[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 37: Merging of Filter Attributes

To: "Bernard Aboba" <aboba@internaut.com>, <radiusext@ops.ietf.org>
Subject: RE: Issue 37: Merging of Filter Attributes
From: "Congdon, Paul T (ProCurve)" <paul.congdon@hp.com>
Date: Tue, 14 Dec 2004 15:08:18 -0800

I agree that if both of these attributes appear in the packet, they
should append one another.  Given that order is important (as seen in
Issue 38), why wouldn't we want to indicate that a NAS-Filter-Rule can
also pre-pend the Filter-ID if it appears before the Filter-ID?  It
seems kind of limiting to only allow NAS-Filter-Rule to follow the
Filter-ID.

Consider the following text...

"If both Filter-ID and NAS-Filter-Rule attributes are included within an
Access-Request or Access-Accept packet, the filters are appended to one
another.  If the filter specified by the NAS-Filter-Rule attribute
appears after the filter list specified by the Filter-ID attribute, the
filter is considered to be appended to the end of the filter list.  If
the filter specified by the NAS-Filter-Rule attribute appears before the
filter list specified by the Filter-ID attribute, the filter is
pre-pended to the filter list.

As a result, if either of the filters specify that a packet is to be
discarded, then the filter(s) specified by the other attribute can have
no effect on the processing of that packet."

Paul

> -----Original Message-----
> From: owner-radiusext@ops.ietf.org 
> [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
> Sent: Monday, December 13, 2004 6:46 PM
> To: radiusext@ops.ietf.org
> Subject: Issue 37: Merging of Filter Attributes
> 
> Issue 37: Merging of Filter Attributes
> Submitter name: Bernard Aboba
> Submitter email address: aboba@internaut.com Date first 
> submitted: December 13, 2004
> Reference:
> Document: Congdon-02
> Comment type: T
> Priority: S
> Section: 2.7
> Rationale/Explanation of issue:
> Section 2.7 does not state what happens if both Filter-ID and 
> NAS-Filter-Rule attributes are included in an Access-Accept.
> How are the filters merged?
> 
> Suggest the addition of the following text:
> 
> "If both Filter-ID and NAS-Filter-Rule attributes are 
> included within an Access-Request or Access-Accept packet, 
> the filter specified by the NAS-Filter-Rule attribute is 
> considered to be appended to the end of the filter list 
> specified by the Filter-ID attribute.
> 
> As a result, if the Filter-ID attribute specifies that a 
> packet is to be discarded, then the filter specified by 
> NAS-Filter-Rule can have no effect on the processing of that 
> packet, since it will have already been discarded prior to 
> examination by the filter specified in NAS-Filter-Rule."
> 
> 
> --
> to unsubscribe send a message to 
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in 
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
> 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Issue 37: Merging of Filter Attributes
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: RE: open issues of draft-ietf-radext-digest-auth-00
Next by Date: RE: Issue 38: Ordering of filter attributes
Previous by thread: Issue 37: Merging of Filter Attributes
Next by thread: RE: Issue 37: Merging of Filter Attributes
Index(es):
- Date
- Thread