[OpenSIPS-Users] radius_send_auth returns Vendor Specific Attributes

John Quick john.quick at smartvox.co.uk
Thu Apr 3 18:13:08 CEST 2014


Hi Bogdan,

If the variable is a var, at the moment you would only get the first value.
After modification, you would only get the last value. I agree this is
changed behaviour, but one case does not seem to me to be any worse than the
other. The advantage that multiple values *can* be returned in an AVP seems
to me to outweigh the risk of changed behaviour on the next release of
OpenSIPS. For me, it would be a great advantage to be able to retrieve
multiple values where this is not possible at the moment.

If you are able to send me the diff file (or simply a description) for the
changes, I would be happy to test it here.

Thanks for responding.

John

-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org] 
Sent: 03 April 2014 16:53
To: john.quick at smartvox.co.uk
Cc: 'OpenSIPS users mailling list'
Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific
Attributes

John,

We could do that (pushing back to OpenSIPS all values for that RADIUS AVP),
but it may be dangerous if you use on the OpenSIPS side a variable that does
not support multiple values - actually the AVPs are the only one doing that.

Imagine the RADIUS reply returns multiple instances on an RADIUS AVP. 
And you use a $var() variable to get the value - each value will be pushed
to that $var(), but as it can hold only one value, it will keep being
overwritten -> only last value will be actually available.
If this behavior is not a problem, we can fix the code and iterate through
the entire list of RADIUS AVP and get all instances.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 02.04.2014 10:20, John Quick wrote:
> Bogdan,
>
> I was hoping to get all the values returned in 1 avp, the avp defined 
> for Cisco-AVPairs in set2. This takes advantage of the ability of 
> OpenSIPS avps to hold multiple indexed values and also means minimal 
> changes to the documentation of the aaa_radius module. If you add a 
> numeric index in the set definition, you must know which position the 
> required attribute is in and it is even possible the server may return
them in a different order.
> Also, if you want to retrieve 10 values this makes the set2 definition 
> very big and clumsy. Adding an index in the set definition would only 
> be a good solution if the index was a string identifying the Attribute 
> name within Cisco-AVPairs.
>
> I would be very happy to test if you can show me what changes need to 
> be made in the sources. I would have tried it already, but wasn't sure 
> how to add multiple values to the avp.
>
> John
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> Sent: 01 April 2014 22:49
> To: john.quick at smartvox.co.uk
> Cc: 'OpenSIPS users mailling list'
> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor Specific 
> Attributes
>
> John,
>
> I understand the issue and agree over the need of a solution. Two 
> possible
> approaches:
>       - return all the values for that radius AVP
>       - include an index in the set definition - to say which instance 
> of the radius AVP you are looking for
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 01.04.2014 21:29, John Quick wrote:
>> Hi Bogdan,
>>
>> Yes absolutely certain. I used Wireshark to check.
>>
>> I did make a little progress with this problem after finding some 
>> info on the Internet.
>> The name that has to be used in set2 is "Cisco-AVPair". This allows 
>> me to retrieve just one VSA value.
>> The *real* problem is that you cannot retrieve values 2, 3, 4, etc.
>> This is because multiple instances are returned using the same VSA.
>> They are all returned by the server in the attribute called 
>> h323-ivr-in. I even found the code in the sources that retrieves them.
>> It loops through every instance in
>> set2 and looks for 1 matching value. So even if you add "Cisco-AVPair"
>> several times into set2 all you get is the first matching value many
> times.
>> John
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
>> Sent: 01 April 2014 19:15
>> To: john.quick at smartvox.co.uk; OpenSIPS users mailling list
>> Subject: Re: [OpenSIPS-Users] radius_send_auth returns Vendor 
>> Specific Attributes
>>
>> Hi John,
>>
>> It may be a stupid question, but are you sure the AVP does exist in 
>> the RADIUS reply ?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 28.03.2014 13:23, John Quick wrote:
>>> Hi,
>>>
>>> With help from this forum, I have just got radius_send_auth working.
>>> I needed some extra dictionaries including dictionary.cisco In that 
>>> dictionary, there are vendor specific attributes like this:
>>> ATTRIBUTE       h323-ivr-in                     100     string
>>> Cisco
>>> ATTRIBUTE       h323-credit-amount              101     string
>>> Cisco
>>>
>>> My Radius server returns some data using these VSA's. In particular, 
>>> it returns many values using the same VSA - h323-ivr-in
>>>
>>> I am having trouble recovering the returned values using set2 of 
>>> radius_send_auth Can anyone advise me how I should define set2 to 
>>> get at these returned values? I have tried the following with no
success:
>>>
>>> modparam("aaa_radius", "sets", "set2 = 
>>> (h323-return-code=$avp(retcode),
>>> h323-ivr-in=$avp(authretvals))")
>>>
>>> After the function is called, there are no values in
>>> $avp(authretvals)
>>>
>>> Thanks.
>>>
>>> John Quick
>>> Smartvox Limited
>>> Web: www.smartvox.co.uk
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>
>






More information about the Users mailing list