||
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
[ CA_default ]
|
||||
|
||||
dir = $ENV::CA_ROOT_DIR # Where everything is kept
|
||||
certs = $dir/public # Where the issued certs are kept
|
||||
crl_dir = $dir/public # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
#unique_subject = no # Set to 'no' to allow creation of
|
||||
# several ctificates with same subject.
|
||||
new_certs_dir = $dir/public # default place for new certs.
|
||||
|
||||
certificate = $dir/public/cacert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crlnumber = $dir/crlnumber # the current crl number
|
||||
crl = $dir/public/local.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem # The private key
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
# overwrite with -extensions
|
||||
name_opt = ca_default # Subject Name options
|
||||
cert_opt = ca_default # Certificate field options
|
||||
crl_extensions = crl_ext
|
||||
|
||||
default_days = 3650 # how long to certify for
|
||||
default_crl_days= 365 # how long before next CRL
|
||||
default_md = sha1 # which md to use.
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# We accept to sign anything, but a real deployment would limit to proper domain etc...
|
||||
policy = policy_anything
|
||||
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ usr_cert ]
|
||||
basicConstraints=CA:FALSE
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
[ ca_cert ]
|
||||
# Extensions for a typical CA
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
basicConstraints = critical,CA:true # Remove "critical," in case of problems
|
||||
keyUsage = cRLSign, keyCertSign
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
[ crl_ext ]
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
|
|
@ -0,0 +1,284 @@
|
|||
diff -Nur phpki-0.82/ca/main.php phpki-0.82-fD/ca/main.php
|
||||
--- phpki-0.82/ca/main.php 2005-11-17 10:17:20.000000000 +0900
|
||||
+++ phpki-0.82-fD/ca/main.php 2010-05-27 17:04:44.000000000 +0900
|
||||
@@ -36,7 +36,7 @@
|
||||
else {
|
||||
?>
|
||||
<font color=#ff0000>
|
||||
- <h2>There was an error updating the Certificate Revocation List.</h2></font><br>
|
||||
+ <h2>There was an error updating the Certificate Revocation List.</h2></font><br />
|
||||
<blockquote>
|
||||
<h3>Debug Info:</h3>
|
||||
<pre><?=$errtxt?></pre>
|
||||
@@ -53,8 +53,11 @@
|
||||
default:
|
||||
printHeader('ca');
|
||||
?>
|
||||
- <br>
|
||||
- <br>
|
||||
+ <br />
|
||||
+ <br />
|
||||
+
|
||||
+ <center><h3>For <span style="color: #FF0000;">freeDiameter</span> specific instructions, scroll down this page...</h3></center><br />
|
||||
+
|
||||
<center>
|
||||
<table class=menu width=600><th class=menu colspan=2><big>CERTIFICATE MANAGEMENT MENU</big></th>
|
||||
|
||||
@@ -89,7 +92,57 @@
|
||||
|
||||
</table>
|
||||
</center>
|
||||
- <br><br>
|
||||
+ <br /><br />
|
||||
+ <center>
|
||||
+ <table class=menu width=900><th class=menu colspan=2><big>FREEDIAMETER INSTRUCTIONS</big></th>
|
||||
+ <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
|
||||
+ Create a new certificate</td>
|
||||
+
|
||||
+ <td>Use the <strong><cite>Create a New Certificate</cite></strong> link in previous table to request a new certificate. Fill the form as follow:
|
||||
+ <ul>
|
||||
+ <li><strong>Common Name</strong>: use your new freeDiameter identity (usually the FQDN).</li>
|
||||
+ <li><strong>E-mail Address</strong>: Provide your address so that you can be contacted in case of inquiry.</li>
|
||||
+ <li><strong>Organization</strong>: use "freeDiameter testbed" for example.</li>
|
||||
+ <li><strong>Certificate Password</strong>: Do not loose the password you provide, you'll need it in the next step. <br />
|
||||
+ The password must be >= 8 chars.</li>
|
||||
+ <li>The other fields can be filled at your taste.</li>
|
||||
+ </ul>
|
||||
+ Once you have validated, you can check the values, and then proceed to download the new certificate and private key.
|
||||
+ You will receive a file in PEM format. Let's call this file <em>mycertprotected.pem</em>.
|
||||
+ It contains:
|
||||
+ <ul>
|
||||
+ <li>Your password-protected RSA private key.</li>
|
||||
+ <li>Your certificate in PEM format.</li>
|
||||
+ <li>The CA certificate.</li>
|
||||
+ </ul></td></tr>
|
||||
+
|
||||
+ <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
|
||||
+ Split the file</td>
|
||||
+
|
||||
+ <td>In order to use the information with freeDiameter daemon, you must transform the data as follow:
|
||||
+ <ul>
|
||||
+ <li><strong>Decode the private key</strong>: <br />
|
||||
+ <code>openssl rsa -in <em>mycertprotected.pem</em> -out /etc/ssl/private/freeDiameter.key</code><br />
|
||||
+ OpenSSL will ask for the password you entered when creating the certificate.</li>
|
||||
+ <li><strong>Extract your certificate</strong>: <br />
|
||||
+ <code>openssl x509 -in <em>mycertprotected.pem</em> > /etc/ssl/certs/freeDiameter.pem</code></li>
|
||||
+ <li><strong>Get the CA certificate</strong>: <br />
|
||||
+ <code>wget --no-check-certificate "$config[base_url]index.php?stage=dl_root" -O /etc/ssl/certs/freeDiameter_testbed_CA.pem</code></li>
|
||||
+ </ul>
|
||||
+ Note: for the last step, you could also extract it directly from the PEM file you received.<br />
|
||||
+ Note: the CRL is also available from the website, but this feature is not tested yet.</td></tr>
|
||||
+
|
||||
+ <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
|
||||
+ Configure freeDiameter</td>
|
||||
+
|
||||
+ <td>Here is the configuration related to TLS that you should set in your <em>/etc/freeDiameter/freeDiameter.conf</em> file:
|
||||
+ <blockquote>TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";<br />
|
||||
+TLS_CA = "/etc/ssl/certs/freeDiameter_testbed_CA.pem";</blockquote></td></tr>
|
||||
+
|
||||
+
|
||||
+ </table>
|
||||
+ </center>
|
||||
+ <br /><br />
|
||||
<?
|
||||
printFooter();
|
||||
}
|
||||
diff -Nur phpki-0.82/ca/request_cert.php phpki-0.82-fD/ca/request_cert.php
|
||||
--- phpki-0.82/ca/request_cert.php 2007-01-04 14:45:09.000000000 +0900
|
||||
+++ phpki-0.82-fD/ca/request_cert.php 2010-05-27 16:59:16.000000000 +0900
|
||||
@@ -197,6 +197,7 @@
|
||||
|
||||
switch($cert_type) {
|
||||
case 'server':
|
||||
+ case 'freediameter':
|
||||
upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert');
|
||||
break;
|
||||
case 'email':
|
||||
@@ -225,7 +226,7 @@
|
||||
if (! $email) $email = "";
|
||||
if (! $expiry) $expiry = 1;
|
||||
if (! $keysize) $keysize = 1024;
|
||||
- if (! $cert_type) $cert_type = 'email';
|
||||
+ if (! $cert_type) $cert_type = 'freediameter';
|
||||
|
||||
printHeader();
|
||||
?>
|
||||
@@ -302,13 +303,14 @@
|
||||
<td>Certificate Use: </td>
|
||||
<td><select name=cert_type>
|
||||
<?
|
||||
- print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
|
||||
- print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
|
||||
- print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
|
||||
- print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
|
||||
- print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
|
||||
- print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
|
||||
- print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
|
||||
+ print '<option value="email" disabled '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
|
||||
+ print '<option value="email_signing" disabled '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
|
||||
+ print '<option value="server" disabled '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
|
||||
+ print '<option value="freediameter" '.($cert_type=='freediameter'?'selected':'').'>freeDiameter node</option>';
|
||||
+ print '<option value="vpn_client" disabled '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
|
||||
+ print '<option value="vpn_server" disabled '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
|
||||
+ print '<option value="vpn_client_server" disabled '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
|
||||
+ print '<option value="time_stamping" disabled '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
|
||||
?>
|
||||
</select></td>
|
||||
</tr>
|
||||
diff -Nur phpki-0.82/include/openssl_functions.php phpki-0.82-fD/include/openssl_functions.php
|
||||
--- phpki-0.82/include/openssl_functions.php 2007-01-04 15:47:57.000000000 +0900
|
||||
+++ phpki-0.82-fD/include/openssl_functions.php 2010-05-27 16:59:57.000000000 +0900
|
||||
@@ -69,6 +69,13 @@
|
||||
default_days = 365
|
||||
policy = policy_supplied
|
||||
|
||||
+[ freediameter_cert ]
|
||||
+x509_extensions = freediameter_ext
|
||||
+default_days = 730
|
||||
+policy = policy_supplied
|
||||
+
|
||||
+
|
||||
+
|
||||
[ vpn_cert ]
|
||||
x509_extensions = vpn_client_server_ext
|
||||
default_days = 365
|
||||
@@ -152,6 +159,24 @@
|
||||
nsRevocationUrl = ns_revoke_query.php?
|
||||
nsCaPolicyUrl = $config[base_url]policy.html
|
||||
|
||||
+[ freediameter_ext ]
|
||||
+basicConstraints = CA:false
|
||||
+keyUsage = critical, digitalSignature, keyEncipherment
|
||||
+extendedKeyUsage = critical, serverAuth, clientAuth
|
||||
+nsCertType = critical, server, client
|
||||
+subjectKeyIdentifier = hash
|
||||
+authorityKeyIdentifier = keyid:always, issuer:always
|
||||
+subjectAltName = DNS:$common_name,email:copy
|
||||
+issuerAltName = issuer:copy
|
||||
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
|
||||
+nsComment = \"PHPki/OpenSSL Generated Secure Certificate for freeDiameter\"
|
||||
+nsBaseUrl = $config[base_url]
|
||||
+nsRevocationUrl = ns_revoke_query.php?
|
||||
+nsCaPolicyUrl = $config[base_url]policy.html
|
||||
+
|
||||
+
|
||||
+
|
||||
+
|
||||
[ time_stamping_ext ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = critical, nonRepudiation, digitalSignature
|
||||
diff -Nur phpki-0.82/openssl.cnf phpki-0.82-fD/openssl.cnf
|
||||
--- phpki-0.82/openssl.cnf 2006-07-23 00:33:34.000000000 +0900
|
||||
+++ phpki-0.82-fD/openssl.cnf 2010-05-27 17:00:33.000000000 +0900
|
||||
@@ -39,6 +39,11 @@
|
||||
default_days = 365
|
||||
policy = policy_supplied
|
||||
|
||||
+[ freediameter_cert ]
|
||||
+x509_extensions = freediameter_ext
|
||||
+default_days = 730
|
||||
+policy = policy_supplied
|
||||
+
|
||||
[ vpn_cert ]
|
||||
x509_extensions = vpn_client_server_ext
|
||||
default_days = 365
|
||||
@@ -115,6 +120,23 @@
|
||||
nsRevocationUrl = ns_revoke_query.php?
|
||||
nsCaPolicyUrl = http://www.somewhere.com/phpki/policy.html
|
||||
|
||||
+[ freediameter_ext ]
|
||||
+basicConstraints = CA:false
|
||||
+keyUsage = critical, digitalSignature, keyEncipherment
|
||||
+extendedKeyUsage = critical, serverAuth, clientAuth
|
||||
+nsCertType = critical, server, client
|
||||
+subjectKeyIdentifier = hash
|
||||
+authorityKeyIdentifier = keyid:always, issuer:always
|
||||
+subjectAltName = DNS:$common_name,email:copy
|
||||
+issuerAltName = issuer:copy
|
||||
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
|
||||
+nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter"
|
||||
+nsBaseUrl = $config[base_url]
|
||||
+nsRevocationUrl = ns_revoke_query.php?
|
||||
+nsCaPolicyUrl = $config[base_url]policy.html
|
||||
+
|
||||
+
|
||||
+
|
||||
[ vpn_client_ext ]
|
||||
basicConstraints = critical, CA:false
|
||||
keyUsage = critical, digitalSignature
|
||||
diff -Nur phpki-0.82/setup.php phpki-0.82-fD/setup.php
|
||||
--- phpki-0.82/setup.php 2007-07-22 23:34:08.000000000 +0900
|
||||
+++ phpki-0.82-fD/setup.php 2010-05-27 17:01:41.000000000 +0900
|
||||
@@ -339,6 +339,11 @@
|
||||
default_days = 365
|
||||
policy = policy_supplied
|
||||
|
||||
+[ freediameter_cert ]
|
||||
+x509_extensions = freediameter_ext
|
||||
+default_days = 730
|
||||
+policy = policy_supplied
|
||||
+
|
||||
[ vpn_cert ]
|
||||
x509_extensions = vpn_client_server_ext
|
||||
default_days = 365
|
||||
@@ -418,6 +423,22 @@
|
||||
nsRevocationUrl = ns_revoke_query.php?
|
||||
nsCaPolicyUrl = $config[base_url]policy.html
|
||||
|
||||
+[ freediameter_ext ]
|
||||
+basicConstraints = CA:false
|
||||
+keyUsage = critical, digitalSignature, keyEncipherment
|
||||
+extendedKeyUsage = critical, serverAuth, clientAuth
|
||||
+nsCertType = critical, server, client
|
||||
+subjectKeyIdentifier = hash
|
||||
+authorityKeyIdentifier = keyid:always, issuer:always
|
||||
+subjectAltName = DNS:$common_name,email:copy
|
||||
+issuerAltName = issuer:copy
|
||||
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
|
||||
+nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter"
|
||||
+nsBaseUrl = $config[base_url]
|
||||
+nsRevocationUrl = ns_revoke_query.php?
|
||||
+nsCaPolicyUrl = $config[base_url]policy.html
|
||||
+
|
||||
+
|
||||
[ time_stamping_ext ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = critical, nonRepudiation, digitalSignature
|
||||
diff -Nur phpki-0.82/setup.php-presetup phpki-0.82-fD/setup.php-presetup
|
||||
--- phpki-0.82/setup.php-presetup 2007-07-22 23:34:08.000000000 +0900
|
||||
+++ phpki-0.82-fD/setup.php-presetup 2010-05-27 17:01:41.000000000 +0900
|
||||
@@ -339,6 +339,11 @@
|
||||
default_days = 365
|
||||
policy = policy_supplied
|
||||
|
||||
+[ freediameter_cert ]
|
||||
+x509_extensions = freediameter_ext
|
||||
+default_days = 730
|
||||
+policy = policy_supplied
|
||||
+
|
||||
[ vpn_cert ]
|
||||
x509_extensions = vpn_client_server_ext
|
||||
default_days = 365
|
||||
@@ -418,6 +423,22 @@
|
||||
nsRevocationUrl = ns_revoke_query.php?
|
||||
nsCaPolicyUrl = $config[base_url]policy.html
|
||||
|
||||
+[ freediameter_ext ]
|
||||
+basicConstraints = CA:false
|
||||
+keyUsage = critical, digitalSignature, keyEncipherment
|
||||
+extendedKeyUsage = critical, serverAuth, clientAuth
|
||||
+nsCertType = critical, server, client
|
||||
+subjectKeyIdentifier = hash
|
||||
+authorityKeyIdentifier = keyid:always, issuer:always
|
||||
+subjectAltName = DNS:$common_name,email:copy
|
||||
+issuerAltName = issuer:copy
|
||||
+crlDistributionPoints = URI:$config[base_url]index.php?stage=dl_crl
|
||||
+nsComment = "PHPki/OpenSSL Generated Secure Certificate for freeDiameter"
|
||||
+nsBaseUrl = $config[base_url]
|
||||
+nsRevocationUrl = ns_revoke_query.php?
|
||||
+nsCaPolicyUrl = $config[base_url]policy.html
|
||||
+
|
||||
+
|
||||
[ time_stamping_ext ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = critical, nonRepudiation, digitalSignature
|
|
@ -0,0 +1,59 @@
|
|||
This file describes the content of the "contrib" directory.
|
||||
For information about the freeDiameter project, please refer
|
||||
to top-level README file.
|
||||
|
||||
- update_copyright.sh : This script will simply update the copyright information
|
||||
in all source files in the freeDiameter mercurial repository, based
|
||||
on the last modification time. Thought I might share it if other people find
|
||||
it useful for their own project...
|
||||
|
||||
|
||||
- debian : This directory contains the packaging information to create native Debian / Ubuntu
|
||||
packages. It requires debhelper >= 7.3.9 (support for cmake). To use, simply link the
|
||||
debian folder from the main freeDiameter folder, then use your building script as
|
||||
usual ('dh binary' or 'pdebuild' or ...).
|
||||
If you simply intend to use freeDiameter package, the relevant information is located
|
||||
at: http://www.freediameter.net/trac/wiki/DebRepository
|
||||
|
||||
|
||||
- PKI : This directory contains useful material related to establishing a
|
||||
Public Key Infrastructure (PKI) for deploying x509 certificates
|
||||
and use these for TLS authentication of the freeDiameter nodes.
|
||||
|
||||
IMPORTANT: Please note that these solutions are NOT suitable
|
||||
for use in a production environment! It allows easy deployment of
|
||||
certificates for tests, and that is their sole purpose.
|
||||
|
||||
The directory contains:
|
||||
|
||||
- ca_script: a simple Makefile allowing you to generate a self-signed certificate (root)
|
||||
and then issue new certificates and private keys for your users.
|
||||
Run "make" without argument to get the help.
|
||||
|
||||
- ca_script2: An evolution of the previous Makefile. This one allows you
|
||||
to create a hierarchy of CA and certificates.
|
||||
|
||||
- phpki-0.82.patch : This patch is to be applied to PHPki to customize the use for freeDiameter.
|
||||
PHPki (http://sourceforge.net/projects/phpki/) is a PHP-based web interface
|
||||
that provides more or less the same services as ca_script.
|
||||
|
||||
|
||||
- OpenWRT : This directory contains the scripts and documentation related to
|
||||
the integration of freeDiameter RADIUS/Diameter gateway component in the openWRT
|
||||
distribution (http://openwrt.org) -- the goal is to give the access point the
|
||||
ability to "talk" Diameter instead of RADIUS.
|
||||
|
||||
|
||||
- nightly_tests : This directory contains the scripts and documentation for the nightly
|
||||
tests run on freeDiameter. The results are published at the following URL:
|
||||
http://www.freediameter.net/CDash/index.php?project=freeDiameter
|
||||
|
||||
|
||||
- dict_legacy: XML and DTD files for the dict_legacy_xml.fdx extension.
|
||||
|
||||
- dict_dcca: partial implementations of the DCCA dictionary
|
||||
|
||||
- dict_gx: untested implementation of the Gx interface.
|
||||
|
||||
- wireshark: This contains some information on how to use Wireshark to monitor Diameter
|
||||
exchange protected with TLS. It involves patching the wireshark software.
|
|
@ -0,0 +1,6 @@
|
|||
[krum@ThinkPad DelMe]$ cp freeDiameter.spec /home/krum/rpmbuild/SPECS/
|
||||
[krum@ThinkPad DelMe]$ cd /home/krum/rpmbuild/SOURCES/
|
||||
[krum@ThinkPad ~]$ cd /home/krum/rpmbuild/SOURCES/
|
||||
[krum@ThinkPad SOURCES]$ wget http://www.freediameter.net/hg/freeDiameter/archive/1.1.6.tar.gz
|
||||
[krum@ThinkPad SOURCES]$ cd ../SPECS/
|
||||
[krum@ThinkPad SPECS]$ rpmbuild -ba freeDiameter.spec
|
|
@ -0,0 +1,78 @@
|
|||
|
||||
Name: freeDiameter
|
||||
Version: 1.1.6
|
||||
Release: 1%{?dist}
|
||||
Packager: krum.boy4ev@gmail.com
|
||||
Summary: freeDiameter is an implementation of the Diameter protocol.
|
||||
Group: Development/Libraries
|
||||
License: BSD License
|
||||
URL: http://www.freediameter.net
|
||||
Source0: http://www.freediameter.net/hg/freeDiameter/archive/1.1.6.tar.gz
|
||||
|
||||
BuildRequires: cmake make gcc gcc-c++ flex bison lksctp-tools-devel
|
||||
BuildRequires: gnutls-devel libgcrypt-devel libidn-devel
|
||||
BuildRequires: mercurial
|
||||
Requires: lksctp-tools
|
||||
|
||||
%description
|
||||
freeDiameter is an implementation of the Diameter protocol.
|
||||
|
||||
Diameter is a protocol designed to carry Authentication, Authorization and
|
||||
Accounting (AAA) payload. It is an evolution of the RADIUS protocol (as the
|
||||
name suggests).
|
||||
|
||||
See http://www.freediameter.net/ for more information on the project.
|
||||
|
||||
freeDiameter was previously known as the "waaad" project (WIDE AAA Daemon)
|
||||
This project is not related to the "freediameter" project from Sun on sourceforge.
|
||||
|
||||
Author: Sebastien Decugis.
|
||||
|
||||
%package daemon
|
||||
Summary: Simple daemon parses the command line and initializes the freeDiameter framework.
|
||||
Group: Development/Libraries
|
||||
Requires: freeDiameter
|
||||
|
||||
%description daemon
|
||||
freeDiameterd : this simple daemon parses the command line and initializes the
|
||||
freeDiameter framework. Use it for your Diameter server & agent components.
|
||||
In case of Diameter clients, you probably will prefer linking the libfdcore
|
||||
directly with your client application that must be made Diameter-aware.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -qn %{name}-%{version}
|
||||
|
||||
|
||||
%build
|
||||
mkdir -p build
|
||||
cd build
|
||||
cmake ../
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
cd build
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
make test
|
||||
|
||||
%post daemon
|
||||
echo "/usr/local/lib/" > /etc/ld.so.conf.d/%{name}.conf
|
||||
/sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
/usr/local/include/
|
||||
/usr/local/lib/
|
||||
|
||||
%files daemon
|
||||
%defattr(-,root,root,-)
|
||||
/usr/local/bin/
|
||||
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Jul 5 2013 Krum Boychev <krum.boy4ev@gmail.com> - 1.1.6-1
|
||||
- initial version
|
|
@ -0,0 +1,47 @@
|
|||
This folder contains several tools to use and parse the data from the app_acct.fdx extension.
|
||||
|
||||
- database.sql :
|
||||
An example database format for use with the scripts in this folder.
|
||||
|
||||
- app_acct.conf :
|
||||
The part of app_acct.conf that is relevant to this database schema.
|
||||
|
||||
- purge_to_file.php :
|
||||
This PHP script is used to take the records from the incoming table (stored by app_acct.fdx
|
||||
extension) and save these records in a file in SQL format. This is similar to pg_dump
|
||||
command, except that all the records that have been saved in the file are removed from
|
||||
the table. This can be used in cron jobs for example to maintain a reasonable size of
|
||||
the incoming table and move the data to another host for off-line processing. It can
|
||||
also be useful to aggregate the data from different hosts, if you are load-balancing your
|
||||
accounting servers for example (granted that all app_acct.fdx use identical table format
|
||||
on all the servers). See the top of the file for configuration parameters.
|
||||
|
||||
- process_records.php :
|
||||
This PHP script processes the records pertaining to users sessions, as follow:
|
||||
* when a session is complete (STOP record received), it stores a session summary
|
||||
into the processed records table (see process_database.sql file for format).
|
||||
* It optionally archives the processed records into a different table, before deleting them.
|
||||
* It can also move records of unterminated sessions that are older than a configurable time
|
||||
to an orphan_records table, so that they are not re-processed every time.
|
||||
This orphans table must have the same structure as the "incoming" table.
|
||||
|
||||
- display_results.php, display_self.php, display_stats.php :
|
||||
These scripts give a few examples of how to display the processed data.
|
||||
|
||||
USAGE:
|
||||
*) Initial: create your database using database.sql file
|
||||
*) Configure the app_acct.fdx extension using tips from app_acct.conf
|
||||
|
||||
The following processing can be run for example as cron jobs.
|
||||
1) On each accounting server for the realm, configure the app_acct.fdx extension to
|
||||
dump the records in a local database (all servers must use the same database format).
|
||||
The table would typically be "incoming".
|
||||
2) Run the purge_to_file.php script on each server regularly, then move the generated
|
||||
files onto a single server for processing. This server only needs the other tables.
|
||||
3) Add the data from the files into the database in this server by running:
|
||||
psql < file.sql
|
||||
Each file that has been added should then be archived and removed so that it is not
|
||||
re-added later.
|
||||
4) Run the process_records.php script on this processing server. Now, the database
|
||||
contains the aggregated data that can be visualized with display_*.php scripts.
