The need of rewriting the incoming requests arises from the fact that
some NASes are very particular about the information they send with
the requests. There are cases when the information they send
is hardly usable or even just unusable. For example, a
Cisco AS5300 terminal server used as a voice over IP router packs
a lot of information into its Acct-Session-Id attribute. Though
the information stored there is otherwise relevant, it makes proper
accounting impossible since the Acct-Session-Id attributes
in the start and stop packets of the same session become different, and
thus Radius cannot determine the Session Start to which the given
Session Stop request corresponds (see section Acct-Session-Id).
In order to cope with such NASes, GNU Radius is able to invoke a Rewrite function upon arrival of the packet and before further processing it. This function can transform the packet so, that it obtains the form prescribed by RFCs and its further processing becomes possible.
For example, in the case of AS5300 router, a corresponding rewrite
function parses the Acct-Session-Id attribute, breaks it
down into fields, stores them into proper attributes, creating
them if necessary, and, finally replaces Acct-Session-Id with
its real value, which is the same for start and stop records
corresponding to a single session. Thus all the information that
came with the packet is preserved, but the packet itself is made
usable for proper accounting.
A special attribute, Rewrite-Function, is used to trigger
invocation of a Rewrite function. Its value is a name of the
function to be invoked.
When used in a `naslist' profile, the attribute causes the function
to be invoked when the incoming request matches the huntgroup
(see section Huntgroups). For example, to have a function fixup
invoked for each packet from the NAS 10.10.10.11, the
following huntgroup rule may be used:
DEFAULT NAS-IP-Address = 11.10.10.11
Rewrite-Function = "fixup"
The Rewrite-Function attribute may also be used in a `hints'
rule. In this case, it will invoke the function if the request matches
the rule (see section Hints). For example, this `hints' rule will
cause the function to be invoked for each request containing the username
starting with `P':
DEFAULT Prefix = "P"
Rewrite-Function = "fixup"
Please note, that in both cases the attribute can be used either in LHS or in RHS pairs of a rule.
The packet rewrite function must be declared as having no arguments, and returning integer value:
integer fixup()
{
}
The actual return value from such a function is ignored, the integer return type is just a matter of convention.
The following subsection present some examples of packet rewriting functions.
Go to the first, previous, next, last section, table of contents.