Opened 4 months ago

Last modified 5 weeks ago

#5536 reviewing enhancement

Radius option definitions

Reported by: tomek Owned by: UnAssigned
Priority: low Milestone: Kea1.5
Component: hook-radius Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

The RadiusDesign calls for an optional mechanism that will query the Radius server about specific client. Typically this functionality has been done by a relay, which then inserted Radius options into DHCP message before forwarding it to the server.

Kea should be able to understand such options. See RFC4014 (v4) and RFC7037 (v6) for details. Kea should be able to represent radius attributes as sub-options, so general mechanisms, like client classification could be used.

This ticket calls for option definitions only. No special handling logic should be implemented.

Subtickets

Change History (6)

comment:1 Changed 4 months ago by tomek

  • Summary changed from Radius options to Radius option definitions

comment:2 Changed 7 weeks ago by tomek

  • Priority changed from medium to low

comment:3 Changed 6 weeks ago by fdupont

RFC 4014: DHCPv4 RAI sub option 7 which BTW is already defined (so IMHO there is nothing to do for this).
RFC 7037: DHCPv6 OPTION_RADIUS code 81 which is not defined. Seems it is enough to define it as binary (3 files to update).

comment:4 Changed 6 weeks ago by fdupont

  • Owner set to fdupont
  • Status changed from new to accepted

comment:5 Changed 6 weeks ago by fdupont

  • Owner changed from fdupont to UnAssigned
  • Status changed from accepted to reviewing

For DHCPv4 we are not really equipped to parse RAI. For DHCPv6 unfortunately RADIUS attributes are not compatible with (sub)option format. So there are two solutions:

  • keep current solution (i.e., DHCPv6 RADIUS option defined as binary).
  • same but create a followup ticket adding a RADIUS attribute type. IMHO it is far too heavy to get it in a reasonable timeframe.

Anyway the current branch (trac5536) is ready for (easy) review.

comment:6 Changed 5 weeks ago by tomek

  • Milestone changed from Kea1.4 to Kea1.5

I reviewed the code. It does not solve any problems. And since we won't be able to do anything about it, let's move it to 1.5.

We should have a proper mechanism to handling RADIUS options that includes sub-options. I think we need to implement a way that the attributes be represented as suboptions, so expressions could use them. Alternatively, maybe we need a dedicated expression to handle them?

In any case, this is way too big for 1.4. Moving to 1.5.

Note: See TracTickets for help on using tickets.