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
|
||||
# This is the configuration for use with the database created by 'database.sql' file.
|
||||
# One should take care of configuring the ConnInfo properly.
|
||||
ConnInfo = "";
|
||||
|
||||
# The table and special fields names:
|
||||
Table = "incoming";
|
||||
Timestamp_field = "recorded_on";
|
||||
Server_name_field = "recorded_serv";
|
||||
|
||||
# The AVPs that are saved in the table:
|
||||
"Origin-Host";
|
||||
"Origin-Realm";
|
||||
"Destination-Realm";
|
||||
"Destination-Host";
|
||||
"Session-Id";
|
||||
"Origin-State-Id";
|
||||
"Accounting-Record-Type";
|
||||
"Accounting-Record-Number";
|
||||
"User-Name";
|
||||
"Event-Timestamp";
|
||||
"Acct-Application-Id";
|
||||
"Accounting-Sub-Session-Id";
|
||||
"Acct-Session-Id";
|
||||
"Acct-Multi-Session-Id";
|
||||
"Origin-AAA-Protocol";
|
||||
"Acct-Delay-Time";
|
||||
"NAS-Identifier";
|
||||
"NAS-IP-Address";
|
||||
"NAS-IPv6-Address";
|
||||
"NAS-Port";
|
||||
"NAS-Port-Id";
|
||||
"NAS-Port-Type";
|
||||
"Service-Type";
|
||||
"Termination-Cause";
|
||||
"Accounting-Input-Octets";
|
||||
"Accounting-Input-Packets";
|
||||
"Accounting-Output-Octets";
|
||||
"Accounting-Output-Packets";
|
||||
"Acct-Authentic";
|
||||
"Acct-Link-Count";
|
||||
"Acct-Session-Time";
|
||||
"Acct-Tunnel-Connection";
|
||||
"Acct-Tunnel-Packets-Lost";
|
||||
"Callback-Id";
|
||||
"Callback-Number";
|
||||
"Called-Station-Id";
|
||||
"Calling-Station-Id";
|
||||
"Connect-Info";
|
||||
"Originating-Line-Info";
|
||||
"Authorization-Lifetime";
|
||||
"Session-Timeout";
|
||||
"Idle-Timeout";
|
||||
"Port-Limit";
|
||||
"Accounting-Realtime-Required";
|
||||
"Acct-Interim-Interval";
|
||||
"Filter-Id";
|
||||
"NAS-Filter-Rule";
|
||||
"QoS-Filter-Rule";
|
||||
"Login-IP-Host";
|
||||
"Login-IPv6-Host";
|
||||
"Login-LAT-Group";
|
||||
"Login-LAT-Node";
|
||||
"Login-LAT-Port";
|
||||
"Login-LAT-Service";
|
||||
"Login-Service";
|
||||
"Login-TCP-Port";
|
||||
"Route-Record" = { multi=5; };
|
|
@ -0,0 +1,227 @@
|
|||
-- database.sql
|
||||
-- Script to create the tables for process_records.php script to perform.
|
||||
-- IMPORTANT NOTE: No constraint and almost no index are created by this script.
|
||||
-- One should consider adding the appropriate indexes according to their utilization of the data.
|
||||
|
||||
-- Incoming table table.
|
||||
-- This table is used by app_acct.fdx to store the Accounting records.
|
||||
CREATE TABLE incoming (
|
||||
"Origin-Host" bytea NOT NULL,
|
||||
"Origin-Realm" bytea NOT NULL,
|
||||
"Destination-Realm" bytea,
|
||||
"Destination-Host" bytea,
|
||||
"Session-Id" bytea NOT NULL,
|
||||
"Origin-State-Id" integer,
|
||||
"Accounting-Record-Type" integer NOT NULL,
|
||||
"Accounting-Record-Number" integer NOT NULL,
|
||||
"User-Name" bytea,
|
||||
"Event-Timestamp" bytea,
|
||||
"Acct-Application-Id" integer,
|
||||
"Accounting-Sub-Session-Id" bigint,
|
||||
"Acct-Session-Id" bytea,
|
||||
"Acct-Multi-Session-Id" bytea,
|
||||
"Origin-AAA-Protocol" integer,
|
||||
"Acct-Delay-Time" integer,
|
||||
"NAS-Identifier" bytea,
|
||||
"NAS-IP-Address" bytea,
|
||||
"NAS-IPv6-Address" bytea,
|
||||
"NAS-Port" integer,
|
||||
"NAS-Port-Id" bytea,
|
||||
"NAS-Port-Type" integer,
|
||||
"Service-Type" integer,
|
||||
"Termination-Cause" integer,
|
||||
"Accounting-Input-Octets" bigint,
|
||||
"Accounting-Input-Packets" bigint,
|
||||
"Accounting-Output-Octets" bigint,
|
||||
"Accounting-Output-Packets" bigint,
|
||||
"Acct-Authentic" integer,
|
||||
"Acct-Link-Count" integer,
|
||||
"Acct-Session-Time" integer,
|
||||
"Acct-Tunnel-Connection" bytea,
|
||||
"Acct-Tunnel-Packets-Lost" integer,
|
||||
"Callback-Id" bytea,
|
||||
"Callback-Number" bytea,
|
||||
"Called-Station-Id" bytea,
|
||||
"Calling-Station-Id" bytea,
|
||||
"Connect-Info" bytea,
|
||||
"Originating-Line-Info" bytea,
|
||||
"Authorization-Lifetime" integer,
|
||||
"Session-Timeout" integer,
|
||||
"Idle-Timeout" integer,
|
||||
"Port-Limit" integer,
|
||||
"Accounting-Realtime-Required" integer,
|
||||
"Acct-Interim-Interval" integer,
|
||||
"Filter-Id" bytea,
|
||||
"NAS-Filter-Rule" bytea,
|
||||
"QoS-Filter-Rule" bytea,
|
||||
"Login-IP-Host" bytea,
|
||||
"Login-IPv6-Host" bytea,
|
||||
"Login-LAT-Group" bytea,
|
||||
"Login-LAT-Node" bytea,
|
||||
"Login-LAT-Port" bytea,
|
||||
"Login-LAT-Service" bytea,
|
||||
"Login-Service" integer,
|
||||
"Login-TCP-Port" integer,
|
||||
"Route-Record1" bytea,
|
||||
"Route-Record2" bytea,
|
||||
"Route-Record3" bytea,
|
||||
"Route-Record4" bytea,
|
||||
"Route-Record5" bytea,
|
||||
"recorded_on" timestamp with time zone NOT NULL,
|
||||
"recorded_serv" bytea
|
||||
);
|
||||
|
||||
|
||||
-- Accounting Data.
|
||||
-- This is is the processed data that is used also by display_results.php
|
||||
CREATE TABLE processed (
|
||||
user_name bytea,
|
||||
user_device bytea,
|
||||
nas_info bytea,
|
||||
sess_start timestamp with time zone,
|
||||
sess_duration interval,
|
||||
downl_bytes bigint,
|
||||
upl_bytes bigint,
|
||||
downl_packets bigint,
|
||||
upl_packets bigint
|
||||
);
|
||||
CREATE INDEX un_index ON processed (user_name);
|
||||
|
||||
|
||||
|
||||
-- Orphans table.
|
||||
-- This is optional, and it must match the structure of your incoming table.
|
||||
CREATE TABLE orphans (
|
||||
"Origin-Host" bytea NOT NULL,
|
||||
"Origin-Realm" bytea NOT NULL,
|
||||
"Destination-Realm" bytea,
|
||||
"Destination-Host" bytea,
|
||||
"Session-Id" bytea NOT NULL,
|
||||
"Origin-State-Id" integer,
|
||||
"Accounting-Record-Type" integer NOT NULL,
|
||||
"Accounting-Record-Number" integer NOT NULL,
|
||||
"User-Name" bytea,
|
||||
"Event-Timestamp" bytea,
|
||||
"Acct-Application-Id" integer,
|
||||
"Accounting-Sub-Session-Id" bigint,
|
||||
"Acct-Session-Id" bytea,
|
||||
"Acct-Multi-Session-Id" bytea,
|
||||
"Origin-AAA-Protocol" integer,
|
||||
"Acct-Delay-Time" integer,
|
||||
"NAS-Identifier" bytea,
|
||||
"NAS-IP-Address" bytea,
|
||||
"NAS-IPv6-Address" bytea,
|
||||
"NAS-Port" integer,
|
||||
"NAS-Port-Id" bytea,
|
||||
"NAS-Port-Type" integer,
|
||||
"Service-Type" integer,
|
||||
"Termination-Cause" integer,
|
||||
"Accounting-Input-Octets" bigint,
|
||||
"Accounting-Input-Packets" bigint,
|
||||
"Accounting-Output-Octets" bigint,
|
||||
"Accounting-Output-Packets" bigint,
|
||||
"Acct-Authentic" integer,
|
||||
"Acct-Link-Count" integer,
|
||||
"Acct-Session-Time" integer,
|
||||
"Acct-Tunnel-Connection" bytea,
|
||||
"Acct-Tunnel-Packets-Lost" integer,
|
||||
"Callback-Id" bytea,
|
||||
"Callback-Number" bytea,
|
||||
"Called-Station-Id" bytea,
|
||||
"Calling-Station-Id" bytea,
|
||||
"Connect-Info" bytea,
|
||||
"Originating-Line-Info" bytea,
|
||||
"Authorization-Lifetime" integer,
|
||||
"Session-Timeout" integer,
|
||||
"Idle-Timeout" integer,
|
||||
"Port-Limit" integer,
|
||||
"Accounting-Realtime-Required" integer,
|
||||
"Acct-Interim-Interval" integer,
|
||||
"Filter-Id" bytea,
|
||||
"NAS-Filter-Rule" bytea,
|
||||
"QoS-Filter-Rule" bytea,
|
||||
"Login-IP-Host" bytea,
|
||||
"Login-IPv6-Host" bytea,
|
||||
"Login-LAT-Group" bytea,
|
||||
"Login-LAT-Node" bytea,
|
||||
"Login-LAT-Port" bytea,
|
||||
"Login-LAT-Service" bytea,
|
||||
"Login-Service" integer,
|
||||
"Login-TCP-Port" integer,
|
||||
"Route-Record1" bytea,
|
||||
"Route-Record2" bytea,
|
||||
"Route-Record3" bytea,
|
||||
"Route-Record4" bytea,
|
||||
"Route-Record5" bytea,
|
||||
"recorded_on" timestamp with time zone NOT NULL,
|
||||
"recorded_serv" bytea
|
||||
);
|
||||
|
||||
-- Archives table.
|
||||
-- This is also optional, and it must match the structure of your incoming table.
|
||||
CREATE TABLE archived (
|
||||
"Origin-Host" bytea NOT NULL,
|
||||
"Origin-Realm" bytea NOT NULL,
|
||||
"Destination-Realm" bytea,
|
||||
"Destination-Host" bytea,
|
||||
"Session-Id" bytea NOT NULL,
|
||||
"Origin-State-Id" integer,
|
||||
"Accounting-Record-Type" integer NOT NULL,
|
||||
"Accounting-Record-Number" integer NOT NULL,
|
||||
"User-Name" bytea,
|
||||
"Event-Timestamp" bytea,
|
||||
"Acct-Application-Id" integer,
|
||||
"Accounting-Sub-Session-Id" bigint,
|
||||
"Acct-Session-Id" bytea,
|
||||
"Acct-Multi-Session-Id" bytea,
|
||||
"Origin-AAA-Protocol" integer,
|
||||
"Acct-Delay-Time" integer,
|
||||
"NAS-Identifier" bytea,
|
||||
"NAS-IP-Address" bytea,
|
||||
"NAS-IPv6-Address" bytea,
|
||||
"NAS-Port" integer,
|
||||
"NAS-Port-Id" bytea,
|
||||
"NAS-Port-Type" integer,
|
||||
"Service-Type" integer,
|
||||
"Termination-Cause" integer,
|
||||
"Accounting-Input-Octets" bigint,
|
||||
"Accounting-Input-Packets" bigint,
|
||||
"Accounting-Output-Octets" bigint,
|
||||
"Accounting-Output-Packets" bigint,
|
||||
"Acct-Authentic" integer,
|
||||
"Acct-Link-Count" integer,
|
||||
"Acct-Session-Time" integer,
|
||||
"Acct-Tunnel-Connection" bytea,
|
||||
"Acct-Tunnel-Packets-Lost" integer,
|
||||
"Callback-Id" bytea,
|
||||
"Callback-Number" bytea,
|
||||
"Called-Station-Id" bytea,
|
||||
"Calling-Station-Id" bytea,
|
||||
"Connect-Info" bytea,
|
||||
"Originating-Line-Info" bytea,
|
||||
"Authorization-Lifetime" integer,
|
||||
"Session-Timeout" integer,
|
||||
"Idle-Timeout" integer,
|
||||
"Port-Limit" integer,
|
||||
"Accounting-Realtime-Required" integer,
|
||||
"Acct-Interim-Interval" integer,
|
||||
"Filter-Id" bytea,
|
||||
"NAS-Filter-Rule" bytea,
|
||||
"QoS-Filter-Rule" bytea,
|
||||
"Login-IP-Host" bytea,
|
||||
"Login-IPv6-Host" bytea,
|
||||
"Login-LAT-Group" bytea,
|
||||
"Login-LAT-Node" bytea,
|
||||
"Login-LAT-Port" bytea,
|
||||
"Login-LAT-Service" bytea,
|
||||
"Login-Service" integer,
|
||||
"Login-TCP-Port" integer,
|
||||
"Route-Record1" bytea,
|
||||
"Route-Record2" bytea,
|
||||
"Route-Record3" bytea,
|
||||
"Route-Record4" bytea,
|
||||
"Route-Record5" bytea,
|
||||
"recorded_on" timestamp with time zone NOT NULL,
|
||||
"recorded_serv" bytea
|
||||
);
|
||||
|
|
@ -0,0 +1,141 @@
|
|||
<?php
|
||||
|
||||
# The copyright of this file is the same as the freeDiameter project. Licence is BSD.
|
||||
|
||||
# This file should no be called directly;
|
||||
# instead it should be included from another script that sets its parameters as described below.
|
||||
|
||||
## $USERS
|
||||
# An array of the user names to display; the empty array will display all users.
|
||||
# This parameter MUST be set.
|
||||
if (!isset($USERS))
|
||||
die('Do not call this file directly');
|
||||
|
||||
## $START_TIME:
|
||||
# If set, this restricts the displayed data to sessions starting after $START
|
||||
|
||||
## $END_TIME:
|
||||
# If set, this restricts the displayed data to sessions starting before $END
|
||||
|
||||
## $LIMIT:
|
||||
## $LIMIT_OFFSET:
|
||||
# If set, these limit the number of accounting records displayed (for pagination purpose)
|
||||
|
||||
#------------------------------------------------------------------------------------------
|
||||
# DATABASE:
|
||||
|
||||
/* The Connection String used to access that database:
|
||||
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
|
||||
$CONNSTR="";
|
||||
|
||||
/* The name of the table containing the processed data (from process_records.php script) */
|
||||
$PROCESSED="processed";
|
||||
|
||||
#------------------------------------------------------------------------------------------
|
||||
|
||||
|
||||
/* Connect to the database */
|
||||
$dbconn = pg_connect($CONNSTR)
|
||||
or die('Could not connect: ' . pg_last_error() . "\n");
|
||||
|
||||
/* Function to format download size (from php.net) */
|
||||
function human_readable( $size )
|
||||
{
|
||||
$count = 0;
|
||||
$format = array("B","KB","MB","GB","TB","PB","EB","ZB","YB");
|
||||
while(($size/1024)>1 && $count<8)
|
||||
{
|
||||
$size=$size/1024;
|
||||
$count++;
|
||||
}
|
||||
if( $size >= 100 ) $decimals = 0;
|
||||
elseif ($size >= 10 ) $decimals = 1;
|
||||
else $decimals = 2;
|
||||
$return = number_format($size,$decimals,'.',' ')." ".$format[$count];
|
||||
return $return;
|
||||
}
|
||||
|
||||
/* Build the SQL query */
|
||||
$sql = 'SELECT *, to_char(sess_start, \'YYYY-MM-DD HH24:MI:SS (TZ)\') as fmt_sess_start FROM "'.$PROCESSED.'"';
|
||||
$where=0;
|
||||
if ($USERS) {
|
||||
$USERS = array_map(pg_escape_bytea, $USERS);
|
||||
$sql .= " WHERE user_name IN ('". join("', '", array_values($USERS))."') ";
|
||||
$where = 1;
|
||||
}
|
||||
|
||||
if ($START_TIME) {
|
||||
$START_TIME = pg_escape_string($START_TIME);
|
||||
if ($where++)
|
||||
$sql .= " AND ";
|
||||
else
|
||||
$sql .= " WHERE ";
|
||||
$sql .= "sess_start >= '".$START_TIME."'";
|
||||
}
|
||||
if ($END_TIME) {
|
||||
$END_TIME = pg_escape_string($END_TIME);
|
||||
if ($where++)
|
||||
$sql .= " AND ";
|
||||
else
|
||||
$sql .= " WHERE ";
|
||||
$sql .= "sess_start <= '".$END_TIME."'";
|
||||
}
|
||||
|
||||
$sql .= " ORDER BY sess_start, sess_duration";
|
||||
|
||||
if ($LIMIT)
|
||||
$sql .= " LIMIT $LIMIT";
|
||||
if ($LIMIT_OFFSET)
|
||||
$sql .= " OFFSET $LIMIT_OFFSET";
|
||||
|
||||
/* Execute the query */
|
||||
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
$recs = pg_num_rows($result);
|
||||
if ($recs == 0) {
|
||||
echo "<p><em>Sorry, no data is available in this selection.</em></p>\n";
|
||||
} else {
|
||||
echo "<p><strong>$recs</strong> records found.</p>\n";
|
||||
?>
|
||||
<table>
|
||||
<tr>
|
||||
<th>Device identifier</th>
|
||||
<th>Access Device information</th>
|
||||
<th>Session started on</th>
|
||||
<th>Duration</th>
|
||||
<th>Downloaded</th>
|
||||
<th>Uploaded</th>
|
||||
</tr>
|
||||
<?php
|
||||
while ($record = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
echo " <tr title='".htmlentities(pg_unescape_bytea($record["user_name"]))."'>\n";
|
||||
echo " <td>";
|
||||
echo htmlentities(pg_unescape_bytea($record["user_device"]));
|
||||
echo "</td>\n";
|
||||
echo " <td>";
|
||||
echo htmlentities(pg_unescape_bytea($record["nas_info"]));
|
||||
echo "</td>\n";
|
||||
echo " <td>";
|
||||
echo $record["fmt_sess_start"];
|
||||
echo "</td>\n";
|
||||
echo " <td>";
|
||||
echo htmlentities($record["sess_duration"]);
|
||||
echo "</td>\n";
|
||||
echo " <td>";
|
||||
echo human_readable( $record["downl_bytes"] )." (".$record["downl_packets"]."pckts)";
|
||||
echo "</td>\n";
|
||||
echo " <td>";
|
||||
echo human_readable( $record["upl_bytes"] )." (".$record["upl_packets"]."pckts)";
|
||||
echo "</td>\n";
|
||||
echo " </tr>\n";
|
||||
|
||||
}
|
||||
}
|
||||
pg_free_result($result);
|
||||
|
||||
|
||||
/* Closing connection */
|
||||
pg_close($dbconn);
