[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Filter Separation using a NULL?

To: openradius-radextwg@e-advies.nl, radiusext@ops.ietf.org
Subject: Filter Separation using a NULL?
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Wed, 18 Oct 2006 06:31:51 -0700
Bcc:
In-reply-to: <20061018072033.GA25400@web1>

A respin of the document based on your suggestion is available here:
http://www.drizzle.com/~aboba/RADEXT/draft-ietf-radext-filter-03.txt

Here is what Section 2 now looks like -- it is indeed much simpler, and Ican't see that any functionality has been lost. What do people think?


2.  NAS-Filter-Rule Attribute

  Description

     This attribute indicates filter rules to be applied for this user.
     Zero or more NAS-Filter-Rule attributes MAY be sent in Access-
     Accept, CoA-Request, or Accounting-Request packets.

     The NAS-Filter-Rule attribute is not intended to be used
     concurrently with any other filter rule attribute, including
     Filter-Id (11) and NAS-Traffic-Rule [Traffic] attributes, and
     SHOULD NOT appear in the same RADIUS packet.  If a Filter-Id
     attribute is present, then implementations of this specification
     MUST silently discard NAS-Filter-Rule attributes, if present.

     Where multiple NAS-Filter-Rule attributes are included in a RADIUS
     packet, the String field of the attributes are to be concatenated
     to form a set of filter rules.  As noted in [RFC2865] Section 2.3,
     "the forwarding server MUST NOT change the order of any attributes
     of the same type", so that RADIUS proxies will not reorder NAS-
     Filter-Rule attributes.

     A summary of the NAS-Filter-Rule Attribute format is shown below.
     The fields are transmitted from left to right.

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     Type      |    Length     |      String...
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Type

     TBD

  Length

     >=4

  String

     The String field is one or more octets.  It contains filter rules
     in the IPFilterRule syntax defined in [RFC3588] Section 4.3, with
     filter rules separated by a NULL (0x00).  A robust implementation
     SHOULD support the field as undistinguished octets.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Filter Separation using a NULL?
  - From: "Sanchez, Mauricio (ProCurve)" <mauricio.sanchez@hp.com>
- RE: Filter Separation using a NULL?
  - From: "Nelson, David" <dnelson@enterasys.com>

References:
- Re: Request for Review: RADIUS Filter Attribute Document
  - From: Emile van Bergen <openradius-radextwg@e-advies.nl>

Prev by Date: Re: Request for Review: RADIUS Filter Attribute Document
Next by Date: Re: Request for Review: RADIUS Filter Attribute Document
Previous by thread: RE: Request for Review: RADIUS Filter Attribute Document
Next by thread: RE: Filter Separation using a NULL?
Index(es):
- Date
- Thread