|
||||
|
||||
|
||||
|
||||
?>
|
|
@ -0,0 +1,139 @@
|
|||
<?php
|
||||
|
||||
# This file is an example wrapper around display_results.php.
|
||||
|
||||
# It relies on clients authentication based on certificate usage
|
||||
# (it must be the same certificate as used during AAA access, so that the User-Name matches).
|
||||
# See your web server documentation for details.
|
||||
# Example for apache2:
|
||||
# (+ detail in http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#allclients )
|
||||
# - in vhost definition file, refence the CA chain of your users certificates:
|
||||
# SSLCACertificateFile /var/www/conf/ssl.crt/ca.crt
|
||||
# - in vhost file or .htaccess file (adjust Depth to your setup):
|
||||
# <IfModule mod_ssl.c>
|
||||
# SSLVerifyClient require
|
||||
# SSLVerifyDepth 2
|
||||
# </IfModule>
|
||||
|
||||
/* Check the client is correctly SSL authenticated with his server */
|
||||
if (!isset($_SERVER["SSL_CLIENT_VERIFY"]) || $_SERVER["SSL_CLIENT_VERIFY"] != "SUCCESS")
|
||||
die("SSL authentication failed, the webserver is probably not configured correctly.\n");
|
||||
|
||||
/* Force some parameters to integer values */
|
||||
if ($_GET["t_limit"])
|
||||
$_GET["t_limit"] = (int) $_GET["t_limit"];
|
||||
if ($_GET["t_offset"])
|
||||
$_GET["t_offset"] = (int) $_GET["t_offset"];
|
||||
|
||||
/* Default form values */
|
||||
if (!isset($_GET["Submit"])) {
|
||||
$_GET["t_limit"] = 50;
|
||||
$_GET["c_limit"] = 1;
|
||||
$_GET["t_offset"] = 0;
|
||||
}
|
||||
|
||||
/* Output the form */
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html lang="en-US">
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
|
||||
<title>Accounting Data</title>
|
||||
<meta name="description" content="This page gives you access to your personal accounting data.">
|
||||
<meta name="keywords" content="accounting">
|
||||
|
||||
<style type="text/css">
|
||||
body { text-align:center; }
|
||||
table { border-collapse:collapse; margin-left:auto; margin-right:auto; }
|
||||
table, td, th { border:1px solid green; padding-left:.5em; padding-right:.5em;}
|
||||
th { background-color:green; color:white; }
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body >
|
||||
<h1>Accounting data</h1>
|
||||
<p>Note well: this page displays only data about <em>terminated</em> sessions.</p>
|
||||
<form method="GET">
|
||||
<table>
|
||||
<tr>
|
||||
<th colspan="3">
|
||||
Filtering parameters
|
||||
</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="checkbox" name="c_starttime"<?php if (isset($_GET["c_starttime"])) echo " checked"; ?>></td>
|
||||
<td>Show only sessions starting from (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">YYYY-MM-DD HH:MM:SS</a>):</td>
|
||||
<td><input type="text" name="t_starttime"<?php if (isset($_GET["t_starttime"])) echo 'value="'.$_GET["t_starttime"].'"'; ?>></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="checkbox" name="c_endtime"<?php if (isset($_GET["c_endtime"])) echo " checked"; ?>></td>
|
||||
<td>Show only sessions starting until (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">YYYY-MM-DD HH:MM:SS</a>):</td>
|
||||
<td><input type="text" name="t_endtime"<?php if (isset($_GET["t_endtime"])) echo 'value="'.$_GET["t_endtime"].'"'; ?>></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="checkbox" name="c_limit"<?php if (isset($_GET["c_limit"])) echo " checked"; ?>></td>
|
||||
<td>Show only this number of records:</td>
|
||||
<td><input type="text" name="t_limit"<?php if (isset($_GET["t_limit"])) echo 'value="'.$_GET["t_limit"].'"'; ?>></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="checkbox" name="c_offset"<?php if (isset($_GET["c_offset"])) echo " checked"; ?>></td>
|
||||
<td>Starting from record:</td>
|
||||
<td><input type="text" name="t_offset"<?php if (isset($_GET["t_offset"])) echo 'value="'.$_GET["t_offset"].'"'; ?>></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="3">
|
||||
Apply this filter: <input type="submit" name="Submit">
|
||||
</th>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
|
||||
<p>
|
||||
Currently displaying user <em><?php echo htmlentities($_SERVER["SSL_CLIENT_S_DN_CN"]); ?></em><?php
|
||||
|
||||
/* Search user by CN or Email since some OS use the later during EAP-TLS authentication */
|
||||
$USERS = array($_SERVER["SSL_CLIENT_S_DN_CN"], $_SERVER["SSL_CLIENT_S_DN_Email"]);
|
||||
|
||||
/* If the start time boundary was specified... */
|
||||
if ($_GET["c_starttime"] && $_GET["t_starttime"]) {
|
||||
$START_TIME=$_GET["t_starttime"];
|
||||
}
|
||||
if ($_GET["c_endtime"] && $_GET["t_endtime"]) {
|
||||
$END_TIME=$_GET["t_endtime"];
|
||||
}
|
||||
|
||||
/* idem with end time */
|
||||
if ($START_TIME && $END_TIME) {
|
||||
echo ", sessions starting between $START_TIME and $END_TIME";
|
||||
} elseif ($START_TIME) {
|
||||
echo ", sessions starting after $START_TIME";
|
||||
} elseif ($END_TIME) {
|
||||
echo ", sessions starting before $END_TIME";
|
||||
}
|
||||
|
||||
/* Pagination */
|
||||
if ($_GET["c_limit"] && $_GET["t_limit"]) {
|
||||
$LIMIT=$_GET["t_limit"];
|
||||
}
|
||||
if ($_GET["c_offset"] && $_GET["t_offset"]) {
|
||||
$LIMIT_OFFSET=$_GET["t_offset"];
|
||||
}
|
||||
if ($LIMIT) {
|
||||
echo ", limited to ".$LIMIT." records";
|
||||
if ($LIMIT_OFFSET)
|
||||
echo " starting at ".$LIMIT_OFFSET;
|
||||
} else if ($LIMIT_OFFSET) {
|
||||
echo " starting at record ".$LIMIT_OFFSET;
|
||||
}
|
||||
echo ".\n";
|
||||
?>
|
||||
</p>
|
||||
|
||||
<?php
|
||||
/* This file will generate the array of data matching the selection */
|
||||
require("display_results.php");
|
||||
|
||||
?>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,269 @@
|
|||
<?php
|
||||
|
||||
# The copyright of this file is the same as the freeDiameter project. Licence is BSD.
|
||||
|
||||
#------------------------------------------------------------------------------------------
|
||||
# DATABASE:
|
||||
|
||||
/* The Connection String used to access that database:
|
||||
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
|
||||
$CONNSTR="";
|
||||
|
||||
/* The name of the table containing the processed data (from process_records.php script) */
|
||||
$PROCESSED="processed";
|
||||
|
||||
#------------------------------------------------------------------------------------------
|
||||
|
||||
?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html lang="en-US">
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
|
||||
<title>Accounting Data</title>
|
||||
<meta name="description" content="This page gives you access to your personal accounting data.">
|
||||
<meta name="keywords" content="accounting">
|
||||
|
||||
<style type="text/css">
|
||||
body { text-align:center; }
|
||||
table.colored { border-collapse:collapse; margin-left:auto; margin-right:auto; }
|
||||
table.colored td, table.colored th { border:1px solid green; padding-left:.5em; padding-right:.5em;}
|
||||
.colored th { background-color:green; color:white; }
|
||||
hr { width:15px; margin-top:2em;margin-bottom:2em; }
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body >
|
||||
<h1>Statistical accounting data</h1>
|
||||
<form method="GET">
|
||||
<table class="colored">
|
||||
<tr>
|
||||
<th colspan="3">
|
||||
Filtering options
|
||||
</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="checkbox" name="c_starttime"<?php if (isset($_GET["c_starttime"])) echo " checked"; ?>></td>
|
||||
<td>Limit to sessions starting from (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">hint</a>):</td>
|
||||
<td><input type="text" title="YYYY-MM-DD HH:MM:SS" name="t_starttime"<?php if (isset($_GET["t_starttime"])) echo 'value="'.$_GET["t_starttime"].'"'; ?>></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><input type="checkbox" name="c_endtime"<?php if (isset($_GET["c_endtime"])) echo " checked"; ?>></td>
|
||||
<td>Limit to sessions starting until (<a href="http://www.postgresql.org/docs/8.4/static/datatype-datetime.html">hint</a>):</td>
|
||||
<td><input type="text" title="YYYY-MM-DD HH:MM:SS" name="t_endtime"<?php if (isset($_GET["t_endtime"])) echo 'value="'.$_GET["t_endtime"].'"'; ?>></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th colspan="3">
|
||||
Apply this filter: <input type="submit" name="Submit">
|
||||
</th>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<p>Note well: this page displays only data about <em>terminated</em> sessions.</p>
|
||||
<?php
|
||||
|
||||
/* Connect to the database */
|
||||
$dbconn = pg_connect($CONNSTR)
|
||||
or die('Could not connect: ' . pg_last_error() . "\n");
|
||||
|
||||
if ($_GET["c_starttime"] && $_GET["t_starttime"]) {
|
||||
$START_TIME=$_GET["t_starttime"];
|
||||
}
|
||||
if ($_GET["c_endtime"] && $_GET["t_endtime"]) {
|
||||
$END_TIME=$_GET["t_endtime"];
|
||||
}
|
||||
$sql_cond="";
|
||||
if ($START_TIME) {
|
||||
$sql_cond = "sess_start >= '".pg_escape_string($START_TIME)."'";
|
||||
}
|
||||
if ($END_TIME) {
|
||||
if ($sql_cond)
|
||||
$sql_cond .= " AND ";
|
||||
$sql_cond .= "sess_start =< '".pg_escape_string($END_TIME)."'";
|
||||
}
|
||||
|
||||
|
||||
/* Function to format download size (from php.net) */
|
||||
function human_readable( $size )
|
||||
{
|
||||
$count = 0;
|
||||
$format = array("B","KB","MB","GB","TB","PB","EB","ZB","YB");
|
||||
while(($size/1024)>1 && $count<8)
|
||||
{
|
||||
$size=$size/1024;
|
||||
$count++;
|
||||
}
|
||||
if( $size >= 100 ) $decimals = 0;
|
||||
elseif ($size >= 10 ) $decimals = 1;
|
||||
else $decimals = 2;
|
||||
$return = number_format($size,$decimals,'.',' ')." ".$format[$count];
|
||||
return $return;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
<hr />
|
||||
|
||||
<?php
|
||||
|
||||
/* First query: global data */
|
||||
$sql = 'SELECT SUM(downl_bytes) as total_down, SUM(upl_bytes) as total_up,';
|
||||
$sql .= ' to_char(min(sess_start), \'YYYY-MM-DD HH24:MI:SS TZ\') as first_sess,';
|
||||
$sql .= ' to_char(max(sess_start), \'YYYY-MM-DD HH24:MI:SS TZ\') as last_sess,';
|
||||
$sql .= ' count(distinct user_name) as nb_users,';
|
||||
$sql .= ' count(distinct nas_info) as nb_ap';
|
||||
$sql .= ' FROM "'.$PROCESSED.'"';
|
||||
if ($sql_cond)
|
||||
$sql .= ' WHERE '.$sql_cond;
|
||||
|
||||
/* Execute the query */
|
||||
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
if (pg_num_rows($result) == 0) {
|
||||
echo "<p><em>No data is available in the selected period.</em></p>\n";
|
||||
die("</body></html>\n");
|
||||
}
|
||||
|
||||
$data = pg_fetch_array($result, null, PGSQL_ASSOC);
|
||||
?>
|
||||
<table class="colored">
|
||||
<tr>
|
||||
<th colspan="2">Total accounted data</th>
|
||||
</tr>
|
||||
<?php
|
||||
echo " <tr><td>First session started:</td><td>".$data["first_sess"]."</td></tr>\n";
|
||||
echo " <tr><td>Last session started:</td><td>".$data["last_sess"]."</td></tr>\n";
|
||||
echo " <tr><td>Total data downloaded:</td><td><strong>".human_readable($data["total_down"])."</strong></td></tr>\n";
|
||||
echo " <tr><td>Total data uploaded:</td><td><strong>".human_readable($data["total_up"])."</strong></td></tr>\n";
|
||||
echo " <tr><td>Number of users who connected at least once:</td><td>".$data["nb_users"]."</td></tr>\n";
|
||||
echo " <tr><td>Number of access points involved:</td><td>".$data["nb_ap"]."</td></tr>\n";
|
||||
echo " </tr>\n";
|
||||
echo " </table>\n";
|
||||
|
||||
pg_free_result($result);
|
||||
|
||||
?>
|
||||
|
||||
<hr />
|
||||
|
||||
<table class="colored">
|
||||
<tr>
|
||||
<th colspan="2">Top-5 <strong>downloading</strong> users</th>
|
||||
</tr>
|
||||
<?php
|
||||
|
||||
/* Now, get the top 5 downloaders */
|
||||
$sql = 'SELECT SUM(downl_bytes) as total_down, user_name';
|
||||
$sql .= ' FROM "'.$PROCESSED.'"';
|
||||
if ($sql_cond)
|
||||
$sql .= ' WHERE '.$sql_cond;
|
||||
$sql .= ' GROUP BY user_name';
|
||||
$sql .= ' ORDER BY total_down desc, user_name';
|
||||
$sql .= ' LIMIT 5';
|
||||
|
||||
/* Execute the query */
|
||||
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
echo " <tr>\n";
|
||||
echo " <td>".htmlentities(pg_unescape_bytea($data["user_name"]))."</td>\n";
|
||||
echo " <td>".human_readable($data["total_down"])."</td>\n";
|
||||
echo " </tr>\n";
|
||||
}
|
||||
pg_free_result($result);
|
||||
?>
|
||||
</table>
|
||||
|
||||
<hr />
|
||||
|
||||
<table class="colored">
|
||||
<tr>
|
||||
<th colspan="2">Top-5 <strong>uploading</strong> users</th>
|
||||
</tr>
|
||||
<?php
|
||||
|
||||
/* Now, get the top 5 downloaders */
|
||||
$sql = 'SELECT SUM(upl_bytes) as total_up, user_name';
|
||||
$sql .= ' FROM "'.$PROCESSED.'"';
|
||||
if ($sql_cond)
|
||||
$sql .= ' WHERE '.$sql_cond;
|
||||
$sql .= ' GROUP BY user_name';
|
||||
$sql .= ' ORDER BY total_up desc, user_name';
|
||||
$sql .= ' LIMIT 5';
|
||||
|
||||
/* Execute the query */
|
||||
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
echo " <tr>\n";
|
||||
echo " <td>".htmlentities(pg_unescape_bytea($data["user_name"]))."</td>\n";
|
||||
echo " <td>".human_readable($data["total_up"])."</td>\n";
|
||||
echo " </tr>\n";
|
||||
}
|
||||
pg_free_result($result);
|
||||
?>
|
||||
</table>
|
||||
|
||||
<hr />
|
||||
|
||||
<table class="colored">
|
||||
<tr>
|
||||
<th colspan="2">Top-8 access devices (by number of users)</th>
|
||||
</tr>
|
||||
<?php
|
||||
|
||||
/* Now, get the top 5 downloaders */
|
||||
$sql = 'SELECT count(distinct user_name) as unc, nas_info';
|
||||
$sql .= ' FROM "'.$PROCESSED.'"';
|
||||
if ($sql_cond)
|
||||
$sql .= ' WHERE '.$sql_cond;
|
||||
$sql .= ' GROUP BY nas_info';
|
||||
$sql .= ' ORDER BY unc desc, nas_info';
|
||||
$sql .= ' LIMIT 8';
|
||||
|
||||
/* Execute the query */
|
||||
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
echo " <tr>\n";
|
||||
echo " <td>".htmlentities(pg_unescape_bytea($data["nas_info"]))."</td>\n";
|
||||
echo " <td>".$data["unc"]."</td>\n";
|
||||
echo " </tr>\n";
|
||||
}
|
||||
pg_free_result($result);
|
||||
?>
|
||||
</table>
|
||||
|
||||
<hr />
|
||||
|
||||
<table class="colored">
|
||||
<tr>
|
||||
<th colspan="2">Top-8 access devices (by traffic: up+down)</th>
|
||||
</tr>
|
||||
<?php
|
||||
|
||||
/* Now, get the top 5 downloaders */
|
||||
$sql = 'SELECT SUM(upl_bytes) + SUM(downl_bytes) as traffic, nas_info';
|
||||
$sql .= ' FROM "'.$PROCESSED.'"';
|
||||
if ($sql_cond)
|
||||
$sql .= ' WHERE '.$sql_cond;
|
||||
$sql .= ' GROUP BY nas_info';
|
||||
$sql .= ' ORDER BY traffic desc, nas_info';
|
||||
$sql .= ' LIMIT 8';
|
||||
|
||||
/* Execute the query */
|
||||
$result = pg_query($dbconn, $sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
while ($data = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
echo " <tr>\n";
|
||||
echo " <td>".htmlentities(pg_unescape_bytea($data["nas_info"]))."</td>\n";
|
||||
echo " <td>".human_readable($data["traffic"])."</td>\n";
|
||||
echo " </tr>\n";
|
||||
}
|
||||
pg_free_result($result);
|
||||
?>
|
||||
</table>
|
||||
|
||||
<hr />
|
||||
<?php
|
||||
/* Closing connection */
|
||||
pg_close($dbconn);
|
||||
?>
|
||||
<p><small>Data generated by scripts from the <a href="http://www.freediameter.net">freeDiameter</a> project.</small></p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,205 @@
|
|||
<?php
|
||||
# This file may be called either from CLI or web PHP installation.
|
||||
# The copyright is the same as the freeDiameter project. Licence is BSD.
|
||||
|
||||
# IMPORTANT: This script is highly experimental, PLEASE KEEP A COPY OF YOUR ACCOUNTING DATA
|
||||
# if this data has any importance.
|
||||
|
||||
/*-------------------------------------------------------*/
|
||||
|
||||
/* This script supports only one database where all tables are kept.
|
||||
The Connection String used to access that database:
|
||||
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
|
||||
$CONNSTR="";
|
||||
|
||||
|
||||
/**** 1 : Incoming records (output of app_acct.fdx) ****/
|
||||
/* The name of the table were the raw records are saved (from app_acct.conf) */
|
||||
$INCOMING="incoming";
|
||||
|
||||
/* Note: For this script, this table MUST contain the following fields (with these names):
|
||||
Session-Id, User-Name, Accounting-Record-Type, Accounting-Record-Number, Acct-Session-Id,
|
||||
Accounting-{In,Out}put-{Octets,Packets},
|
||||
NAS-Identifier, Called-Station-Id, Calling-Station-Id, recorded_on.
|
||||
*/
|
||||
|
||||
|
||||
/**** 2 : Processed records (output of this script, input for display_results.php) ****/
|
||||
/* The name of the table */
|
||||
$PROCESSED="processed";
|
||||
|
||||
/* See process_database.sql for command to create this database */
|
||||
|
||||
/**** 3 : Orphan records (optional) ****/
|
||||
/* The script can move records belonging to an unterminated session that has not received any new
|
||||
record for more than $ORPHAN_DELAY (based on recorded_on field) into an $ORPHANED_TABLE table, so that
|
||||
these records are not re-processed everytime the script runs.
|
||||
If $ORPHANED_TABLE is empty, this feature is disabled. */
|
||||
$ORPHANED_TABLE="orphans";
|
||||
$ORPHAN_DELAY = "2 days";
|
||||
|
||||
|
||||
/**** 4 : Archived records (optional) ****/
|
||||
/* When data has been processed successfully, the records can be saved into an archive table before being deleted. */
|
||||
/* This table also must have the same structure as $INCOMING */
|
||||
$ARCHIVES_TABLE="archived";
|
||||
|
||||
/*-------------------------------------------------------*/
|
||||
|
||||
/* Connect to the database */
|
||||
$dbconn = pg_connect($CONNSTR)
|
||||
or die('Could not connect: ' . pg_last_error() . "\n");
|
||||
|
||||
/* Handle orphans first */
|
||||
if ($ORPHANED_TABLE) {
|
||||
$orphans_sql = 'SELECT * FROM "'.$INCOMING.'" ';
|
||||
$orphans_sql.= 'WHERE "Acct-Session-Id" IN (';
|
||||
$orphans_sql.= ' SELECT data.asid ';
|
||||
$orphans_sql.= ' FROM (';
|
||||
$orphans_sql.= ' SELECT "Acct-Session-Id" as asid, MAX("recorded_on") as latest, bool_or("Accounting-Record-Type" = 2) as got_start, bool_or("Accounting-Record-Type" = 4) as got_stop ';
|
||||
$orphans_sql.= ' FROM "'.$INCOMING.'"';
|
||||
$orphans_sql.= ' GROUP BY "Acct-Session-Id") ';
|
||||
$orphans_sql.= ' as data';
|
||||
$orphans_sql.= ' WHERE data.latest < current_timestamp - interval \''. $ORPHAN_DELAY .'\' AND NOT ( got_start AND got_stop )';
|
||||
$orphans_sql.= ');';
|
||||
|
||||
/* Execute, move the orphaned records to the appropriate table. */
|
||||
$result = pg_query($dbconn, $orphans_sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
if (pg_num_rows($result) > 0) {
|
||||
$i = 0;
|
||||
while ($orphan = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
$i++;
|
||||
|
||||
// this doesn't work: pg_insert( $dbconn, $ORPHANED_TABLE, $orphan ) or die('Insert failed: ' . pg_last_error() . "\n");
|
||||
$sql = "INSERT INTO \"$ORPHANED_TABLE\" ";
|
||||
$sql .= '("';
|
||||
$sql .= join('", "', array_keys($orphan));
|
||||
$sql .= '") VALUES (';
|
||||
for($c = 0; $c < count($orphan); $c++)
|
||||
$sql .= ($c ? ', ' : '').'$'.($c+1);
|
||||
$sql .= ')';
|
||||
pg_query_params($dbconn, $sql, array_values($orphan)) or die('Insert failed: ' . pg_last_error() . "\n");
|
||||
|
||||
// This also doesn't work: pg_delete( $dbconn, $INCOMING, $orphan ) or die('Removing orphan failed: ' . pg_last_error() . "\n");
|
||||
$sql = "DELETE FROM \"$INCOMING\" WHERE ";
|
||||
$sql .= '"Acct-Session-Id" = $1 AND "recorded_on" = $2';
|
||||
pg_query_params($dbconn, $sql, array($orphan["Acct-Session-Id"], $orphan["recorded_on"])) or die('Removing orphan failed: ' . pg_last_error() . "\n");
|
||||
}
|
||||
echo $i." orphans have been moved to '".$ORPHANED_TABLE."'\n";
|
||||
}
|
||||
pg_free_result($result);
|
||||
}
|
||||
|
||||
/* Delete duplicate records (which might have been received by different servers on different time, but are identical otherwise */
|
||||
$duplicate_sql = ' SELECT * FROM (SELECT count(*) as cnt, min("recorded_on") as first, "Session-Id", "Acct-Session-Id", "Accounting-Record-Type", "Accounting-Record-Number"';
|
||||
$duplicate_sql .= ' FROM "'.$INCOMING.'" GROUP BY "Session-Id", "Acct-Session-Id", "Accounting-Record-Type", "Accounting-Record-Number") as qry WHERE qry.cnt > 1';
|
||||
$result = pg_query($dbconn, $orphans_sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
if (pg_num_rows($result) > 0) {
|
||||
/* We have some duplicates to delete */
|
||||
$i=0;
|
||||
while ($dup = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
$i++;
|
||||
$sql = "DELETE FROM \"$INCOMING\" WHERE ";
|
||||
$sql .= '"Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = $3 AND "Accounting-Record-Number" = $4 AND "recorded_on" <> $5';
|
||||
$params = array($dup["Session-Id"], $dup["Acct-Session-Id"], $dup["Accounting-Record-Type"], $dup["Accounting-Record-Number"], $dup["first"]);
|
||||
pg_query_params($dbconn, $sql, $params) or die('Removing duplicates failed: ' . pg_last_error() . "\n");
|
||||
}
|
||||
echo $i." duplicate records have been deleted from '".$INCOMING."'\n";
|
||||
}
|
||||
pg_free_result($result);
|
||||
|
||||
|
||||
/* Now, find Acct-Session-Id of completed sessions */
|
||||
$completed_sql = ' SELECT "Session-Id", "Acct-Session-Id" FROM (';
|
||||
$completed_sql .= ' SELECT "Session-Id", "Acct-Session-Id", bool_or("Accounting-Record-Type" = 2) as got_start, bool_or("Accounting-Record-Type" = 4) as got_stop ';
|
||||
$completed_sql .= ' FROM "'.$INCOMING.'" GROUP BY "Session-Id", "Acct-Session-Id"';
|
||||
$completed_sql .= ' ) as input';
|
||||
$completed_sql .= ' WHERE got_start AND got_stop';
|
||||
|
||||
$sids = pg_query($dbconn, $completed_sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
if (pg_num_rows($sids) > 0) {
|
||||
while ($sids_line = pg_fetch_array($sids, null, PGSQL_ASSOC)) {
|
||||
$sid = $sids_line["Session-Id"];
|
||||
$asid = $sids_line["Acct-Session-Id"];
|
||||
echo "Processing Acct-Session-Id '".$asid."', Session-Id '".$sid ."'... ";
|
||||
|
||||
$data=array();
|
||||
|
||||
/* We simply ignore the interim record(s) in this first version, since they contain only cumulative data. It could be used in later version to draw the session details for example. */
|
||||
|
||||
$result = pg_query_params($dbconn, 'SELECT *, "recorded_on" - CAST(textcat(text("Acct-Session-Time"), text(\' seconds\')) as INTERVAL) as start_time FROM "'.$INCOMING.
|
||||
'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = 4 ORDER BY "recorded_on"',
|
||||
array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
$record = pg_fetch_array($result, null, PGSQL_ASSOC) or die('Internal error, got_stop is true but no record was returned');
|
||||
|
||||
$data[/* "user_name" */] = $record["User-Name"];
|
||||
$data[/* "user_device" */] = $record["Calling-Station-Id"];
|
||||
|
||||
$nas_id= ($record["NAS-Identifier"] ?: $record["Origin-Host"]) ?: "<unidentified NAS>";
|
||||
$ip = $record["NAS-IP-Address"] ?: $record["NAS-IPv6-Address"];
|
||||
$nas_ip= $ip ? inet_ntop(pg_unescape_bytea($ip)) : "<unknown NAS IP>";
|
||||
$nas_csi = $record["Called-Station-Id"];
|
||||
$data[/* "nas_info" */] = $nas_id . " (".$nas_ip.")" . ($nas_csi ? " - Called Station: ".$nas_csi : "");
|
||||
|
||||
/* Is it possible to infer the session start time from this record only? */
|
||||
if ($record["Acct-Session-Time"]) {
|
||||
/* Yes, let's go */
|
||||
$data[/* "sess_start" */] = $record["start_time"];
|
||||
$data[/* "sess_duration" */] = $record["Acct-Session-Time"]." seconds";
|
||||
} else {
|
||||
/* No the information is missing, let's compute the approx value with the START record timestamp */
|
||||
$res = pg_query_params($dbconn, 'SELECT t_start."recorded_on" as begining, t_end."recorded_on" - t_start."recorded_on" as duration'.
|
||||
' FROM (SELECT "recorded_on" FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = 4 ORDER BY "recorded_on" LIMIT 1) as t_end, '.
|
||||
' (SELECT "recorded_on" FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2 AND "Accounting-Record-Type" = 2 ORDER BY "Accounting-Record-Number", "recorded_on" LIMIT 1) as t_start',
|
||||
array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
$vals = pg_fetch_array($result, null, PGSQL_ASSOC) or die('Internal error, unable to compute session time');
|
||||
$data[/* "sess_start" */] = $vals["begining"];
|
||||
$data[/* "sess_duration" */] = $vals["duration"];
|
||||
pg_free_result($res);
|
||||
}
|
||||
|
||||
$data[/* "downl_bytes" */] = $record["Accounting-Output-Octets"];
|
||||
$data[/* "downl_packets" */] = $record["Accounting-Output-Packets"];
|
||||
$data[/* "upl_bytes" */] = $record["Accounting-Input-Octets"];
|
||||
$data[/* "upl_packets" */] = $record["Accounting-Input-Packets"];
|
||||
pg_free_result($result);
|
||||
|
||||
$result = pg_query_params($dbconn,
|
||||
'INSERT INTO "'.$PROCESSED.'" (user_name, user_device, nas_info, sess_start, sess_duration, downl_bytes, downl_packets, upl_bytes, upl_packets) '.
|
||||
'VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)', $data) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
pg_free_result($result);
|
||||
echo "Data stored into '$PROCESSED'... ";
|
||||
|
||||
/* Now that we have processed it, move these records to the $ARCHIVES_TABLE table. */
|
||||
if ($ARCHIVES_TABLE) {
|
||||
$result = pg_query_params($dbconn, 'SELECT * FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2', array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
$i = 0;
|
||||
while ($rec = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
$i++;
|
||||
|
||||
$sql = "INSERT INTO \"$ARCHIVES_TABLE\" ";
|
||||
$sql .= '("';
|
||||
$sql .= join('", "', array_keys($rec));
|
||||
$sql .= '") VALUES (';
|
||||
for($c = 0; $c < count($rec); $c++)
|
||||
$sql .= ($c ? ', ' : '').'$'.($c+1);
|
||||
$sql .= ')';
|
||||
pg_query_params($dbconn, $sql, array_values($rec)) or die('Insert failed: ' . pg_last_error() . "\n");
|
||||
}
|
||||
echo $i." records archived into '".$ARCHIVES_TABLE."'";
|
||||
pg_free_result($result);
|
||||
}
|
||||
echo "\n";
|
||||
$result = pg_query_params($dbconn, 'DELETE FROM "'.$INCOMING.'" WHERE "Session-Id" = $1 AND "Acct-Session-Id" = $2', array($sid, $asid)) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
pg_free_result($result);
|
||||
}
|
||||
}
|
||||
pg_free_result($sids);
|
||||
|
||||
echo "Operation completed with success!\n";
|
||||
|
||||
/* Closing connection */
|
||||
pg_close($dbconn);
|
||||
|
||||
|
||||
?>
|
|
@ -0,0 +1,157 @@
|
|||
<?php
|
||||
# This file may be called either from CLI or web PHP installation.
|
||||
|
||||
# The copyright is the same as the freeDiameter project. Licence is BSD.
|
||||
|
||||
/*-------------------------------------------------------*/
|
||||
|
||||
/* -- These parameters must match the app_acct.conf file -- */
|
||||
|
||||
/* The Connection String used to access the database.
|
||||
Example: "host=localhost dbname=app_acct user=freediameter password=foo" */
|
||||
$CONNSTR="";
|
||||
|
||||
/* The name of the table were the records are saved by app_acct.fdx */
|
||||
$TABLE="incoming";
|
||||
|
||||
|
||||
/* -- These parameters are specific to this script -- */
|
||||
|
||||
/* Name of the dump file to create. It can be relative or absolute.
|
||||
The script fails if this file already exists.
|
||||
Use for example "data-".date("Ymdhis").".sql" to avoid collisions. */
|
||||
$DUMPFILE="incoming_data.sql";
|
||||
|
||||
/* Does the script also echoes an HTML TABLE of the data processed? */
|
||||
$DISPLAY_HTML=FALSE; // it would be better to detect if we are called through Web or CLI...
|
||||
/* In addition, issue a full HTML page (including headers) ? */
|
||||
$HTML_HEADERS=TRUE;
|
||||
|
||||
/*-------------------------------------------------------*/
|
||||
|
||||
/* Connect to the database */
|
||||
$dbconn = pg_connect($CONNSTR)
|
||||
or die('Could not connect: ' . pg_last_error() . "\n");
|
||||
|
||||
/* Check if the file exists */
|
||||
$file = fopen($DUMPFILE, "xb")
|
||||
or die("The file '$DUMPFILE' already exists or cannot be created, aborting.\n");
|
||||
|
||||
/* First, query the table format */
|
||||
$format_sql = "SELECT ".
|
||||
" a.attname AS field,".
|
||||
" t.typname AS type,".
|
||||
/* " a.attlen AS length,". */
|
||||
" a.atttypmod AS lengthvar,".
|
||||
" a.attnotnull AS notnull".
|
||||
" FROM".
|
||||
" pg_class c,".
|
||||
" pg_attribute a,".
|
||||
" pg_type t".
|
||||
" WHERE".
|
||||
" c.relname = '" . $TABLE . "'".
|
||||
" AND a.attnum > 0".
|
||||
" AND a.attrelid = c.oid".
|
||||
" AND a.atttypid = t.oid".
|
||||
" ORDER BY a.attnum";
|
||||
$result = pg_query($dbconn, $format_sql) or die('Query failed: ' . pg_last_error() . "\n");
|
||||
|
||||
/* app_acct.fdx only uses a few different fields types: */
|
||||
$conv_types = array(
|
||||
"timestamptz" => "timestamp with time zone", /* recorded on */
|
||||
"bytea" => "bytea", /* octet string */
|
||||
"int4" => "integer", /* unsigned32, integer32, float32 */
|
||||
"int8" => "bigint" /* unsigned64, integer64, float64 */
|
||||
);
|
||||
|
||||
$fields_types=array();
|
||||
|
||||
fwrite($file, " -- Data purged on ".date(DATE_RFC822)."\n\n");
|
||||
fwrite($file, " -- Format of the table it was extracted from:\n");
|
||||
fwrite($file, " -- CREATE TABLE \"".$TABLE."\" (\n");
|
||||
$i = 0;
|
||||
while ($field = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
if ($i++)
|
||||
fwrite($file, ",\n");
|
||||
fwrite($file, " -- \"".$field["field"]."\" ");
|
||||
if (array_key_exists($field["type"], $conv_types))
|
||||
$fields_types[$field["field"]] = $conv_types[$field["type"]];
|
||||
else
|
||||
$fields_types[$field["field"]] = $field["type"];
|
||||
fwrite($file, $fields_types[$field["field"]]);
|
||||
if ($field["lengthvar"] != "-1")
|
||||
fwrite($file, "(".$field["lengthvar"].")");
|
||||
if ($field["notnull"] == "t")
|
||||
fwrite($file, " NOT NULL");
|
||||
}
|
||||
fwrite($file, "\n -- );\n\n");
|
||||
pg_free_result($result);
|
||||
|
||||
/* Now, the data */
|
||||
$result = pg_query($dbconn, "SELECT * FROM \"".$TABLE."\"") or die('Query failed: ' . pg_last_error() . "\n");
|
||||
if (pg_num_rows($result) > 0) {
|
||||
fwrite($file, "INSERT INTO \"".$TABLE."\"\n (\n");
|
||||
$i = pg_num_fields($result);
|
||||
if ($DISPLAY_HTML && $HTML_HEADERS) echo "<HTML>\n<HEAD><TITLE>Purge</TITLE></HEAD>\n<BODY>\n";
|
||||
if ($DISPLAY_HTML) echo "<TABLE>\n <TR>\n";
|
||||
for ($j = 0; $j < $i; $j++) {
|
||||
fwrite($file, ($j ? ", " : "") . "\"" . pg_escape_string(pg_field_name($result, $j)). "\"");
|
||||
if ($DISPLAY_HTML) echo " <TD>".htmlentities(pg_field_name($result, $j))."</TD>\n";
|
||||
}
|
||||
fwrite($file, "\n )\n VALUES \n");
|
||||
if ($DISPLAY_HTML) echo " </TR>\n";
|
||||
$i = 0;
|
||||
while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) {
|
||||
if ($i++)
|
||||
fwrite($file, ",\n");
|
||||
fwrite($file, " ( ");
|
||||
|
||||
if ($DISPLAY_HTML) echo " <TR>\n";
|
||||
$j = 0;
|
||||
$sql = "";
|
||||
foreach ($line as $f => $v) {
|
||||
if (!is_null($v))
|
||||
switch ($fields_types[$f]) {
|
||||
case "bytea":
|
||||
$v = "E'".pg_escape_bytea(pg_unescape_bytea($v))."'";
|
||||
break;
|
||||
case "timestamp with time zone":
|
||||
$v = "E'".pg_escape_string($v)."'";
|
||||
break;
|
||||
}
|
||||
else
|
||||
$v = "NULL";
|
||||
|
||||
if ($DISPLAY_HTML) echo " <TD>".htmlentities(print_r($line[$f], TRUE))."</TD>\n";
|
||||
|
||||
fwrite($file, ($j ? ", " : "") . $v);
|
||||
$sql .= ($j ? " AND " : "") . "\"".pg_escape_string($f)."\" ";
|
||||
if (is_null($line[$f]))
|
||||
$sql .= " IS NULL";
|
||||
else
|
||||
$sql .= " = " . $v;
|
||||
$j++;
|
||||
}
|
||||
fwrite($file, ")");
|
||||
if ($DISPLAY_HTML) echo " </TR>\n";
|
||||
$res = pg_query( "DELETE FROM \"".$TABLE."\" WHERE ".$sql) or die('DELETE query failed: ' . pg_last_error() . "\n");
|
||||
pg_free_result($res);
|
||||
}
|
||||
fwrite($file, "\n;\n");
|
||||
if ($DISPLAY_HTML) echo "</TABLE>\n";
|
||||
if ($DISPLAY_HTML && $HTML_HEADERS) echo "</BODY>\n</HTML>\n";
|
||||
else echo $i." records have been successfully written to '".$DUMPFILE."' and removed from database.\n";
|
||||
} else {
|
||||
if ($DISPLAY_HTML) echo "<p><em>No new record in the database</em></p>\n";
|
||||
else echo "No new record in the database, the generated file is empty.\n";
|
||||
}
|
||||
pg_free_result($result);
|
||||
|
||||
/* Closing connection */
|
||||
pg_close($dbconn);
|
||||
|
||||
/* Closing the file */
|
||||
fclose($file);
|
||||
|
||||
|
||||
?>
|
|
@ -0,0 +1,189 @@
|
|||
freediameter (1.2.0) UNRELEASED; urgency=low
|
||||
|
||||
* Major changes in the logging system to be more syslog and production friendly
|
||||
* New extension: dict_dcca_3gpp
|
||||
* New extension: dict_dcca_starent (Starent DCCA vendor-specific AVPs)
|
||||
* New extension: rt_ignore_dh (hide network topology by proxying Destination-Host).
|
||||
* New extension: rt_load_balance (load balancer based on pending queue size).
|
||||
* New extension: rt_busypeers. See doc/rt_busypeers.conf.sample.
|
||||
* New extension: dbg_msg_timings. Measures timing of message operations.
|
||||
* New extension: dbg_msg_dumps. Use to control hooks display.
|
||||
* New API (fd_hook_*) for extensions to control messages logging & profiling
|
||||
* New API (fd_stats_*) for extensions to monitor framework state (e.g. SNMP implem)
|
||||
* API change: all the fd_*_dump functions now return malloc'd strings instead of logging directly.
|
||||
* API change: callback parameter of fd_rt_out_register had its signature updated.
|
||||
* Updated dbg_monitoring extension to use the new API
|
||||
* New script to generate dictionary extensions from org file (see contrib/tools)
|
||||
* New compilation option: WORKAROUND_ACCEPT_INVALID_VSAI to improve compatibility
|
||||
with invalid Vendor-Specific-Application-Id AVPs received from some equipments (e.g. Cisco).
|
||||
* New compilation option: DISABLE_PEER_EXPIRY for use in test environments.
|
||||
* Extensions are now also searched in LD_LIBRARY_PATH.
|
||||
* Copy Proxy-Info AVP automatically in new answers.
|
||||
* Port value 0 allowed in configuration to disable local server (e.g. disable non-secure port).
|
||||
* API change: fd_msg_send_timeout now takes a separate callback for timeout situation.
|
||||
* Function changes: fd_msg_dump_* now split in three different type of output.
|
||||
* New test testmesg_stress to measure message parser performance
|
||||
* Fix termination of the framework to avoid failures.
|
||||
* Fix invalid timespec value in peer PSM appearing randomly (leading to crash).
|
||||
* Return DIAMETER_LOOP_DETECTED if local peer in the Route-Record list of a message.
|
||||
* Allow running without TLS configuration.
|
||||
* Upgraded SCTP code to comply with RFC 6458
|
||||
* Using default secure Diameter port number 5658 as per RFC 6733
|
||||
* Updated TLS code for performance improvements with new GNU TLS.
|
||||
* Fix interlocking problem when large number of requests were failed over.
|
||||
* New option in test_app.fdx extension for long messages payload.
|
||||
* Performance improvement in message sending code path.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@freediameter.net> Sat, 14 Sep 2013 18:08:07 +0800
|
||||
|
||||
freediameter (1.1.6) UNRELEASED; urgency=low
|
||||
|
||||
* Fix major issue in 1.1.5 preventing to send answers to a received message.
|
||||
* New command-line option: --enable_msg_log=( DROPPED | RECEIVED | SENT | NODELIVER | TIMING )
|
||||
* Improved parsing error handling and Failed-AVP generation.
|
||||
* Added support for some timings measurements in freeDiameter (in the logs)
|
||||
* Fix port handling when using non-default port.
|
||||
* Some cleanups in several dictionary files.
|
||||
* New option to fd_dict_search: AVP_BY_STRUCT
|
||||
* Improved compatibility with C++ compilers.
|
||||
* Cleanups in sessions creation/destruction to avoid memory corruption under stress.
|
||||
* Add support for "include" directive in freeDiameter.conf file.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@freediameter.net> Sun, 03 Mar 2013 07:40:43 +0100
|
||||
|
||||
freediameter (1.1.5) UNRELEASED; urgency=low
|
||||
|
||||
* Added compatibility with MAC OS X
|
||||
* Fix behavior of timeout whe nsending messages to allow re-send.
|
||||
* Several cleanups and new contributions included.
|
||||
* Added dependency on C++ compiler for CMakeLists.txt
|
||||
|
||||
-- Sebastien Decugis <sdecugis@freediameter.net> Sat, 03 Nov 2012 17:58:11 +0100
|
||||
|
||||
freediameter (1.1.4) UNRELEASED; urgency=low
|
||||
|
||||
* Compatibility with GnuTLS 3.x versions / updated packaging files accordingly
|
||||
* Fix crash on Sparc 64 (possibly other 64b machines)
|
||||
* Updated dict_dcca in extensions and contrib (thanks Konstantin)
|
||||
* Changed dumping of messages to avoid interleaved information
|
||||
|
||||
-- Sebastien Decugis <sdecugis@freediameter.net> Fri, 24 Aug 2012 00:17:05 +0200
|
||||
|
||||
freediameter (1.1.3) UNRELEASED; urgency=low
|
||||
|
||||
* Fixed a memory leak
|
||||
* Clean-up of some extensions
|
||||
|
||||
-- Sebastien Decugis <sdecugis@freediameter.net> Tue, 03 Jul 2012 08:15:49 +0200
|
||||
|
||||
freediameter (1.1.2) UNRELEASED; urgency=low
|
||||
|
||||
* FIFO queues are now capped to avoid memory exhaustion.
|
||||
* Cleanups in MIPv6 dictionaries.
|
||||
* app_acct upgraded: enabled vendor-specific AVP logging, thread-safe version.
|
||||
* New function: fd_dict_getlistof to list dictionary contents.
|
||||
* New function: fd_dict_delete to remove an entry (dangerous function!)
|
||||
* New function: fd_sess_getcount to get count of session objects.
|
||||
* A few additional bug fixes, check hg log for details.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@freediameter.net> Tue, 21 Feb 2012 18:38:10 +0100
|
||||
|
||||
freediameter (1.1.1) UNRELEASED; urgency=low
|
||||
|
||||
* Bug fix release
|
||||
* Supports newer GNUTLS versions
|
||||
* Allow empty OctetString AVPs (l=0)
|
||||
* Allow two instances of freeDiameter on a single host.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@nict.go.jp> Fri, 30 Sep 2011 21:56:50 +0200
|
||||
|
||||
freediameter (1.1.0) UNRELEASED; urgency=low
|
||||
|
||||
* Source package restructured. Most of the
|
||||
framework now contained in the libfdcore library.
|
||||
libfreeDiameter renamed as libfdproto.
|
||||
This closes #15.
|
||||
* API version bumped to version 4.
|
||||
* Improved fd_dict_new() when the same object already exists.
|
||||
* Improvements to dict_legacy_xml extension.
|
||||
* Cleanups in links to shared libraries
|
||||
* (app_radgw.fdx) Better handling conversion of DEA with error status
|
||||
to RADIUS (closes #25)
|
||||
* Allow default signals such as SIGTSTP (ctrl-z) to be used with
|
||||
freeDiameterd
|
||||
* Improved DiameterIdentity handling (esp. interationalization issues),
|
||||
and improve efficiency of some string operations in peers, sessions,
|
||||
and dictionary modules (closes #7)
|
||||
* Cleanup in the session module to free only unreferenced sessions (#16)
|
||||
* Removed fd_cpu_flush_cache(), replaced by more robust alternatives.
|
||||
* Improved peer state machine algorithm to counter SCTP multistream race
|
||||
condition.
|
||||
* New extension rt_redirect.fdx that handles the Diameter Redirect errors.
|
||||
* New extension app_redirect that allows sending Redirect indications to
|
||||
other peers. See doc/app_redirect.conf.sample for more information.
|
||||
* Added incomplete dictionary extension for rfc4006 (DCCA), courtesy
|
||||
of Konstantin Chekushin <koch@lmt.lv>
|
||||
|
||||
-- Sebastien Decugis <sdecugis@freediameter.net> Tue, 29 Mar 2011 10:41:19 +0900
|
||||
|
||||
freediameter (1.0.4) UNRELEASED; urgency=low
|
||||
|
||||
* Added new API to specify timeout on receiving answer (#10)
|
||||
* Bumped API version number accordingly.
|
||||
* New test_netemul extension (simple network emulator proxy)
|
||||
* Improved API compatibility to C++ compilers
|
||||
|
||||
-- Sebastien Decugis <sdecugis@nict.go.jp> Tue, 11 Jan 2011 12:28:22 +0900
|
||||
|
||||
freediameter (1.0.3) UNRELEASED; urgency=low
|
||||
|
||||
* Fixed a couple of issues for portability (#21, #22, #23)
|
||||
* Fixed issue with ListenOn bit ordering (#20)
|
||||
* Added dictionary support for MIPv6 application objects.
|
||||
* Added dictionary support for legacy XML files.
|
||||
* Added python interface dbg_interactive (experimental).
|
||||
* Added parameters to fd_disp_register() and fd_sess_handler_create(),
|
||||
Bumped API version number accordingly.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@nict.go.jp> Tue, 14 Dec 2010 11:39:29 +0900
|
||||
|
||||
freediameter (1.0.2) UNRELEASED; urgency=low
|
||||
|
||||
* Fix an issue in app_diameap.fdx with user names (#18)
|
||||
* Allow DH parameters loaded from a file (#17)
|
||||
* Fixed a few compilation warnings on 64bits architectures.
|
||||
* New ALL_EXTENSIONS build option.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@nict.go.jp> Wed, 27 Oct 2010 11:17:32 +0900
|
||||
|
||||
freediameter (1.0.1) UNRELEASED; urgency=low
|
||||
|
||||
* app_acct.fdx: new set of PHP scripts available in source
|
||||
contrib/app_acct_tools
|
||||
* app_acct.fdx: new directive 'Server_name_field' in the
|
||||
configuration.
|
||||
* app_radgw.fdx: new directive 'nonai' in acct and auth plugins to
|
||||
disable NAI processing.
|
||||
* app_radgw.fdx: New support for RADIUS proxies.
|
||||
* app_radgw.fdx: many bug fixes.
|
||||
* daemon: Check the local certificate is valid during TLS
|
||||
initialization.
|
||||
* daemon: Fixed issue for IP addresses in the form x.x.x.235
|
||||
* daemon: new option --dbg_gnutls to get GNUTLS debug messages.
|
||||
* debian: some cleanups in the packaging (dependencies, meta-data)
|
||||
* rt_ereg.fdx: New routing extension based on regular expression
|
||||
matching in package freediameter-daemon.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@nict.go.jp> Wed, 15 Sep 2010 18:30:28 +0900
|
||||
|
||||
freediameter (1.0.0-2) experimental; urgency=low
|
||||
|
||||
* Official release 1.0.0
|
||||
|
||||
-- Sebastien Decugis <sdecugis@nict.go.jp> Thu, 29 Jul 2010 17:27:13 +0900
|
||||
|
||||
freediameter (1.0.0-1) experimental; urgency=low
|
||||
|
||||
* Initial Release.
|
||||
|
||||
-- Sebastien Decugis <sdecugis@nict.go.jp> Wed, 19 May 2010 15:36:54 +0900
|
|
@ -0,0 +1 @@
|
|||
7
|
|
@ -0,0 +1,228 @@
|
|||
Source: freediameter
|
||||
Section: contrib/net
|
||||
Priority: extra
|
||||
Maintainer: Sebastien Decugis <sdecugis@freediameter.net>
|
||||
Build-Depends: debhelper ( >= 7.3.9),
|
||||
cmake, make, gcc, g++, bison, flex,
|
||||
libsctp-dev, libgnutls-dev | gnutls-dev, libidn11-dev,
|
||||
libpq-dev, libmysqlclient-dev, libxml2-dev, swig, python-dev
|
||||
Standards-Version: 3.8.3
|
||||
Homepage: http://www.freediameter.net
|
||||
|
||||
Package: freediameter-common
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||
Description: The freeDiameter libraries.
|
||||
This package contains the freeDiameter framework core libraries,
|
||||
required by all freeDiameter components.
|
||||
It may also be useful for other projects which need to
|
||||
perform operations on Diameter messages.
|
||||
.
|
||||
The freeDiameter framework provides support for the Diameter
|
||||
Base Protocol. Without any extension, the framework can only
|
||||
be used as a Diameter routing agent. You probably want to
|
||||
install some freeDiameter extension(s) to extend its
|
||||
features, and also the freediameter-daemon package that
|
||||
will initialize the framework for you.
|
||||
.
|
||||
See 'freeDiameter-dev' package to retrieve the API for the library.
|
||||
|
||||
Package: freediameter-dev
|
||||
Architecture: any
|
||||
Section: contrib/devel
|
||||
Depends: freediameter-common (= ${binary:Version}), libsctp-dev, libgnutls-dev, libgcrypt-dev
|
||||
Description: This package provides the development files for freeDiameter.
|
||||
|
||||
Package: freediameter-daemon
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}, freediameter-common (= ${binary:Version})
|
||||
Suggests: ssl-cert, freediameter-dictionary-rfc4005, freediameter-dictionary-rfc4072, freediameter-dictionary-rfc4740,
|
||||
freediameter-dictionary-mip6, freediameter-dictionary-legacy
|
||||
Description: The freeDiameter daemon.
|
||||
This daemon is a simple loader for the freeDiameter framework.
|
||||
It is shipped with a small set of extensions, for
|
||||
example to configure the routing behavior. See the
|
||||
examples in /usr/share/freediameter* for more details.
|
||||
|
||||
Package: freediameter-debug-tools
|
||||
Architecture: any
|
||||
Section: contrib/debug
|
||||
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
|
||||
Suggests: python, libmysqlclient16
|
||||
Description: freeDiameter debug tools.
|
||||
This package provides useful tools to help tracking
|
||||
problems in freeDiameter installation. For example,
|
||||
the dbg_interactive.fdx extension allows access to the
|
||||
framework via a python interpreter console.
|
||||
|
||||
Package: freediameter-dictionary-rfc4005
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
|
||||
Description: RFC4005 (NASREQ) dictionary support.
|
||||
This freeDiameter extension provides the dictionary support
|
||||
for commands and AVP defined in RFC4005 (NASREQ).
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension does not require a configuration file.
|
||||
|
||||
Package: freediameter-dictionary-rfc4006
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
|
||||
Description: RFC4006 (DCCA) dictionary support (incomplete).
|
||||
This freeDiameter extension provides the dictionary support
|
||||
for commands and AVP defined in RFC4006 (DCCA).
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension does not require a configuration file.
|
||||
.
|
||||
Currently this extension is not complete: only AVP definitions
|
||||
are included. See the source file for more details.
|
||||
|
||||
Package: freediameter-dictionary-rfc4072
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version}), freediameter-dictionary-rfc4005 (= ${binary:Version})
|
||||
Description: RFC4072 (Diameter EAP) dictionary support.
|
||||
This freeDiameter extension provides the dictionary support
|
||||
for commands and AVP defined in RFC4072 (Diameter EAP).
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension does not require a configuration file.
|
||||
|
||||
Package: freediameter-dictionary-rfc4740
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
|
||||
Description: RFC4740 (Diameter SIP) dictionary support.
|
||||
This freeDiameter extension provides the dictionary support
|
||||
for commands and AVP defined in RFC4740 (Diameter SIP).
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension does not require a configuration file.
|
||||
|
||||
Package: freediameter-dictionary-mip6
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version})
|
||||
Description: Diameter Mobile IPv6 application dictionary support.
|
||||
This package contains a set of extensions to provide the support
|
||||
for commands and AVP defined in several RFCs related to
|
||||
Diameter MIPv6. It is split is several extensions:
|
||||
mip6a, mip6i, nas-mipv6, rfc5777.
|
||||
.
|
||||
In order to use these extensions, your main freeDiameter
|
||||
configuration file must contain LoadExtension directives.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
These extensions do not require a configuration file.
|
||||
|
||||
Package: freediameter-dictionary-legacy
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-common (= ${binary:Version}), libxml2
|
||||
Description: Legacy XML dictionary files support.
|
||||
This freeDiameter extension allows the use of XML dictionary
|
||||
files with the freeDiameter framework. Please note that
|
||||
dictionaries provided as XML files come with less features
|
||||
than native binary format, so the later should be preferred
|
||||
when possible.
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension requires a configuration file. See
|
||||
dict_legacy_xml.conf.sample for documentation.
|
||||
|
||||
Package: freediameter-radius-gateway
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version})
|
||||
Suggests: freediameter-dictionary-rfc4072 (= ${binary:Version}), freediameter-dictionary-rfc4740 (= ${binary:Version})
|
||||
Description: RADIUS/Diameter extensible gateway.
|
||||
This freeDiameter extension implements a RADIUS to Diameter
|
||||
gateway. It allows a RADIUS client to connect to a Diameter
|
||||
server.
|
||||
.
|
||||
The support for specific Diameter applications and/or RADIUS
|
||||
extensions is provided in the gateway by the use of plugins.
|
||||
Currently, the following plugins are available:
|
||||
- echodrop.rgwx : drop or echo a RADIUS attribute.
|
||||
The attribute is not converted to Diameter.
|
||||
See echodrop.rgwx.conf.sample for details.
|
||||
- auth.rgwx : Convert Access-Request to Diameter AAR or DER.
|
||||
Requests For Comments: RADIUS: 2865, 3162, 2868,
|
||||
2869, 3579; Diameter: 4005, 4072.
|
||||
Requires freediameter-dictionary-rfc4072.
|
||||
- sip.rgwx : Convert Access-Request to Diameter SIP messages.
|
||||
Requests For Comments: Diameter: 4740.
|
||||
Requires freediameter-dictionary-rfc4740.
|
||||
- acct.rgwx : Converts Accounting-Request (2866) to Diameter
|
||||
ACR (3588).
|
||||
Requires freediameter-dictionary-rfc4072.
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension requires a configuration file.
|
||||
See app_radgw.conf.sample for more details.
|
||||
|
||||
Package: freediameter-accounting-server
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version}), libpq5
|
||||
Suggests: freediameter-dictionary-rfc4072
|
||||
Description: freeDiameter simple Accounting server.
|
||||
This freeDiameter extension implements the Diameter Base
|
||||
Accounting application. It saves the accounting records
|
||||
in a PostgreSQL database backend in a highly configurable
|
||||
maneer.
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension requires a configuration file.
|
||||
See app_acct.conf.sample for more details.
|
||||
.
|
||||
You may find some useful resources to parse the saved records
|
||||
in the contrib/app_acct_tools folder in source package.
|
||||
|
||||
Package: freediameter-eap-server
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version}), libmysqlclient16, freediameter-dictionary-rfc4072 (= ${binary:Version})
|
||||
Description: freeDiameter Diameter EAP server implementation.
|
||||
This freeDiameter extension implements a Diameter EAP server.
|
||||
It supports EAP-MD5 and EAP-TLS methods currently.
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension requires a configuration file.
|
||||
See app_diameap.conf.sample and
|
||||
http://diameap.yagami.freediameter.net for more details.
|
||||
|
||||
Package: freediameter-sip-server
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, freediameter-daemon (= ${binary:Version}), libmysqlclient16, freediameter-dictionary-rfc4740 (= ${binary:Version})
|
||||
Description: freeDiameter Diameter SIP server implementation.
|
||||
This freeDiameter extension implements a prototype
|
||||
Diameter SIP server.
|
||||
See http://www.freediameter.net/trac/wiki/app_sip.fdx for
|
||||
status information.
|
||||
.
|
||||
In order to use this extension, your main freeDiameter
|
||||
configuration file must contain a LoadExtension directive.
|
||||
See freeDiameter documentation for more details.
|
||||
.
|
||||
This extension requires a configuration file.
|
||||
See app_sip.conf.sample for more details.
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
Format-Specification: http://dep.debian.net/deps/dep5/
|
||||
Name: freeDiameter
|
||||
Maintainer: Sebastien Decugis <sdecugis@freediameter.net>
|
||||
Source: http://www.freediameter.net
|
||||
|
||||
Files: *
|
||||
Copyright: 2008-2011, WIDE Project and NICT.
|
||||
License: BSD
|
||||
Redistribution and use of this software in source and binary forms, with or without modification, are
|
||||
permitted provided that the following conditions are met:
|
||||
.
|
||||
* Redistributions of source code must retain the above
|
||||
copyright notice, this list of conditions and the
|
||||
following disclaimer.
|
||||
.
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the
|
||||
following disclaimer in the documentation and/or other
|
||||
materials provided with the distribution.
|
||||
.
|
||||
* Neither the name of the WIDE Project or NICT nor the
|
||||
names of its contributors may be used to endorse or
|
||||
promote products derived from this software without
|
||||
specific prior written permission of WIDE Project and
|
||||
NICT.
|
||||
.
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
|
||||
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
|
@ -0,0 +1 @@
|
|||
etc/freeDiameter/
|
|
@ -0,0 +1,3 @@
|
|||
INSTALL*
|
||||
LICENSE
|
||||
README
|
|
@ -0,0 +1 @@
|
|||
doc/app_acct.conf.sample
|
|
@ -0,0 +1 @@
|
|||
usr/lib/freeDiameter/app_acct.fdx
|
|
@ -0,0 +1,5 @@
|
|||
doc/freediameter.conf.sample
|
||||
doc/acl_wl.conf.sample
|
||||
doc/rt_default.conf.sample
|
||||
doc/rt_ereg.conf.sample
|
||||
doc/single_host
|
|
@ -0,0 +1,6 @@
|
|||
usr/lib/libfdproto.so*
|
||||
usr/lib/libfdcore.so*
|
||||
usr/lib/freeDiameter/acl_wl.fdx
|
||||
usr/lib/freeDiameter/rt_default.fdx
|
||||
usr/lib/freeDiameter/rt_ereg.fdx
|
||||
usr/lib/freeDiameter/dbg_monitor.fdx
|
|
@ -0,0 +1,7 @@
|
|||
# Defaults for freediameter initscript
|
||||
# sourced by /etc/init.d/freediameter
|
||||
# installed at /etc/default/freediameter by the maintainer scripts
|
||||
|
||||
# Additional options that are passed to the Daemon.
|
||||
# See "freeDiameterd --help" for supported flags.
|
||||
DAEMON_OPTS=""
|
|
@ -0,0 +1,160 @@
|
|||
#! /bin/sh
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: freediameter
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Required-Start: $remote_fs $syslog
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Short-Description: Start freeDiameter daemon at boot time
|
||||
# Description: Start the freeDiameter daemon at boot time.
|
||||
# freeDiameter is an extensible implementation of the Diameter protocol,
|
||||
# designed for Authentication, Authorization and Accounting. Diameter is
|
||||
# an evolution of the RADIUS protocol.
|
||||
### END INIT INFO#
|
||||
|
||||
DAEMON=/usr/bin/freeDiameterd
|
||||
CONF=/etc/freeDiameter/freeDiameter.conf
|
||||
NAME=freediameter
|
||||
DESC="freeDiameter daemon"
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
|
||||
LOGDIR=/var/log/freediameter
|
||||
PIDFILE=/var/run/$NAME.pid
|
||||
DODTIME=30 # Time to wait for the server to die, in seconds
|
||||
# The value is high because we wait for STA answers
|
||||
# before disconnecting the peers.
|
||||
|
||||
# Include freediameter defaults if available
|
||||
if [ -f /etc/default/freediameter ] ; then
|
||||
. /etc/default/freediameter
|
||||
fi
|
||||
|
||||
test x"" != x$DAEMON_OPTS || test -f $CONF || exit 0
|
||||
|
||||
set -e
|
||||
|
||||
running_pid()
|
||||
{
|
||||
# Check if a given process pid's cmdline matches a given name
|
||||
pid=$1
|
||||
name=$2
|
||||
[ -z "$pid" ] && return 1
|
||||
[ ! -d /proc/$pid ] && return 1
|
||||
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
|
||||
# Is this the expected child?
|
||||
[ "$cmd" != "$name" ] && return 1
|
||||
return 0
|
||||
}
|
||||
|
||||
running()
|
||||
{
|
||||
# Check if the process is running looking at /proc
|
||||
# (works for all users)
|
||||
|
||||
# No pidfile, probably no daemon present
|
||||
[ ! -f "$PIDFILE" ] && return 1
|
||||
# Obtain the pid and check it against the binary name
|
||||
pid=`cat $PIDFILE`
|
||||
running_pid $pid $DAEMON || return 1
|
||||
return 0
|
||||
}
|
||||
|
||||
force_stop() {
|
||||
# Forcefully kill the process
|
||||
[ ! -f "$PIDFILE" ] && return
|
||||
if running ; then
|
||||
kill -15 $pid
|
||||
# Is it really dead?
|
||||
[ -n "$DODTIME" ] && sleep "$DODTIME"s
|
||||
if running ; then
|
||||
kill -9 $pid
|
||||
[ -n "$DODTIME" ] && sleep "$DODTIME"s
|
||||
if running ; then
|
||||
echo "Cannot kill $LABEL (pid=$pid)!"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
rm -f $PIDFILE
|
||||
return 0
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
start-stop-daemon --start --quiet --pidfile $PIDFILE \
|
||||
--exec $DAEMON -- $DAEMON_OPTS
|
||||
if running ; then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo " ERROR."
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
|
||||
--exec $DAEMON
|
||||
echo "$NAME."
|
||||
;;
|
||||
force-stop)
|
||||
echo -n "Forcefully stopping $DESC: "
|
||||
force_stop
|
||||
if ! running ; then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo " ERROR."
|
||||
fi
|
||||
;;
|
||||
#reload)
|
||||
#
|
||||
# If the daemon can reload its config files on the fly
|
||||
# for example by sending it SIGHUP, do it here.
|
||||
#
|
||||
# If the daemon responds to changes in its config file
|
||||
# directly anyway, make this a do-nothing entry.
|
||||
#
|
||||
# echo "Reloading $DESC configuration files."
|
||||
# start-stop-daemon --stop --signal 1 --quiet --pidfile \
|
||||
# /var/run/$NAME.pid --exec $DAEMON
|
||||
#;;
|
||||
force-reload)
|
||||
#
|
||||
# If the "reload" option is implemented, move the "force-reload"
|
||||
# option to the "reload" entry above. If not, "force-reload" is
|
||||
# just the same as "restart" except that it does nothing if the
|
||||
# daemon isn't already running.
|
||||
# check wether $DAEMON is running. If so, restart
|
||||
start-stop-daemon --stop --test --quiet --pidfile \
|
||||
/var/run/$NAME.pid --exec $DAEMON \
|
||||
&& $0 restart \
|
||||
|| exit 0
|
||||
;;
|
||||
restart)
|
||||
echo -n "Restarting $DESC: "
|
||||
start-stop-daemon --stop --quiet --pidfile \
|
||||
/var/run/$NAME.pid --exec $DAEMON
|
||||
[ -n "$DODTIME" ] && sleep $DODTIME
|
||||
start-stop-daemon --start --quiet --pidfile \
|
||||
/var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
|
||||
echo "$NAME."
|
||||
;;
|
||||
status)
|
||||
echo -n "$LABEL is "
|
||||
if running ; then
|
||||
echo "running"
|
||||
else
|
||||
echo " not running."
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
N=/etc/init.d/$NAME
|
||||
# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
|
||||
echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1 @@
|
|||
usr/bin/freeDiameterd*
|
|
@ -0,0 +1,3 @@
|
|||
doc/test_app.conf.sample
|
||||
doc/test_netemul.conf.sample
|
||||
doc/dbg_interactive.py.sample
|
|
@ -0,0 +1,5 @@
|
|||
usr/lib/freeDiameter/dbg_rt.fdx
|
||||
usr/lib/freeDiameter/test_app.fdx
|
||||
usr/lib/freeDiameter/test_sip.fdx
|
||||
usr/lib/freeDiameter/test_netemul.fdx
|
||||
usr/lib/freeDiameter/dbg_interactive.fdx
|
|
@ -0,0 +1 @@
|
|||
usr/include/freeDiameter/*
|
|
@ -0,0 +1,2 @@
|
|||
doc/dict_legacy_xml.conf.sample
|
||||
contrib/dict_legacy/dictionary.dtd
|
|
@ -0,0 +1 @@
|
|||
usr/lib/freeDiameter/dict_legacy_xml.fdx
|
|
@ -0,0 +1,4 @@
|
|||
usr/lib/freeDiameter/dict_nas_mipv6.fdx
|
||||
usr/lib/freeDiameter/dict_mip6i.fdx
|
||||
usr/lib/freeDiameter/dict_mip6a.fdx
|
||||
usr/lib/freeDiameter/dict_rfc5777.fdx
|
|
@ -0,0 +1 @@
|
|||
usr/lib/freeDiameter/dict_nasreq.fdx
|
|
@ -0,0 +1 @@
|
|||
usr/lib/freeDiameter/dict_dcca.fdx
|
|
@ -0,0 +1 @@
|
|||
usr/lib/freeDiameter/dict_eap.fdx
|
|
@ -0,0 +1 @@
|
|||
usr/lib/freeDiameter/dict_sip.fdx
|
|
@ -0,0 +1,2 @@
|
|||
doc/app_diameap.conf.sample
|
||||
doc/eap_tls_plugin.diameap.conf.sample
|
|
@ -0,0 +1,2 @@
|
|||
usr/lib/freeDiameter/app_diameap.fdx
|
||||
usr/lib/freeDiameter/*.emp
|
|
@ -0,0 +1,2 @@
|
|||
doc/app_radgw.conf.sample
|
||||
doc/echodrop.rgwx.conf.sample
|
|
@ -0,0 +1,2 @@
|
|||
usr/lib/freeDiameter/app_radgw.fdx
|
||||
usr/lib/freeDiameter/*.rgwx
|
|
@ -0,0 +1,4 @@
|
|||
doc/app_sip.conf.sample
|
||||
doc/app_sip.sql
|
||||
doc/app_sip_SL.sql
|
||||
doc/test_sip.conf.sample
|
|
@ -0,0 +1,3 @@
|
|||
usr/lib/freeDiameter/app_sip.fdx
|
||||
usr/share/doc/freeDiameter-sip-server/*
|
||||
usr/bin/freediameter-sip-*
|
|
@ -0,0 +1,31 @@
|
|||
#!/usr/bin/make -f
|
||||
# -*- makefile -*-
|
||||
# Sample debian/rules that uses debhelper.
|
||||
#
|
||||
# This file was originally written by Joey Hess and Craig Small.
|
||||
# As a special exception, when this file is copied by dh-make into a
|
||||
# dh-make output file, you may use that output file without restriction.
|
||||
# This special exception was added by Craig Small in version 0.37 of dh-make.
|
||||
#
|
||||
# Modified to make a template file for a multi-binary package with separated
|
||||
# build-arch and build-indep targets by Bill Allombert 2001
|
||||
|
||||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
|
||||
# This has to be exported to make some magic below work.
|
||||
export DH_OPTIONS
|
||||
|
||||
# Comment this out if you want to include the tests when the package is built
|
||||
skip_the_tests=-DBUILD_TESTING:BOOL=OFF
|
||||
|
||||
%:
|
||||
dh $@
|
||||
|
||||
override_dh_auto_configure:
|
||||
dh_auto_configure -- $(skip_the_tests) \
|
||||
-DCMAKE_BUILD_TYPE:STRING=DebianPackage \
|
||||
-DDEFAULT_CONF_PATH:PATH=/etc/freeDiameter \
|
||||
-DALL_EXTENSIONS:BOOL=ON
|
||||
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
new release: dch -v 1.0.3 -D UNRELEASED --release-heuristic log
|
||||
Simple addition: dch "changelog entry text"
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
Files provided courtesy of Konstantin Chekushin under the same license as freeDiameter.
|
||||
|
||||
Comment:
|
||||
"They are not full, I've filled only that I wanted to use in our app_dcca module. "
|
||||
|
|
@ -0,0 +1,841 @@
|
|||
/*
|
||||
* Dictionary definitions of objects specified in DCCA (Nokia, 3GPP).
|
||||
*/
|
||||
#include <freeDiameter/extension.h>
|
||||
|
||||
|
||||
/* The content of this file follows the same structure as dict_base_proto.c */
|
||||
|
||||
#define CHECK_dict_new( _type, _data, _parent, _ref ) \
|
||||
CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) );
|
||||
|
||||
#define CHECK_dict_search( _type, _criteria, _what, _result ) \
|
||||
CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) );
|
||||
|
||||
struct local_rules_definition {
|
||||
char *avp_name;
|
||||
enum rule_position position;
|
||||
int min;
|
||||
int max;
|
||||
};
|
||||
|
||||
#define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 )
|
||||
|
||||
#define PARSE_loc_rules( _rulearray, _parent) { \
|
||||
int __ar; \
|
||||
for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \
|
||||
struct dict_rule_data __data = { NULL, \
|
||||
(_rulearray)[__ar].position, \
|
||||
0, \
|
||||
(_rulearray)[__ar].min, \
|
||||
(_rulearray)[__ar].max}; \
|
||||
__data.rule_order = RULE_ORDER(__data.rule_position); \
|
||||
CHECK_FCT( fd_dict_search( \
|
||||
fd_g_config->cnf_dict, \
|
||||
DICT_AVP, \
|
||||
AVP_BY_NAME, \
|
||||
(_rulearray)[__ar].avp_name, \
|
||||
&__data.rule_avp, 0 ) ); \
|
||||
if ( !__data.rule_avp ) { \
|
||||
TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \
|
||||
return ENOENT; \
|
||||
} \
|
||||
CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \
|
||||
{ \
|
||||
TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \
|
||||
(_rulearray)[__ar].avp_name ); \
|
||||
return EINVAL; \
|
||||
} ); \
|
||||
} \
|
||||
}
|
||||
|
||||
#define enumval_def_u32( _val_, _str_ ) \
|
||||
{ _str_, { .u32 = _val_ }}
|
||||
|
||||
#define enumval_def_os( _len_, _val_, _str_ ) \
|
||||
{ _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}}
|
||||
|
||||
|
||||
static int dict_dcca_3gpp_entry(char * conffile)
|
||||
{
|
||||
TRACE_ENTRY("%p", conffile);
|
||||
|
||||
/* Applications section */
|
||||
{
|
||||
/* Create the vendors */
|
||||
{
|
||||
struct dict_vendor_data vendor_data = { 10415, "3GPP" };
|
||||
CHECK_FCT(fd_dict_new(fd_g_config->cnf_dict, DICT_VENDOR, &vendor_data, NULL, NULL));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* AVP section */
|
||||
{
|
||||
struct dict_object * Address_type;
|
||||
struct dict_object * UTF8String_type;
|
||||
struct dict_object * DiameterIdentity_type;
|
||||
struct dict_object * DiameterURI_type;
|
||||
struct dict_object * Time_type;
|
||||
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Address", &Address_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterIdentity", &DiameterIdentity_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterURI", &DiameterURI_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Time", &Time_type);
|
||||
|
||||
/* Reporting-Reason */
|
||||
{
|
||||
/*
|
||||
Enumerated. Will be present if quota was
|
||||
exhausted for one or more metering types. Only
|
||||
one Reporting-Reason AVP can be present in the
|
||||
Used-Service-Unit AVP. (Note that the Reporting-
|
||||
Reason AVP may be present also at the MSCC
|
||||
level; see below.)
|
||||
The following values are supported:
|
||||
|
||||
QUOTA_EXHAUSTED(3); Quota for the
|
||||
associated metering type has been
|
||||
exhausted. With this reporting reason there is
|
||||
only one metering type in this Used-Service-
|
||||
Unit AVP.
|
||||
|
||||
OTHER_QUOTA_TYPE(5); Quota for one or
|
||||
more of the other metering types has been
|
||||
exhausted. With this reporting reason there
|
||||
may be multiple metering types in Used-
|
||||
Service-Unit AVP.
|
||||
|
||||
POOL_EXHAUSTED(8); Quota from the
|
||||
credit pool has been exhausted. This reporting
|
||||
reason is used if the quota for the associated
|
||||
metering type was granted from a credit pool
|
||||
by using the GSU-Pool-Reference AVP in the
|
||||
CCA. With this reporting reason there is only
|
||||
one metering type in the Used-Service-Unit
|
||||
AVP.
|
||||
*/
|
||||
|
||||
struct dict_object *type;
|
||||
struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(Reporting-Reason)" , NULL, NULL, NULL };
|
||||
struct dict_enumval_data t_1 = { "QHT", { .i32 = 1 }};
|
||||
struct dict_enumval_data t_2 = { "FINAL", { .i32 = 2 }};
|
||||
struct dict_enumval_data t_3 = { "QUOTA_EXHAUSTED", { .i32 = 3 }};
|
||||
struct dict_enumval_data t_4 = { "VALIDITY_TIME", { .i32 = 4 }};
|
||||
struct dict_enumval_data t_5 = { "OTHER_QUOTA_TYPE", { .i32 = 5 }};
|
||||
struct dict_enumval_data t_6 = { "RATING_CONDITION_CHANGE", { .i32 = 6 }};
|
||||
struct dict_enumval_data t_7 = { "FORCED_REAUTHORIZATION", { .i32 = 7 }};
|
||||
struct dict_enumval_data t_8 = { "POOL_EXHAUSTED", { .i32 = 8 }};
|
||||
|
||||
struct dict_avp_data data = {
|
||||
872, /* Code */
|
||||
10415, /* Vendor */
|
||||
"Reporting-Reason", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_INTEGER32 /* base type of data */
|
||||
};
|
||||
/* Create the Enumerated type, and then the AVP */
|
||||
CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_3 , type, NULL);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_5 , type, NULL);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_8 , type, NULL);
|
||||
CHECK_dict_new( DICT_AVP, &data , type, NULL);
|
||||
}
|
||||
|
||||
/* Trigger */
|
||||
{
|
||||
/*
|
||||
Grouped. The presence of the Trigger AVP in the
|
||||
CCR identifies the event(s) triggering the CCR.
|
||||
*/
|
||||
|
||||
struct dict_avp_data data = {
|
||||
1264, /* Code */
|
||||
10415, /* Vendor */
|
||||
"Trigger", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_GROUPED /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Trigger-Type */
|
||||
{
|
||||
/*
|
||||
Enumerated. One or more of these AVPs may be
|
||||
present. Indicates the event that triggered the
|
||||
MSCC. Supported values are:
|
||||
|
||||
CHANGE_IN_SGSN_IP_ADDRESS (1), a change in the SGSN address.
|
||||
|
||||
CHANGEINQOS_ANY (2), a change in the QoS profile
|
||||
|
||||
CHANGEINRAT (4), a change in radio access technology
|
||||
|
||||
*/
|
||||
|
||||
struct dict_object *type;
|
||||
struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(Trigger-Type)" , NULL, NULL, NULL };
|
||||
struct dict_enumval_data t_1 = { "CHANGE_IN_SGSN_IP_ADDRESS", { .i32 = 1 }};
|
||||
struct dict_enumval_data t_2 = { "CHANGEINQOS_ANY", { .i32 = 2 }};
|
||||
struct dict_enumval_data t_4 = { "CHANGEINRAT", { .i32 = 4 }};
|
||||
|
||||
struct dict_avp_data data = {
|
||||
870, /* Code */
|
||||
10415, /* Vendor */
|
||||
"Trigger-Type", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_INTEGER32 /* base type of data */
|
||||
};
|
||||
/* Create the Enumerated type, and then the AVP */
|
||||
CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_1 , type, NULL);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_2 , type, NULL);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_4 , type, NULL);
|
||||
CHECK_dict_new( DICT_AVP, &data , type, NULL);
|
||||
}
|
||||
|
||||
/* Service-Information */
|
||||
{
|
||||
/*
|
||||
Grouped. The Service-Information purpose is to
|
||||
allow the transmission of additional 3GPP service
|
||||
specific information elements (3GPP 32.299
|
||||
Rel7).
|
||||
*/
|
||||
|
||||
struct dict_avp_data data = {
|
||||
873, /* Code */
|
||||
10415, /* Vendor */
|
||||
"Service-Information", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_GROUPED /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* PS-Information */
|
||||
{
|
||||
/*
|
||||
Grouped. Its purpose is to allow the transmission
|
||||
of additional PS service specific information
|
||||
elements (3GPP 32.299 Rel7).
|
||||
*/
|
||||
|
||||
struct dict_avp_data data = {
|
||||
874, /* Code */
|
||||
10415, /* Vendor */
|
||||
"PS-Information", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_GROUPED /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* PDP-Address */
|
||||
{
|
||||
/*
|
||||
Address. Present only in the initial CCR. Contains
|
||||
the user equipment IP address. This AVP is
|
||||
defined in 3GPP 32.299 Rel7.
|
||||
*/
|
||||
|
||||
struct dict_avp_data data = {
|
||||
1227, /* Code */
|
||||
10415, /* Vendor */
|
||||
"PDP-Address", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-IMSI */
|
||||
{
|
||||
/*
|
||||
IMSI encoded in UTF-8 per 3GPP TS 23.003. No
|
||||
padding. Maximum length of data: 15.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
1, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-IMSI", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-Charging-Id */
|
||||
{
|
||||
/*
|
||||
Unsigned32. (3GPP TS 29.061 Rel7) . The
|
||||
charging identifier for the PDP context. The Flexi
|
||||
ISN generates the 3GPP charging ID for both
|
||||
virtual and normal PDP contexts with one excep-
|
||||
tion. If the Flexi ISN acts as a NAS server and the
|
||||
charging ID selection is set to NAS Client, the
|
||||
charging ID will be the NAand not the 3GPP charging ID of Flexi ISN.
|
||||
Present in the initial CCR only.S client
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
2, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-Charging-Id", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_UNSIGNED32 /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-PDP-Type */
|
||||
{
|
||||
/*
|
||||
Enumerated. (3GPP TS 29.061 Rel7 ). Type of
|
||||
PDP context, for example, IP or PPP. Present in
|
||||
the initial CCR only.
|
||||
0 = IPv4
|
||||
1 = PPP
|
||||
2 = IPv6
|
||||
3 = IPv4v6
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
3, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-PDP-Type", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_UNSIGNED32 /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-CG-Address */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel4). The address
|
||||
of the charging gateway that has been marked as
|
||||
the default charging gateway for the PDP context.
|
||||
The address is expressed as a four-byte integer.
|
||||
Present in the initial CCR only.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
4, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-CG-Address", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-GPRS-Negotiated-QoS-Profile */
|
||||
{
|
||||
/*
|
||||
UTF8String. (3GPP TS 29.061 Rel7 ). The QoS
|
||||
profile applied by the Flexi ISN. In update and ter-
|
||||
mination requests, this AVP is present only when
|
||||
the CCR has been triggered by a PDP context
|
||||
update affecting the negotiated QoS
|
||||
Each octet is described by two UTF-8-encoded
|
||||
characters denoting the hexadecimal
|
||||
representation.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-GPRS-Negotiated-QoS-Profile", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-SGSN-Address */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel4). The address
|
||||
of the charging gateway that has been marked as
|
||||
the default charging gateway for the PDP context.
|
||||
The address is expressed as a four-byte integer.
|
||||
Present in the initial CCR only.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
6, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-SGSN-Address", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-GGSN-Address */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel4). Usually the
|
||||
IP address of Flexi ISN. The only exception is
|
||||
when the Flexi ISN acts as a NAS server and the
|
||||
charging ID selection is set to NAS Client; then the
|
||||
GGSN IP address will be the NAIP address. Present in the initial CCR only.S client
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
7, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-GGSN-Address", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , Address_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-IMSI-MCC-MNC */
|
||||
{
|
||||
/*
|
||||
UTF8String. MCC and MNC extracted from the
|
||||
user's IMSI (first 5 or 6 digits, as applicable from
|
||||
the presented IMSI). The MCC-MNCs are
|
||||
extracted from the tables configured in FlexiISN
|
||||
configuration under the General and Roaming
|
||||
configurations.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
8, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-IMSI-MCC-MNC", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-GGSN-MCC-MNC */
|
||||
{
|
||||
/*
|
||||
UTF8String. (3GPP TS 29.061 Rel7 ). Contains
|
||||
the mobile country and network code of the PLMN
|
||||
that the Flexi ISN belongs to. Present in the initial
|
||||
CCR only. The first entry in the list of local PLMNs
|
||||
in the Flexi ISN configuration determines the value
|
||||
of this AVP.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
9, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-GGSN-MCC-MNC", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-NSAPI */
|
||||
{
|
||||
/*
|
||||
UTF8String. (3GPP TS 29.061 Rel7 ). Indicates
|
||||
the NSAPI of the PDP context. Contains one octet
|
||||
consisting of a single digit. Present in the initial
|
||||
CCR only.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
10, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-NSAPI", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-Session-Stop-Indicator */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel4). The
|
||||
presence of this AVP indicates that the last
|
||||
context of the PDP session has been deleted. May
|
||||
be present in the termination CCR only. Contains
|
||||
one octet that has a value of 0xff.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
11, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-Session-Stop-Indicator", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-Selection-Mode */
|
||||
{
|
||||
/*
|
||||
UTF8String. (3GPP TS 29.061 Rel7 ). Consists of
|
||||
one octet containing the selection mode as
|
||||
received from SGSN in the Create PDP Context
|
||||
Request. Present in the initial CCR only.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
12, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-Selection-Mode", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-Charging-Characteristics */
|
||||
{
|
||||
/*
|
||||
UTF8String. (3GPP TS 29.061 Rel7 ). The
|
||||
charging characteristics for the PDP context.
|
||||
Present in the initial CCR only. Consists of four
|
||||
octets. Each octet contains a single UTF-8
|
||||
encoded digit. The content of the charging charac-
|
||||
teristics is described in 3GPP TS 32.215.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
13, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-Charging-Characteristics", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-CG-IPv6-Address */
|
||||
{
|
||||
/*
|
||||
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). The
|
||||
IPv6 address of the charging gateway.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
14, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-CG-IPv6-Address", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-SGSN-IPv6-Address */
|
||||
{
|
||||
/*
|
||||
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). The
|
||||
IPv6 address of the SGSN.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
15, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-SGSN-IPv6-Address", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-GGSN-IPv6-Address */
|
||||
{
|
||||
/*
|
||||
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). The
|
||||
IPv6 address of the GGSN.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
16, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-GGSN-IPv6-Address", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-GGSN-IPv6-DNS-Servers */
|
||||
{
|
||||
/*
|
||||
UTF8String.. (3GPP TS 29.061 Rel? (<=10) ). List
|
||||
of IPv6 addresses of DNS servers for an APN in
|
||||
order of preference (max. 15 servers, 16 bytes
|
||||
each).
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
17, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-GGSN-IPv6-DNS-Servers", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-SGSN-MCC-MNC */
|
||||
{
|
||||
/*
|
||||
UTF8String. (3GPP TS 29.061 Rel7 ). MCC and
|
||||
MNC extracted from the RAI within Create or
|
||||
Update PDP Context Request. In update and ter-
|
||||
mination requests, this AVP is present only when
|
||||
the CCR has been triggered by a routing area
|
||||
update.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
18, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-SGSN-MCC-MNC", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* Missing: 3GPP-Teardown-Indicator (19) */
|
||||
|
||||
/* 3GPP-IMEISV */
|
||||
{
|
||||
/*
|
||||
IMEI(SV) encoded as sequence of UTF8 characters.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
20, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-IMEISV", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-RAT-Type */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel7 ) Defines the
|
||||
method used to access the network. Consists of a
|
||||
single octet. The following values may be sent:
|
||||
UTRAN (1), GERAN (2), WLAN (3), NAS (254),
|
||||
Unspecified (255).
|
||||
This AVP is included in the initial CCR and in
|
||||
update or termination CCRs if the value changes.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
21, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-RAT-Type", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-User-Location-Info */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel7 ) Contains
|
||||
information about the user's current geographical
|
||||
location as received from the SGSN. Present
|
||||
always in initial CCR if the value is known and in
|
||||
update and termination CCRs if the value
|
||||
changes.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
22, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-User-Location-Info", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* 3GPP-MS-TimeZone */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel7 ) 3GPP-MS-
|
||||
TimeZone is AVP is present always in the initial CCR if the
|
||||
value is known and in the update and termination
|
||||
CCRs if the value changes. This IE is encoded
|
||||
according to 3GPP TS 29.061 Rel7
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
23, /* Code */
|
||||
10415, /* Vendor */
|
||||
"3GPP-MS-TimeZone", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Missing: 3GPP-CAMEL-Charging-Info (24) */
|
||||
/* Missing: 3GPP-Packet-Filter (25) */
|
||||
/* Missing: 3GPP-Negotiated-DSCP (26) */
|
||||
/* Missing: 3GPP-Allocate-IP-Type (27) */
|
||||
|
||||
/* PDP-Context-Type */
|
||||
{
|
||||
/*
|
||||
Enumerated. Indicates the type of a PDP context
|
||||
and is only included in CCR initial.
|
||||
|
||||
values are 0 for primary and 1 for secondary
|
||||
(3GPP 32.299 Rel7)
|
||||
*/
|
||||
struct dict_object *type;
|
||||
struct dict_type_data tdata = { AVP_TYPE_INTEGER32, "Enumerated(PDP-Context-Type)" , NULL, NULL, NULL };
|
||||
struct dict_enumval_data t_0 = { "PRIMARY", { .i32 = 0 }};
|
||||
struct dict_enumval_data t_1 = { "SECONDARY", { .i32 = 1 }};
|
||||
|
||||
struct dict_avp_data data = {
|
||||
1247, /* Code */
|
||||
10415, /* Vendor */
|
||||
"PDP-Context-Type", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_INTEGER32 /* base type of data */
|
||||
};
|
||||
/* Create the Enumerated type, and then the AVP */
|
||||
CHECK_dict_new( DICT_TYPE, &tdata , NULL, &type);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_0 , type, NULL);
|
||||
CHECK_dict_new( DICT_ENUMVAL, &t_1 , type, NULL);
|
||||
CHECK_dict_new( DICT_AVP, &data , type, NULL);
|
||||
}
|
||||
|
||||
/* IMS-Information */
|
||||
{
|
||||
/*
|
||||
Grouped. Its purpose is to allow the transmission
|
||||
of additional IMS service specific information ele-
|
||||
ments. (3GPP 32.299 Rel7)
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
876, /* Code */
|
||||
10415, /* Vendor */
|
||||
"IMS-Information", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_GROUPED /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* IMS-Charging-Identifier */
|
||||
{
|
||||
/*
|
||||
UTF8String. Contains the IMS charging identifier
|
||||
as given to the Flexi ISN by the IMS. This AVP is
|
||||
defined in 3GPP TS 32.225. This AVP is present
|
||||
in IMS sessions only. Present in the initial CCR
|
||||
only.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
841, /* Code */
|
||||
10415, /* Vendor */
|
||||
"IMS-Charging-Identifier", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/* Max-Requested-Bandwidth-UL */
|
||||
{
|
||||
/*
|
||||
Unsigned32. The Max-Requested-Bandwidth-
|
||||
UL/DL AVP indicates the maximum allowed bit
|
||||
rate (in bits per second) for the uplink direction.
|
||||
(Re-used from 3GPP 29.214)
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
515, /* Code */
|
||||
10415, /* Vendor */
|
||||
"Max-Requested-Bandwidth-UL", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_UNSIGNED32 /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Max-Requested-Bandwidth-DL */
|
||||
{
|
||||
/*
|
||||
Unsigned32. The Max-Requested-Bandwidth-
|
||||
UL/DL AVP indicates the maximum allowed bit
|
||||
rate (in bits per second) for the uplink direction.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
516, /* Code */
|
||||
10415, /* Vendor */
|
||||
"Max-Requested-Bandwidth-DL", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_UNSIGNED32 /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* QoS-Information */
|
||||
{
|
||||
/*
|
||||
Grouped. This is the QoS that the DCCA
|
||||
server requests from Flexi ISN to be applied for
|
||||
this PDP context. This AVP and all AVPs con-
|
||||
tained within are described in 3GPP TS 29.212
|
||||
Release 7. The ARP AVP is introduced with
|
||||
Release 8. The relevant types are defined on
|
||||
table 5.3.1 of TS 29.212.
|
||||
*/
|
||||
|
||||
struct dict_avp_data data = {
|
||||
1016, /* Code */
|
||||
10415, /* Vendor */
|
||||
"QoS-Information", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_GROUPED /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for DCCA 3GPP' initialized");
|
||||
return 0;
|
||||
}
|
||||
|
||||
EXTENSION_ENTRY("dict_dcca_3gpp", dict_dcca_3gpp_entry, "dict_dcca");
|
|
@ -0,0 +1,281 @@
|
|||
/*
|
||||
* Dictionary definitions of objects specified in DCCA (Nokia, 3GPP).
|
||||
*/
|
||||
#include <freeDiameter/extension.h>
|
||||
|
||||
|
||||
/* The content of this file follows the same structure as dict_base_proto.c */
|
||||
|
||||
#define CHECK_dict_new( _type, _data, _parent, _ref ) \
|
||||
CHECK_FCT( fd_dict_new( fd_g_config->cnf_dict, (_type), (_data), (_parent), (_ref)) );
|
||||
|
||||
#define CHECK_dict_search( _type, _criteria, _what, _result ) \
|
||||
CHECK_FCT( fd_dict_search( fd_g_config->cnf_dict, (_type), (_criteria), (_what), (_result), ENOENT) );
|
||||
|
||||
struct local_rules_definition {
|
||||
char *avp_name;
|
||||
enum rule_position position;
|
||||
int min;
|
||||
int max;
|
||||
};
|
||||
|
||||
#define RULE_ORDER( _position ) ((((_position) == RULE_FIXED_HEAD) || ((_position) == RULE_FIXED_TAIL)) ? 1 : 0 )
|
||||
|
||||
#define PARSE_loc_rules( _rulearray, _parent) { \
|
||||
int __ar; \
|
||||
for (__ar=0; __ar < sizeof(_rulearray) / sizeof((_rulearray)[0]); __ar++) { \
|
||||
struct dict_rule_data __data = { NULL, \
|
||||
(_rulearray)[__ar].position, \
|
||||
0, \
|
||||
(_rulearray)[__ar].min, \
|
||||
(_rulearray)[__ar].max}; \
|
||||
__data.rule_order = RULE_ORDER(__data.rule_position); \
|
||||
CHECK_FCT( fd_dict_search( \
|
||||
fd_g_config->cnf_dict, \
|
||||
DICT_AVP, \
|
||||
AVP_BY_NAME, \
|
||||
(_rulearray)[__ar].avp_name, \
|
||||
&__data.rule_avp, 0 ) ); \
|
||||
if ( !__data.rule_avp ) { \
|
||||
TRACE_DEBUG(INFO, "AVP Not found: '%s'", (_rulearray)[__ar].avp_name ); \
|
||||
return ENOENT; \
|
||||
} \
|
||||
CHECK_FCT_DO( fd_dict_new( fd_g_config->cnf_dict, DICT_RULE, &__data, _parent, NULL), \
|
||||
{ \
|
||||
TRACE_DEBUG(INFO, "Error on rule with AVP '%s'", \
|
||||
(_rulearray)[__ar].avp_name ); \
|
||||
return EINVAL; \
|
||||
} ); \
|
||||
} \
|
||||
}
|
||||
|
||||
#define enumval_def_u32( _val_, _str_ ) \
|
||||
{ _str_, { .u32 = _val_ }}
|
||||
|
||||
#define enumval_def_os( _len_, _val_, _str_ ) \
|
||||
{ _str_, { .os = { .data = (unsigned char *)_val_, .len = _len_ }}}
|
||||
|
||||
|
||||
static int dict_dcca_nokia_entry(char * conffile)
|
||||
{
|
||||
TRACE_ENTRY("%p", conffile);
|
||||
|
||||
/* Applications section */
|
||||
{
|
||||
/* Create the vendors */
|
||||
{
|
||||
struct dict_vendor_data vendor_data = { 94, "Nokia" };
|
||||
CHECK_FCT(fd_dict_new(fd_g_config->cnf_dict, DICT_VENDOR, &vendor_data, NULL, NULL));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* AVP section */
|
||||
{
|
||||
struct dict_object * Address_type;
|
||||
struct dict_object * UTF8String_type;
|
||||
struct dict_object * DiameterIdentity_type;
|
||||
struct dict_object * DiameterURI_type;
|
||||
struct dict_object * Time_type;
|
||||
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Address", &Address_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "UTF8String", &UTF8String_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterIdentity", &DiameterIdentity_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "DiameterURI", &DiameterURI_type);
|
||||
CHECK_dict_search( DICT_TYPE, TYPE_BY_NAME, "Time", &Time_type);
|
||||
|
||||
/* NSN-Token-Value */
|
||||
{
|
||||
/*
|
||||
OctetString. A token that was received, for
|
||||
example, from the subscription portal [14]. The
|
||||
maximum length of the token is 64 octets.
|
||||
When this AVP is included in the MSCC, the USU
|
||||
and Reporting-Reason AVPs will not be included
|
||||
(because the token is not a trigger to report quota
|
||||
usage). Additionally, the Rating-Group and
|
||||
Service-Id AVPs will have the values received
|
||||
from the subscription portal.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5113, /* Code */
|
||||
94, /* Vendor */
|
||||
"NSN-Token-Value", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Quota-Consumption-Time */
|
||||
{
|
||||
/*
|
||||
Unsigned32. Contains the time quota envelope
|
||||
expiration time in seconds. This is the time
|
||||
elapsed from the previous service request, to
|
||||
the moment the Flexi ISN considers that the
|
||||
time envelope finishes. The value of this AVP
|
||||
will be in effect for the remainder of the session
|
||||
or until a new value is received. If this AVP is
|
||||
not present, the default value configured for the
|
||||
rating group will be used. The OCS may
|
||||
disable the time quota envelope expiration by
|
||||
setting the value of this AVP to 0. The value of
|
||||
QCT sent from the OCS for a certain MSCC
|
||||
instance is stored in the Flexi ISN and it is used
|
||||
if the OCS does not sent a new value in the
|
||||
CCAs that follow
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5109, /* Code */
|
||||
94, /* Vendor */
|
||||
"Quota-Consumption-Time", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_UNSIGNED32 /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Quota-Holding-Time */
|
||||
{
|
||||
/*
|
||||
Unsigned32. Indicates how long the Flexi ISN
|
||||
will keep the granted quota after a service
|
||||
request has been received. The unit is in
|
||||
seconds. When this time elapses, the Flexi ISN
|
||||
ends the MSCC instance and reports the used
|
||||
quota without requesting more. The value of
|
||||
this AVP will be in effect for the remainder of
|
||||
the session or until a new value is received. If
|
||||
this AVP is not present, the default value con-
|
||||
figured for the rating group will be used. The
|
||||
OCS may disable the Quota Holding Timer by
|
||||
setting the value of this AVP to 0. The value of
|
||||
the QHT sent from the OCS for a certain
|
||||
MSCC instance is stored in the Flexi ISN, and
|
||||
it is used if the OCS does not sent a new value
|
||||
in the CCAs that follow.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5110, /* Code */
|
||||
94, /* Vendor */
|
||||
"Quota-Holding-Time", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_UNSIGNED32 /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Default-Quota */
|
||||
{
|
||||
/*
|
||||
Grouped. Indicates the absolute number of
|
||||
units that are available for consumption during
|
||||
each upcoming OCS interrogation (e.g. after a
|
||||
CCR has been sent but before the CCA is
|
||||
received). If this AVP is not present, the Flexi
|
||||
ISN will use the configured or earlier received
|
||||
default quota. If this AVP is present but does
|
||||
not include the default quota for a certain unit
|
||||
type, that unit type is considered to have no
|
||||
default quota.
|
||||
The usage of default quota can be disabled in
|
||||
certain situations by modifying the Flexi ISN
|
||||
settings
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5111, /* Code */
|
||||
94, /* Vendor */
|
||||
"Default-Quota", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flag values */
|
||||
AVP_TYPE_GROUPED /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Session-Start-Indicator */
|
||||
{
|
||||
/*
|
||||
OctetString. (3GPP TS 29.061 Rel4). The address
|
||||
of the charging gateway that has been marked as
|
||||
the default charging gateway for the PDP context.
|
||||
The address is expressed as a four-byte integer.
|
||||
Present in the initial CCR only.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5105, /* Code */
|
||||
94, /* Vendor */
|
||||
"Session-Start-Indicator", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , NULL, NULL);
|
||||
}
|
||||
|
||||
/* Rulebase-id */
|
||||
{
|
||||
/*
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5106, /* Code */
|
||||
94, /* Vendor */
|
||||
"Rulebase-id", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , UTF8String_type, NULL);
|
||||
}
|
||||
|
||||
/* Time-Of-First-Usage */
|
||||
{
|
||||
/*
|
||||
Time. Contains a time-stamp identifying the date
|
||||
and time of the first increment of the used units
|
||||
counter since the previous report. If no used units
|
||||
were gathered during the previous reporting inter-
|
||||
val, this AVP will not be present.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5103, /* Code */
|
||||
94, /* Vendor */
|
||||
"Time-Of-First-Usage", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , Time_type, NULL);
|
||||
}
|
||||
|
||||
/* Time-Of-Last-Usage */
|
||||
{
|
||||
/*
|
||||
Time. Contains a time-stamp identifying the date
|
||||
and time of the first increment of the used units
|
||||
counter since the previous report. If no used units
|
||||
were gathered during the previous reporting inter-
|
||||
val, this AVP will not be present.
|
||||
*/
|
||||
struct dict_avp_data data = {
|
||||
5104, /* Code */
|
||||
94, /* Vendor */
|
||||
"Time-Of-Last-Usage", /* Name */
|
||||
AVP_FLAG_VENDOR | AVP_FLAG_MANDATORY, /* Fixed flags */
|
||||
AVP_FLAG_VENDOR, /* Fixed flag values */
|
||||
AVP_TYPE_OCTETSTRING /* base type of data */
|
||||
};
|
||||
CHECK_dict_new( DICT_AVP, &data , Time_type, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
TRACE_DEBUG(INFO, "Extension 'Dictionary definitions for DCCA Nokia' initialized");
|
||||
return 0;
|
||||
}
|
||||
|
||||
EXTENSION_ENTRY("dict_dcca_nokia", dict_dcca_nokia_entry, "dict_dcca");
|
|
@ -0,0 +1,3 @@
|
|||
File sent to the mailing-list by German Barros <gbarros@ipcomsa.com>.
|
||||
To be used with the dict_legacy_xml extension.
|
||||
|
|
@ -0,0 +1,709 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE dictionary SYSTEM "dictionary.dtd">
|
||||
|
||||
<!--******************* Diccionario Gx === German Barros ******************************************************************* -->
|
||||
|
||||
<dictionary>
|
||||
|
||||
|
||||
|
||||
<!-- ******************************************************** -->
|
||||
<!-- ********************* Vendors ************************** -->
|
||||
<!-- ******************************************************** -->
|
||||
|
||||
<vendor id="10415" name="3GPP" />
|
||||
|
||||
<!-- ******************************************************** -->
|
||||
<!-- ***************** Gx Application ********************* -->
|
||||
<!-- ******************************************************** -->
|
||||
|
||||
<application id="16777238" name="Gx">
|
||||
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- ========================== COMMAND CODES =========================== -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<!-- *** Command-Codes *** -->
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.6.2 and 5.6.3 -->
|
||||
<command name="CC" code="272" vendor-id="10415">
|
||||
|
||||
</command>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.6.4 and 5.6.5 -->
|
||||
<command name="RA" code="258" vendor-id="10415" />
|
||||
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- ========================= Gx Specific AVPs ======================== -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
|
||||
<!-- Ref = [3GPP - 29.214] 5.3.2 -->
|
||||
<avp name="Access-Network-Charging-Address" code="501" mandatory="must"
|
||||
may-encrypt="yes" vendor-id="10415">
|
||||
<type type-name="Address" />
|
||||
</avp>
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.1 -->
|
||||
<avp name="Bearer-Usage" vendor-id="10415" code="1000" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="GENERAL" code="0" />
|
||||
<enum name="IMS_SIGNALLING" code="1" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.23 -->
|
||||
<avp name="Bearer-Control-Mode" vendor-id="10415" code="1023"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="UE_ONLY" code="0" />
|
||||
<enum name="RESERVED" code="1" />
|
||||
<enum name="UE_NW" code="2" />
|
||||
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.8 -->
|
||||
<avp name="Metering-Method" vendor-id="10415" code="1007"
|
||||
mandatory="must" may-encrypt="yes" protected="may" type="Enumerated">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="DURATION" code="0" />
|
||||
<enum name="VOLUME" code="1" />
|
||||
<enum name="DURATION_VOLUME" code="2" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.20 -->
|
||||
<avp name="Primary-Event-Charging-Function-Name" vendor-id="10415"
|
||||
code="619" mandatory="must" may-encrypt="yes">
|
||||
<type type-name="DiameterURI" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.21 -->
|
||||
<avp name="Secondary-Event-Charging-Function-Name" vendor-id="10415"
|
||||
code="620" mandatory="must" may-encrypt="yes">
|
||||
<type type-name="DiameterURI" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.22 -->
|
||||
<avp name="Primary-Charging-Collection-Function-Name" vendor-id="10415"
|
||||
code="621" mandatory="must" may-encrypt="yes">
|
||||
<type type-name="DiameterURI" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.23 -->
|
||||
<avp name="Secondary-Charging-Collection-Function-Name" vendor-id="10415"
|
||||
code="622" mandatory="must" may-encrypt="yes">
|
||||
<type type-name="DiameterURI" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.214 v7.3.0] , clause 5.3.4 -->
|
||||
<avp name="Access-Network-Charging-Identifier-Value" vendor-id="10415"
|
||||
code="503" mandatory="must" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.061 V7.9.0] , clause 16.4.7 -->
|
||||
<avp name="3GPP-RAT-Type" vendor-id="10415" code="21" mandatory="mustnot"
|
||||
may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
|
||||
<!-- Ref = RFC 4006 chap 8.48 -->
|
||||
<avp name="Subscription-Id-Data" code="444" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
<!-- Ref = RFC 4006 chap 8.47 -->
|
||||
<avp name="Subscription-Id-Type" code="450" mandatory="must"
|
||||
protected="may" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="END_USER_E164" code="0" />
|
||||
<enum name="END_USER_IMSI" code="1" />
|
||||
<enum name="END_USER_SIP_URI" code="2" />
|
||||
<enum name="END_USER_NAI" code="3" />
|
||||
<enum name="END_USER_PRIVATE" code="4" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4006] , clause 8.2 -->
|
||||
<avp name="CC-Request-Number" code="415" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4006] , clause 8.3 -->
|
||||
<avp name="CC-Request-Type" code="416" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="INITIAL_REQUEST" code="1" />
|
||||
<enum name="UPDATE_REQUEST" code="2" />
|
||||
<enum name="TERMINATION_REQUEST" code="3" />
|
||||
<enum name="EVENT_REQUEST" code="4" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4006] , clause 8.38 -->
|
||||
<avp name="Redirect-Address-Type" code="433" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="IPV4_ADDRESS" code="0" />
|
||||
<enum name="IPV6_ADDRESS" code="1" />
|
||||
<enum name="URL" code="2" />
|
||||
<enum name="SIP_URI" code="3" />
|
||||
</avp>
|
||||
<!-- [RFC 4006] , clause 8.39 -->
|
||||
<avp name="Redirect-Server-Address" code="435" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.19 -->
|
||||
<avp name="PCC-Rule-Status" vendor-id="10415" code="1019"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="ACTIVE" code="0" />
|
||||
<enum name="INACTIVE" code="1" />
|
||||
<enum name="TEMPORARILY INACTIVE" code="2" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4005] , clause 6.11.1 -->
|
||||
<avp name="Framed-IP-Address" code="8" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4005] , clause 6.11.6 -->
|
||||
<avp name="Framed-IPv6-Prefix" code="97" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4005] , clause 4.5 -->
|
||||
<avp name="Called-Station-Id" code="30" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4005] , clause 6.7 -->
|
||||
<avp name="Filter-Id" code="11" mandatory="must" may-encrypt="yes">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.21 -->
|
||||
<avp name="Bearer-Operation" vendor-id="10415" code="1021"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="TERMINATION" code="0" />
|
||||
<enum name="ESTABLISHMENT" code="1" />
|
||||
<enum name="MODIFICATION" code="2" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.24 -->
|
||||
<avp name="Network-Request-Support" vendor-id="10415" code="1024"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated"/>
|
||||
|
||||
<enum name="NETWORK_REQUEST_NOT_SUPPORTED" code="0" />
|
||||
<enum name="NETWORK_REQUEST_SUPPORTED" code="1" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.5 -->
|
||||
<avp name="Charging-Rule-Base-Name" vendor-id="10415" code="1004"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.15 -->
|
||||
<avp name="ToS-Traffic-Class" vendor-id="10415" code="1014"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.27 -->
|
||||
<avp name="IP-CAN-Type" vendor-id="10415" code="1027" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="3GPP" code="0" />
|
||||
<enum name="DOCSIS" code="1" />
|
||||
<enum name="xDSL" code="2" />
|
||||
<enum name="WiMAX" code="3" />
|
||||
<enum name="3GPP2" code="4" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.28 -->
|
||||
<avp name="QoS-Negotiation" vendor-id="10415" code="1029"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="NO_QOS_NEGOTIATION" code="0" />
|
||||
<enum name="QOS_NEGOTIATION_SUPPORTED" code="1" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.29 -->
|
||||
<avp name="QoS-Upgrade" vendor-id="10415" code="1030" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="QOS_UPGRADE_NOT_SUPPORTED" code="0" />
|
||||
<enum name="QOS_UPGRADE_SUPPORTED" code="1" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.30 -->
|
||||
<avp name="Rule-Failure-Code" vendor-id="10415" code="1031"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="UNKNOWN_RULE_NAME" code="1" />
|
||||
<enum name="RATING_GROUP_ERROR" code="2" />
|
||||
<enum name="SERVICE_IDENTIFIER_ERROR" code="3" />
|
||||
<enum name="GW/PCEF_MALFUNCTION" code="4" />
|
||||
<enum name="RESOURCES_LIMITATION" code="5" />
|
||||
<enum name="MAX_NR_BEARERS_REACHED" code="6" />
|
||||
<enum name="UNKNOWN_BEARER_ID" code="7" />
|
||||
<enum name="MISSING_BEARER_ID" code="8" />
|
||||
<enum name="MISSING_FLOW_DESCRIPTION" code="9" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.34 -->
|
||||
<avp name="Session-Release-Cause" vendor-id="10415" code="1035"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="UNSPECIFIED_REASONS" code="0" />
|
||||
<enum name="UE_SUBSCRIPTION_REASON" code="1" />
|
||||
<enum name="INSUFFICIENT_SERVER_RESOURCES" code="2" />
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.061 V7.9.0] , clause 16.4.7. -->
|
||||
<avp name="3GPP-SGSN-MCC-MNC" vendor-id="10415" code="18"
|
||||
mandatory="mustnot" may-encrypt="yes">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.061 V7.9.0] , clause 16.4.7 -->
|
||||
<avp name="3GPP-User-Location-Info" vendor-id="10415" code="22"
|
||||
mandatory="mustnot" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.31 -->
|
||||
<avp name="Revalidation-Time" vendor-id="10415" code="1032"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Time" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.32 -->
|
||||
<avp name="Rule-Activation-Time" code="1033" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Time" />
|
||||
</avp>
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.33 -->
|
||||
<avp name="Rule-Deactivation-Time" vendor-id="10415" code="1034"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Time" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.061 V7.7.0] , clause 16.4.7.1 -->
|
||||
<avp name="3GPP-SGSN-Address" vendor-id="10415" code="6" mandatory="mustnot"
|
||||
may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.061 V7.7.0] , clause 16.4.7.1 -->
|
||||
<avp name="3GPP-SGSN-IPv6-Address" vendor-id="10415" code="15"
|
||||
mandatory="mustnot" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.061 V7.7.0] , clause 17.7.12 -->
|
||||
<avp name="RAI" vendor-id="10415" code="909" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="UTF8String" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.061 V7.7.0] , clause 16.4.7 -->
|
||||
<avp name="3GPP-MS-TimeZone" vendor-id="10415" code="23" mandatory="mustnot"
|
||||
may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.20 -->
|
||||
<avp name="Bearer-Identifier" vendor-id="10415" code="1020"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.6 -->
|
||||
<avp name="Charging-Rule-Name" vendor-id="10415" code="1005"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
|
||||
<!-- [RFC 4006] , clause 8.28 -->
|
||||
<avp name="Service-Identifier" code="439" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4006] , clause 8.29 -->
|
||||
<avp name="Rating-Group" code="432" mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.11 -->
|
||||
<avp name="Flow-Status" vendor-id="10415" code="511" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="ENABLED-UPLINK" code="0" />
|
||||
<enum name="ENABLED-DOWNLINK" code="1" />
|
||||
<enum name="ENABLED" code="2" />
|
||||
<enum name="DISABLED" code="3" />
|
||||
<enum name="REMOVED" code="4" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.17 -->
|
||||
<avp name="QoS-Class-Identifier" vendor-id="10415" code="1028"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="FINAL_SERVICE_INFORMATION" code="0" />
|
||||
<enum name="PRELIMINARY_SERVICE_INFORMATION" code="1" />
|
||||
</avp>
|
||||
<!-- Ref = [3GPP - 29.214] 5.3.15 -->
|
||||
<avp name="Max-Requested-Bandwidth-UL" code="516" vendor-id="10415"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.25 -->
|
||||
<avp name="Guaranteed-Bitrate-DL" vendor-id="10415" code="1025"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.26 -->
|
||||
<avp name="Guaranteed-Bitrate-UL" vendor-id="10415" code="1026"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.20 -->
|
||||
<avp name="Bearer-Identifier" vendor-id="10415" code="1020"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
<avp name="Max-Requested-Bandwidth-UL" code="516" mandatory="must" vendor-id="10415" may-encrypt="yes">
|
||||
<type type-name="Unsigned32"/>
|
||||
</avp>
|
||||
<avp name="Max-Requested-Bandwidth-DL" code="515" mandatory="must" vendor-id="10415" may-encrypt="yes">
|
||||
<type type-name="Unsigned32"/>
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.16 -->
|
||||
<avp name="QoS-Information" vendor-id="10415" code="1016"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="QoS-Class-Identifier" minimum="1" maximum="1" />
|
||||
<avprule name="Max-Requested-Bandwidth-UL" minimum="1"
|
||||
maximum="1" />
|
||||
<avprule name="Max-Requested-Bandwidth-DL" minimum="1"
|
||||
maximum="1" />
|
||||
<avprule name="Guaranteed-Bitrate-UL" minimum="1" maximum="1" />
|
||||
<avprule name="Guaranteed-Bitrate-DL" minimum="1" maximum="1" />
|
||||
<avprule name="Bearer-Identifier" minimum="1" maximum="1" />
|
||||
</required>
|
||||
</grouped>
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.8 -->
|
||||
<avp name="Flow-Description" vendor-id="10415" code="507"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="IPFilterRule" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.12 -->
|
||||
<avp name="Reporting-Level" vendor-id="10415" code="1011"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="SERVICE_IDENTIFIER_LEVEL" code="0" />
|
||||
<enum name="RATING_GROUP_LEVEL" code="1" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.9 -->
|
||||
<avp name="Offline" vendor-id="10415" code="1008" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="DISABLE_OFFLINE" code="0" />
|
||||
<enum name="ENABLE_OFFLINE" code="1" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.10 -->
|
||||
<avp name="Online" vendor-id="10415" code="1009" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="DISABLE_ONLINE" code="0" />
|
||||
<enum name="ENABLE_ONLINE" code="1" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.11 -->
|
||||
<avp name="Precedence" vendor-id="10415" code="1010" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.6 -->
|
||||
<avp name="AF-Charging-Identifier" vendor-id="10415" code="505"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="OctetString" />
|
||||
</avp>
|
||||
|
||||
<!-- Ref = [3GPP - 29.214] 5.3.14 -->
|
||||
<avp name="Max-Requested-Bandwidth-DL" code="515" vendor-id="10415"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.17 -->
|
||||
<avp name="Media-Component-Number" vendor-id="10415" code="518"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.9 -->
|
||||
<avp name="Flow-Number" vendor-id="10415" code="509" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Unsigned32" />
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.214 V7.3.0] , clause 5.3.10 -->
|
||||
<avp name="Flows" vendor-id="10415" code="510" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Media-Component-Number" minimum="1" maximum="1" />
|
||||
</required>
|
||||
<optional>
|
||||
<avprule name="Flow-Number" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.4 -->
|
||||
<avp name="Charging-Rule-Definition" vendor-id="10415" code="1003"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Charging-Rule-Name" minimum="1" maximum="1" />
|
||||
<avprule name="Service-Identifier" maximum="1" />
|
||||
<avprule name="Rating-Group" maximum="1" />
|
||||
</required>
|
||||
<optional>
|
||||
<avprule name="Flow-Description" maximum="1" />
|
||||
</optional>
|
||||
<required>
|
||||
<avprule name="Flow-Status" maximum="1" />
|
||||
<avprule name="QoS-Information" maximum="1" />
|
||||
<avprule name="Reporting-Level" maximum="1" />
|
||||
<avprule name="Online" maximum="1" />
|
||||
<avprule name="Offline" maximum="1" />
|
||||
<avprule name="Metering-Method" maximum="1" />
|
||||
<avprule name="Precedence" maximum="1" />
|
||||
<avprule name="AF-Charging-Identifier" maximum="1" />
|
||||
</required>
|
||||
<optional>
|
||||
<avprule name="Flows" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.2 -->
|
||||
<avp name="Charging-Rule-Install" vendor-id="10415" code="1001"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<optional>
|
||||
<avprule name="Charging-Rule-Definition" maximum="1" />
|
||||
<avprule name="Charging-Rule-Name" maximum="1" />
|
||||
<avprule name="Charging-Rule-Base-Name" maximum="1" />
|
||||
</optional>
|
||||
<required>
|
||||
<avprule name="Bearer-Identifier" minumin="1" maximum="1" />
|
||||
</required>
|
||||
<optional>
|
||||
<avprule name="Rule-Activation-Time" maximum="1" />
|
||||
<avprule name="Rule-Deactivation-Time" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.3 -->
|
||||
<avp name="Charging-Rule-Remove" vendor-id="10415" code="1002"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<optional>
|
||||
<avprule name="Charging-Rule-Name" maximum="1" />
|
||||
<avprule name="Charging-Rule-Base-Name" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.7 -->
|
||||
<avp name="Event-Trigger" vendor-id="10415" code="1006" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="SGSN_CHANGE" code="0" />
|
||||
<enum name="QOS_CHANGE" code="1" />
|
||||
<enum name="RAT_CHANGE" code="2" />
|
||||
<enum name="TFT_CHANGE" code="3" />
|
||||
<enum name="PLMN_CHANGE" code="4" />
|
||||
<enum name="LOSS_OF_BEARER" code="5" />
|
||||
<enum name="RECOVERY_OF_BEARER" code="6" />
|
||||
<enum name="IP-CAN_CHANGE" code="7" />
|
||||
<enum name="PCEF_MALFUNCTION" code="8" />
|
||||
<enum name="RESOURCES_LIMITATION" code="9" />
|
||||
<enum name="MAX_NR_BEARERS_REACHED" code="10" />
|
||||
<enum name="QOS_CHANGE_EXCEEDING_AUTHORIZATION" code="11" />
|
||||
<enum name="RAI_CHANGE" code="12" />
|
||||
<enum name="USER_LOCATION_CHANGE" code="13" />
|
||||
<enum name="NO_EVENT_TRIGGERS" code="14" />
|
||||
<enum name="OUT_OF_CREDIT" code="15" />
|
||||
<enum name="REALLOCATION_OF_CREDIT" code="16" />
|
||||
<enum name="REVALIDATION_TIMEOUT" code="17" />
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.13 -->
|
||||
<avp name="TFT-Filter" vendor-id="10415" code="1012" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="IPFilterRule" />
|
||||
</avp>
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.14 -->
|
||||
<avp name="TFT-Packet-Filter-Information" vendor-id="10415" code="1013"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Precedence" minimum="1" maximum="1" />
|
||||
<avprule name="TFT-Filter" minimum="1" maximum="1" />
|
||||
<avprule name="ToS-Traffic-Class" minimum="1" maximum="1" />
|
||||
</required>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4006] , clause 8.35 -->
|
||||
<avp name="Final-Unit-Action" code="449" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="Enumerated" />
|
||||
<enum name="TERMINATE" code="0" />
|
||||
<enum name="REDIRECT" code="1" />
|
||||
<enum name="RESTRICT_ACCESS" code="2" />
|
||||
</avp>
|
||||
|
||||
<!-- [RFC 4006] , clause 8.36 -->
|
||||
<avp name="Restriction-Filter-Rule" code="438" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<type type-name="IPFilterRule" />
|
||||
</avp>
|
||||
<!-- [RFC 4006] , clause 8.37 -->
|
||||
<avp name="Redirect-Server" code="434" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Redirect-Address-Type" minimum="1" maximum="1" />
|
||||
<avprule name="Redirect-Server-Address" minimum="1"
|
||||
maximum="1" />
|
||||
</required>
|
||||
</grouped>
|
||||
</avp>
|
||||
<!-- [RFC 4006] , clause 8.34 -->
|
||||
<avp name="Final-Unit-Indication" code="430" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Final-Unit-Action" minimum="1" maximum="1" />
|
||||
<avprule name="Restriction-Filter-Rule" minimum="1"
|
||||
maximum="1" />
|
||||
<avprule name="Filter-Id" minimum="1" maximum="1" />
|
||||
<avprule name="Redirect-Server" minimum="1" maximum="1" />
|
||||
</required>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.18 -->
|
||||
<avp name="Charging-Rule-Report" vendor-id="10415" code="1018"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<optional>
|
||||
<avprule name="Charging-Rule-Name" maximum="1" />
|
||||
<avprule name="Charging-Rule-Base-Name" maximum="1" />
|
||||
</optional>
|
||||
<required>
|
||||
<avprule name="PCC-Rule-Status" minimum="1" maximum="1" />
|
||||
</required>
|
||||
<optional>
|
||||
<avprule name="Rule-Failure-Code" maximum="1" />
|
||||
<avprule name="Final-Unit-Indication" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.212 V7.7.0] , clause 5.3.22 -->
|
||||
<avp name="Access-Network-Charging-Identifier-Gx" vendor-id="10415"
|
||||
code="1022" mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Access-Network-Charging-Identifier-Value"
|
||||
minimum="1" maximum="1" />
|
||||
</required>
|
||||
<optional>
|
||||
<avprule name="Charging-Rule-Base-Name" maximum="1" />
|
||||
<avprule name="Charging-Rule-Name" maximum="1" />
|
||||
</optional>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
<!-- [3GPP TS 29.229 V7.7.0] , clause 6.3.19 -->
|
||||
<avp name="Charging-Information" vendor-id="10415" code="618"
|
||||
mandatory="must" may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Primary-Event-Charging-Function-Name"
|
||||
minimum="1" maximum="1" />
|
||||
<avprule name="Secondary-Event-Charging-Function-Name"
|
||||
minimum="1" maximum="1" />
|
||||
<avprule name="Primary-Charging-Collection-Function-Name"
|
||||
minimum="1" maximum="1" />
|
||||
<avprule name="Secondary-Charging-Collection-Function-Name"
|
||||
minimum="1" maximum="1" />
|
||||
</required>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<!-- Ref = RFC 4006 chap 8.46 -->
|
||||
<avp name="Subscription-Id" code="443" mandatory="must"
|
||||
may-encrypt="yes">
|
||||
<grouped>
|
||||
<required>
|
||||
<avprule name="Subscription-Id-Type" />
|
||||
<avprule name="Subscription-Id-Data" />
|
||||
</required>
|
||||
</grouped>
|
||||
</avp>
|
||||
|
||||
|
||||
|
||||
|
||||
</application>
|
||||
</dictionary>
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
The dictionary.dtd file originates from draft-frascone-xml-dictionary-00.
|
||||
A few modifications may have been performed (see file history in Mercurial)
|
||||
However, no DTD validation is performed by the parser, but the extension
|
||||
expects a known format therefore the flexibility is limited.
|
||||
|
||||
|
||||
Additional XML dictionary files can be found:
|
||||
- Circum project (circum.sf.net)
|
||||
under share/*.xml
|
||||
|
||||
- OpenDiameter project (diameter.sf.net)
|
||||
under libdiameter/config/dictionary.xml (will probably require some stripping)
|
||||
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!ELEMENT dictionary (vendor*, base*, application*)>
|
||||
|
||||
<!ELEMENT vendor EMPTY>
|
||||
<!ATTLIST vendor
|
||||
id CDATA #REQUIRED
|
||||
name CDATA #REQUIRED
|
||||
>
|
||||
|
||||
<!ELEMENT base (command*, typedefn*, avp*)>
|
||||
<!ATTLIST base
|
||||
uri CDATA #IMPLIED
|
||||
>
|
||||
|
||||
<!ELEMENT application (command*, typedefn*, avp*)>
|
||||
<!ATTLIST application
|
||||
id CDATA #REQUIRED
|
||||
name CDATA #IMPLIED
|
||||
uri CDATA #IMPLIED
|
||||
>
|
||||
<!ELEMENT command (requestrules*, answerrules*)>
|
||||
<!ATTLIST command
|
||||
name CDATA #REQUIRED
|
||||
code CDATA #REQUIRED
|
||||
vendor-id CDATA #IMPLIED
|
||||
pbit (0 | 1) "1"
|
||||
>
|
||||
|
||||
<!ELEMENT typedefn EMPTY>
|
||||
<!ATTLIST typedefn
|
||||
type-name ID #REQUIRED
|
||||
type-parent IDREF #IMPLIED
|
||||
description CDATA #IMPLIED
|
||||
>
|
||||
<!ELEMENT avp ((type | grouped), (enum*))>
|
||||
<!ATTLIST avp
|
||||
name ID #REQUIRED
|
||||
description CDATA #IMPLIED
|
||||
code CDATA #REQUIRED
|
||||
mandatory CDATA #IMPLIED
|
||||
vendor-id CDATA #IMPLIED
|
||||
>
|
||||
<!ELEMENT type EMPTY>
|
||||
<!ATTLIST type
|
||||
type-name IDREF #REQUIRED
|
||||
>
|
||||
<!ELEMENT grouped (fixed*, required*, optional*)>
|
||||
<!ELEMENT enum EMPTY>
|
||||
<!ATTLIST enum
|
||||
name CDATA #REQUIRED
|
||||
code CDATA #REQUIRED
|
||||
>
|
||||
|
||||
<!ELEMENT requestrules (fixed*, required*, optional*)>
|
||||
<!ELEMENT answerrules (fixed*, required*, optional*)>
|
||||
|
||||
<!ELEMENT fixed (avprule*)>
|
||||
<!ELEMENT required (avprule*)>
|
||||
<!ELEMENT optional (avprule*)>
|
||||
|
||||
<!ELEMENT avprule EMPTY>
|
||||
<!ATTLIST avprule
|
||||
name IDREF #REQUIRED
|
||||
position (first | last | unspecified) "unspecified"
|
||||
maximum CDATA #IMPLIED
|
||||
minimum CDATA #IMPLIED
|
||||
>
|
||||
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
This folder contains information and scripts to run a new test configuration for nightly builds
|
||||
and reporting the results to freeDiameter dashboard at:
|
||||
http://www.freediameter.net/CDash/index.php?project=freeDiameter
|
||||
|
||||
The information gathered here mostly comes from the following pages:
|
||||
http://www.itk.org/Wiki/CMake_Testing_With_CTest
|
||||
http://www.itk.org/Wiki/CMake_Scripting_Of_CTest
|
||||
http://www.itk.org/Wiki/CTest:Buildserver
|
||||
|
||||
=============
|
||||
|
||||
INSTRUCTIONS to setup a new build slave for the freeDiameter buildserver:
|
||||
-- note: the build slave should have cmake version 2.8 at least so that ctest will update the source tree properly.
|
||||
|
||||
1) Install all dependencies for freeDiameter as follow:
|
||||
a) Debian / Ubuntu: See the "prereqs.ubuntu" file
|
||||
$ sudo aptitude install `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.ubuntu -O - | grep -v -e "^#"`
|
||||
|
||||
b) FreeBSD: See the "prereqs.freebsd" file
|
||||
- install base system and ports
|
||||
- install freediameter dependencies as follow:
|
||||
# pkg_add -r -v wget
|
||||
# pkg_add -r -v `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.freebsd -O - | grep -v -e "^#"`
|
||||
|
||||
c) OpenSUSE:
|
||||
$ sudo zypper install `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.opensuse -O - | grep -v -e "^#"`
|
||||
|
||||
d) Fedora:
|
||||
$ sudo yum install wget
|
||||
$ sudo yum install `wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/prereqs.fedora -O - | grep -v -e "^#"`
|
||||
|
||||
You may also have issues with SELinux later, an easy workaround is to disable it (until better solution)
|
||||
# setenforce Permissive
|
||||
|
||||
|
||||
2) Create the "test" database for app_acct test (we assume the tests are run as user "test" here)
|
||||
- check INSTALL.FreeBSD file for specific PostgreSQL pre-install instructions.
|
||||
- These are the instructions for Debian/Ubuntu/OpenSUSE, adjust as needed:
|
||||
# su - postgres
|
||||
# createuser --interactive test
|
||||
Shall the new role be a superuser? (y/n) n
|
||||
Shall the new role be allowed to create databases? (y/n) y
|
||||
Shall the new role be allowed to create more new roles? (y/n) n
|
||||
# logout
|
||||
$ whoami
|
||||
test
|
||||
$ createdb test
|
||||
$ psql test
|
||||
psql (8.4.4)
|
||||
Type "help" for help.
|
||||
|
||||
test=>
|
||||
CREATE TABLE incoming_test (
|
||||
recorded_on timestamp with time zone NOT NULL,
|
||||
"Accounting-Record-Type" integer,
|
||||
"Session-Id" bytea,
|
||||
"Accounting-Record-Number" integer,
|
||||
"Route-Record1" bytea,
|
||||
"Route-Record2" bytea,
|
||||
"Route-Record3" bytea,
|
||||
"Route-Record4" bytea );
|
||||
\q
|
||||
|
||||
|
||||
3) Create a directory ~/fDtests
|
||||
$ cd
|
||||
$ mkdir fDtests
|
||||
$ cd fDtests
|
||||
|
||||
4) Retrieve the runtests.sh script and save in this directory
|
||||
$ wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/runtests.sh
|
||||
$ chmod +x runtests.sh
|
||||
|
||||
5) Create a file local.cmake defining the name of the build slave in this directory also.
|
||||
$ echo "SET(CTEST_SITE \""`hostname`"\")" > local.cmake
|
||||
|
||||
For FreeBSD, in addition do:
|
||||
$ echo "set(CTEST_BUILD_OPTIONS \"\${CTEST_BUILD_OPTIONS} -DFLEX_EXECUTABLE:FILEPATH=/usr/local/bin/flex\")" >> local.cmake
|
||||
|
||||
6) Run the runtests.sh script once to check it works properly (freeBSD might require: ln -s /usr/local/bin/bash /bin/bash)
|
||||
|
||||
7) Set up a crontab to run the script
|
||||
$ wget http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/cronjob.sh
|
||||
$ chmod +x cronjob.sh
|
||||
$ crontab -l
|
||||
0 0 * * * /home/test/fDtests/cronjob.sh > /home/test/fDtests/cronjob.log 2>&1
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
set(CTEST_BUILD_NAME "Default")
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
# This configuration compiles all the extensions. It also performs a coverage test.
|
||||
# For this to pass, you need to setup the pg database for app_acct test.
|
||||
|
||||
set(CTEST_BUILD_NAME "All extensions (default)")
|
||||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
# This configuration compiles all the extensions. It also performs a coverage test.
|
||||
# For this to pass, you need to setup the pg database for app_acct test.
|
||||
|
||||
set(WITH_COVERAGE TRUE)
|
||||
set(CTEST_BUILD_NAME "All extensions (Debug)")
|
||||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=Debug")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
|
||||
# This configuration compiles all the extensions. It also performs a coverage test.
|
||||
# For this to pass, you need to setup the pg database for app_acct test.
|
||||
|
||||
set(CTEST_BUILD_NAME "All extensions (DebianPackage)")
|
||||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=DebianPackage")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
|
||||
# This configuration compiles all the extensions. It also performs a coverage test.
|
||||
# For this to pass, you need to setup the pg database for app_acct test.
|
||||
|
||||
set(CTEST_BUILD_NAME "All extensions (MaxPerformance)")
|
||||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=MaxPerformance")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
# This configuration compiles all the extensions. It also performs a coverage test.
|
||||
# For this to pass, you need to setup the pg database for app_acct test.
|
||||
|
||||
set(WITH_COVERAGE TRUE)
|
||||
set(CTEST_BUILD_NAME "All extensions (Profiling)")
|
||||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=Profiling")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
|
||||
# This configuration compiles all the extensions. It also performs a coverage test.
|
||||
# For this to pass, you need to setup the pg database for app_acct test.
|
||||
|
||||
set(CTEST_BUILD_NAME "All extensions (Release)")
|
||||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=Release")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
# This configuration compiles all the extensions. It also performs a coverage test.
|
||||
# For this to pass, you need to setup the pg database for app_acct test.
|
||||
|
||||
set(WITH_COVERAGE TRUE)
|
||||
set(CTEST_BUILD_NAME "All extensions (DebugValgrind)")
|
||||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DALL_EXTENSIONS:BOOL=ON")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DCMAKE_BUILD_TYPE:STRING=DebugValgrind")
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DTEST_APP_ACCT:BOOL=ON -DTEST_APP_ACCT_CONNINFO:STRING=user=test\\ dbname=test")
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
# This script will simply retrieve the latest "runtest" script and run it.
|
||||
pushd ~/fDtests
|
||||
mv -f runtests.sh runtests.sh.prev
|
||||
wget "http://www.freediameter.net/hg/freeDiameter/raw-file/tip/contrib/nightly_tests/runtests.sh"
|
||||
chmod +x runtests.sh
|
||||
popd
|
||||
~/fDtests/runtests.sh
|
|
@ -0,0 +1,4 @@
|
|||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DDIAMID_IDNA_IGNORE:BOOL=ON")
|
||||
|
||||
set(CTEST_BUILD_NAME "IDNA Ignore")
|
|
@ -0,0 +1,4 @@
|
|||
|
||||
set(CTEST_BUILD_OPTIONS "${CTEST_BUILD_OPTIONS} -DDIAMID_IDNA_REJECT:BOOL=ON")
|
||||
|
||||
set(CTEST_BUILD_NAME "IDNA Reject")
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue