<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dictionary SYSTEM "dictionary.dtd" [
<!ENTITY nasreq SYSTEM "nasreq.xml">
<!ENTITY mobileipv4 SYSTEM "mobileipv4.xml">
<!ENTITY sunping SYSTEM "sunping.xml">
]>
<dictionary>
<base uri="ftp://ftp.ietf.org/internet-drafts/draft-ietf-aaa-diameter-07.txt">
<!--
$Log: dictionary.xml,v $
Revision 1.1 2001/11/01 21:52:44 guy
From David Frascone: duUpdate to Diameter dissector to load the
dictionary as an XML file rather than building it in, and various
Diameter updates.
Revision 1.7 2001/08/24 18:03:24 chaos
Mark's Changes
Revision 1.6 2001/07/31 19:13:55 chaos
Missed a couple of MIP AVPs
Revision 1.5 2001/07/31 19:09:22 chaos
Added Mobile-Ip and Sun Ping Extension
Revision 1.4 2001/07/31 17:43:25 chaos
Oops, forgot to turn on validity checking. Fixed some errors found with validity checking turned on
Revision 1.3 2001/07/31 16:56:31 chaos
Added commands, and validated with xmllint
Revision 1.2 2001/07/31 16:29:34 chaos
Checking in some changes to verify log and ident strings
-->
<!-- *********************** Commands ***************************** -->
<!-- Diameter Base Protocol Command Codes -->
<command name="Abort-Session" code="274" vendor-id="None">
<!-- Maybe some avp stuff here one day -->
</command>
<command name="Accounting" code="271" vendor-id="None"/>
<command name="Capabilities-Exchange" code="257" vendor-id="None"/>
<command name="Device-Watchdog" code="280" vendor-id="None"/>
<command name="Disconnect-Peer" code="282" vendor-id="None"/>
<command name="Re-Auth" code="258" vendor-id="None"/>
<command name="Session-Termination" code="275" vendor-id="None"/>
<!-- ********************** End Commands ************************** -->
<!-- ************************* Vendors **************************** -->
<vendor vendor-id="None" code="0" name="None"/>
<vendor vendor-id="Merit" code="61" name="Merit Networks"/>
<vendor vendor-id="Sun" code="42" name="Sun Microsystems, Inc."/>
<vendor vendor-id="USR" code="429" name="US Robotics Corp."/>
<!-- *********************** End Vendors ************************** -->
<!-- ************************ typedefn's ************************** -->
<typedefn type-name="OctetString"/>
<!--
The data contains arbitrary data of variable length. Unless
otherwise noted, the AVP Length field MUST be set to at least 9
(13 if the 'V' bit is enabled). Data used to transmit (human
readable) character string data uses the UTF-8 [24] character
set and is NOT NULL-terminated. The minimum Length field MUST
be 9, but can be set to any value up to 65504 bytes. AVP Values
of this type that do not align on a 32-bit boundary MUST have
the necessary padding.
-->
<typedefn type-name="UTF8String" type-parent="OctetString"/>
<!--
The UTF8String format is derived from the OctetString AVP Base
Format. This is a human readable string represented using the
ISO/IEC IS 10646-1 character set, encoded as an OctetString
using the UTF-8 [29] transformation format described in RFC
2279.
Since additional code points are added by amendments to the
10646 standard from time to time, implementations MUST be
prepared to encounter any code point from 0x00000001 to
0x7fffffff. Byte sequences that do not correspond to the valid
UTF-8 encoding of a code point or are outside this range are
prohibited. Note that since a code point of 0x00000000 is
prohibited, no octet will contain a value of 0x00.
The use of control codes SHOULD be avoided. When it is
necessary to represent a newline, the control code sequence CR
LF SHOULD be used.
The use of leading or trailing white space SHOULD be avoided.
For code points not directly supported by user interface
hardware or software, an alternative means of entry and
display, such as hexadecimal, MAY be provided.
For information encoded in 7-bit US-ASCII, the UTF-8 encoding
is identical to the US-ASCII encoding.
UTF-8 may require multiple bytes to represent a single
character / code point; thus the length of a UTF8String in
octets may be different from the number of characters encoded.
Note that the size of an UTF8String is measured in octets, not
characters.
The UTF8String MUST not contain any octets with a value of
zero.
-->
<typedefn type-name="IPAddress" type-parent="OctetString"/>
<!--
The IPAddress format is derived from the OctetString AVP Base
Format. It represents 32 bit (IPv4) [17] or 128 bit (IPv6) [16]
address, most significant octet first. The format of the
address (IPv4 or IPv6) is determined by the length. If the
attribute value is an IPv4 address, the AVP Length field MUST
be 12 (16 if 'V' bit is enabled), otherwise the AVP Length
field MUST be set to 24 (28 if the 'V' bit is enabled) for IPv6
addresses.
-->
<typedefn type-name="DiameterIdentity" type-parent="OctetString"/>
<!--
The DiameterIdentity format is derived from the OctetString AVP
Base Format. It uses the UTF-8 encoding and has the same
requirements as the UTF8String. In addition, it must follow
the Uniform Resource Identifiers (URI) syntax [29] rules
specified below:
Diameter-Identity = fqdn [ port ] [ transport ]
[ protocol ]
aaa-protocol = ( "diameter" | "radius" | "tacacs+" )
protocol = ";protocol=" aaa-protocol
; If absent, the default AAA protocol
; is diameter.
fqdn = Fully Qualified Host Name
port = ":" 1*DIGIT
; One of the ports used to listen for
; incoming connections. ; If absent,
; the default Diameter port (TBD) is
; assumed.
transport-protocol = ( "tcp" | "sctp" | "udp" )
transport = ";transport=" transport-protocol
; One of the transports used to listen
; for incoming connections. If absent,
; the default SCTP [26] protocol is
; assumed. UDP MUST NOT be used when
; the aaa-protocol field is set to
; diameter.
The following are examples of valid Diameter host
identities:
host.abc.com;transport=tcp
host.abc.com:6666;transport=tcp
aaa://host.abc.com;protocol=diameter
aaa://host.abc.com:6666;protocol=diameter
aaa://host.abc.com:6666;transport=tcp;protocol=diameter
aaa://host.abc.com:1813;transport=udp;protocol=radius
Since multiple Diameter processes on a single host cannot
listen for incoming connections on the same port on a given
protocol, the DiameterIdentity is guaranteed to be unique per
host.
A Diameter node MAY advertise different identities on each
connection, via the CER and CEA's Origin-Host AVP, but the same
identity MUST be used throughout the duration of a connection.
When comparing AVPs of this format, it is necessary to add any
absent fields with the default values prior to the comparison.
For example, diameter-host.abc.com would be expanded to
aaa://diameter/diameter-host.abc.com:TBD;protocol=sctp.
-->
<typedefn type-name="IPFilterRule" type-parent="OctetString"/>
<!--
The IPFilterRule format is derived from the OctetString AVP
Base Format. It uses the UTF-8 encoding and has the same
requirements as the UTF8String. Packets may be filtered based
on the following information that is associated with it:
Direction (in or out)
Source and destination IP address (possibly masked)
Protocol
Source and destination port (lists or ranges)
TCP flags
IP fragment flag
IP options
ICMP types
Rules for the appropriate direction are evaluated in order,
with the first matched rule terminating the evaluation. Each
packet is evaluated once. If no rule matches, the packet is
dropped if the last rule evaluated was a permit, and passed if
the last rule was a deny.
IPFilterRule filters MUST follow the format:
action dir proto from src to dst [options]
action permit - Allow packets that match the rule.
deny - Drop packets that match the rule.
dir "in" is from the terminal, "out" is to the
terminal.
proto An IP protocol specified by number. The "ip"
keyword means any protocol will match.
src and dst <address/mask> [ports]
The <address/mask> may be specified as:
ipno An IPv4 or IPv6 number in dotted-
quad or canonical IPv6 form. Only
this exact IP number will match the
rule.
ipno/bits An IP number as above with a mask
width of the form 1.2.3.4/24. In
this case all IP numbers from
1.2.3.0 to 1.2.3.255 will match.
The bit width MUST be valid for the
IP version and the IP number MUST
NOT have bits set beyond the mask.
The sense of the match can be inverted by
preceding an address with the not modifier,
causing all other addresses to be matched
instead. This does not affect the selection of
port numbers.
The keyword "any" is 0.0.0.0/0 or the IPv6
equivalent. The keyword "assigned" is the
address or set of addresses assigned to the
terminal. The first rule SHOULD be "deny in
ip !assigned".
With the TCP, UDP and SCTP protocols, optional
ports may be specified as:
{port|port-port}[,port[,...]]
The `-' notation specifies a range of ports
(including boundaries).
Fragmented packets which have a non-zero offset
(i.e. not the first fragment) will never match
a rule which has one or more port
specifications. See the frag option for
details on matching fragmented packets.
options:
frag Match if the packet is a fragment and this is not
the first fragment of the datagram. frag may not
be used in conjunction with either tcpflags or
TCP/UDP port specifications.
ipoptions spec
Match if the IP header contains the comma
separated list of options specified in spec. The
supported IP options are:
ssrr (strict source route), lsrr (loose source
route), rr (record packet route) and ts
(timestamp). The absence of a particular option
may be denoted with a `!'.
tcpoptions spec
Match if the TCP header contains the comma
separated list of options specified in spec. The
supported TCP options are:
mss (maximum segment size), window (tcp window
advertisement), sack (selective ack), ts (rfc1323
timestamp) and cc (rfc1644 t/tcp connection
count). The absence of a particular option may
be denoted with a `!'.
established
TCP packets only. Match packets that have the RST
or ACK bits set.
setup TCP packets only. Match packets that have the SYN
bit set but no ACK bit.
tcpflags spec
TCP packets only. Match if the TCP header
contains the comma separated list of flags
specified in spec. The supported TCP flags are:
fin, syn, rst, psh, ack and urg. The absence of a
particular flag may be denoted with a `!'. A rule
which contains a tcpflags specification can never
match a fragmented packet which has a non-zero
offset. See the frag option for details on
matching fragmented packets.
icmptypes types
ICMP packets only. Match if the ICMP type is in
the list types. The list may be specified as any
combination of ranges or individual types
separated by commas. The supported ICMP types
are:
echo reply (0), destination unreachable (3),
source quench (4), redirect (5), echo request
(8), router advertisement (9), router
solicitation (10), time-to-live exceeded (11), IP
header bad (12), timestamp request (13),
timestamp reply (14), information request (15),
information reply (16), address mask request (17)
and address mask reply (18).
There is one kind of packet that the access device MUST always
discard, that is an IP fragment with a fragment offset of one.
This is a valid packet, but it only has one use, to try to
circumvent firewalls.
An access device that is unable to interpret or apply a deny
rule MUST terminate the session. An access device that is
unable to interpret or apply a permit rule MAY apply a more
restrictive rule. An access device MAY apply deny rules of
its own before the supplied rules, for example to protect
the access device owner's infrastructure.
The rule syntax is a modified subset of ipfw(8) from FreeBSD,
and the ipfw.c code may provide a useful base for
implementations.
-->
<typedefn type-name="QOSFilterRule" type-parent="OctetString"/>
<!--
The QosFilterRule format is derived from the OctetString AVP
Base Format. It uses the UTF-8 encoding and has the same
requirements as the UTF8String. Packets may be marked or
metered based on the following information that is associated
with it:
Direction (in or out)
Source and destination IP address (possibly masked)
Protocol
Source and destination port (lists or ranges)
DSCP values (no mask or range)
Rules for the appropriate direction are evaluated in order,
with the first matched rule terminating the evaluation. Each
packet is evaluated once. If no rule matches, the packet is
treated as best effort.
QoSFilterRule filters MUST follow the format:
action dir proto from src to dst [options]
tag - Mark packet with a specific DSCP [49].
The DSCP option MUST be included.
meter - Meter traffic. The metering options
MUST be included.
dir "in" is from the terminal, "out" is to the
terminal.
proto An IP protocol specified by number. The "ip"
keyword means any protocol will match.
src and dst <address/mask> [ports]
The <address/mask> may be specified as:
ipno An IPv4 or IPv6 number in dotted-
quad or canonical IPv6 form. Only
this exact IP number will match the
rule.
ipno/bits An IP number as above with a mask
width of the form 1.2.3.4/24. In
this case all IP numbers from
1.2.3.0 to 1.2.3.255 will match.
The bit width MUST be valid for the
IP version and the IP number MUST
NOT have bits set beyond the mask.
The sense of the match can be inverted by
preceding an address with the not modifier,
causing all other addresses to be matched
instead. This does not affect the selection of
port numbers.
The keyword "any" is 0.0.0.0/0 or the IPv6
equivalent. The keyword "assigned" is the
address or set of addresses assigned to the
terminal. The first rule SHOULD be "deny in
ip !assigned".
With the TCP, UDP and SCTP protocols, optional
ports may be specified as:
{port|port-port}[,port[,...]]
The `-' notation specifies a range of ports
(including boundaries).
options:
DSCP <color>
color values as defined in [49]. Exact matching
of DSCP values is required (no masks or ranges).
the "deny" can replace the color_under or
color_over values in the meter action for rate-
dependent packet drop.
metering <rate> <color_under> <color_over>
The metering option provides Assured Forwarding,
as defined in [50], and MUST be present if the
action is set to meter. The rate option is the
throughput, in bits per second, which is used by
the access device to mark packets. Traffic above
the rate is marked with the color_over codepoint,
while traffic under the rate is marked with the
color_under codepoint. The color_under and
color_over options contain the drop preferences,
and MUST conform to the recommended codepoint
keywords described in [50] (e.g. AF13).
The metering option also supports the strict
limit on traffic required by Expedited
Forwarding, as defined in [51]. The color_over
option may contain the keyword "drop" to prevent
forwarding of traffic that exceeds the rate
parameter.
The rule syntax is a modified subset of ipfw(8) from FreeBSD,
and the ipfw.c code may provide a useful base for
implementations.
-->
<typedefn type-name="MIPRegistrationRequest" type-parent="OctetString"/>
<typedefn type-name="Integer32"/>
<!--
32 bit signed value, in network byte order. The AVP Length
field MUST be set to 12 (16 if the 'V' bit is enabled).
-->
<typedefn type-name="VendorId" type-parent="Integer32"/>
<typedefn type-name="AppId" type-parent="Integer32"/>
<typedefn type-name="Integer64"/>
<!--
64 bit signed value, in network byte order. The AVP Length
field MUST be set to 16 (20 if the 'V' bit is enabled).
-->
<typedefn type-name="Unsigned32"/>
<!--
32 bit unsigned value, in network byte order. The AVP Length
field MUST be set to 12 (16 if the 'V' bit is enabled).
Unsigned32 values used to transmit time data contains the four
most significant octets returned from NTP [18], in network byte
order.
-->
<typedefn type-name="Time"/>
<!--
The Time format is derived from the Unsigned32 AVP Base Format.
This is 32 bit unsigned value containing the four most
significant octets returned from NTP [18], in network byte
order.
This represent the number of seconds since 0h on 1 January 1900
with respect to the Coordinated Universal Time (UTC).
On 6h 28m 16s UTC, 7 February 2036 the time value will
overflow. NTP [18] describes a procedure to extend the time to
2104.
-->
<typedefn type-name="Unsigned64"/>
<!--
64 bit unsigned value, in network byte order. The AVP Length
field MUST be set to 16 (20 if the 'V' bit is enabled).
-->
<!-- ************************* End Typedefns ************************ -->
<!-- ******************* DIAMETER BASE PROTOCOL AVPS ************************ -->
<avp name="Accounting-Interim-Interval" code="482" mandatory="must" may-encrypt="yes" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Accounting-Multi-Session-Id" code="50" mandatory="must" protected="may" may-encrypt="yes" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Accounting-Record-Number" code="485" mandatory="must" may-encrypt="yes" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Accounting-Record-Type" code="480" mandatory="must" may-encrypt="yes" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="Event Record" code="1"/>
<enum name="Start Record" code="2"/>
<enum name="Interim Record" code="3"/>
<enum name="Stop Record" code="4"/>
</avp>
<avp name="Accounting-Session-Id" code="44" mandatory="must" protected="may" may-encrypt="yes" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Acct-Application-Id" code="259" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="AppId"/>
</avp>
<avp name="Alternate-Peer" code="275" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Auth-Application-Id" code="258" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="AppId"/>
</avp>
<avp name="Auth-Request-Type" code="274" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="Authenticate Only" code="1"/>
<enum name="Authorize Only" code="2"/>
<enum name="Authorize Authenticate" code="3"/>
</avp>
<avp name="Authorization-Lifetime" code="291" mandatory="must" may-encrypt="no" vendor-bit="mustnot">
<type type-name="Integer32"/>
</avp>
<avp name="Auth-Grace-Period" code="276" mandatory="must" may-encrypt="no" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Auth-Session-State" code="277" mandatory="must" may-encrypt="no" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="State Maintained" code="0"/>
<enum name="No State Maintained" code="0"/>
</avp>
<avp name="Re-Auth-Request-Type" code="285" mandatory="must" may-encrypt="no" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="Authorize Only" code="0"/>
<enum name="Authorize Authenticate" code="1"/>
</avp>
<avp name="Destination-Host" code="293" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Destination-Realm" code="283" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="UTF8String"/>
</avp>
<avp name="Disconnect-Cause" code="273" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="Rebooting" code="0"/>
<enum name="Busy" code="2"/>
<enum name="Do not want to talk to you" code="2"/>
</avp>
<avp name="Error-Message" code="281" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="UTF8String"/>
</avp>
<avp name="Error-Reporting-Host" code="294" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Failed-AVP" code="279" mandatory="must" may-encrypt="no" vendor-bit="mustnot">
<type type-name="OctetString"/>
</avp>
<avp name="Firmware-Revision" code="267" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Host-IP-Address" code="257" mandatory="must" protected="mustnot" may-encrypt="no" vendor-bit="mustnot">
<type type-name="IPAddress"/>
</avp>
<avp name="Multi-Round-Time-Out" code="272" mandatory="must" may-encrypt="yes" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Origin-Host" code="264" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Origin-Realm" code="296" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="UTF8String"/>
</avp>
<avp name="Origin-State-Id" code="278" mandatory="must" protected="mustnot" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Product-Name" code="269" mandatory="mustnot" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="UTF8String"/>
</avp>
<avp name="Proxy-Host" code="280" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Proxy-Info" code="284" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="OctetString"/>
</avp>
<avp name="Redirect-Host" code="292" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Redirect-Host-Usage" code="261" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="Don't Care" code="0"/>
<enum name="All Session" code="1"/>
<enum name="All Realm" code="2"/>
<enum name="Realm and Application" code="3"/>
<enum name="All Application" code="4"/>
<enum name="All Host" code="5"/>
</avp>
<avp name="Redirect-Max-Cache-Time" code="262" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Result-Code" code="268" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Route-Record" code="282" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Session-Id" code="263" mandatory="must" protected="mustnot" vendor-bit="mustnot">
<type type-name="UTF8String"/>
</avp>
<avp name="Session-Binding" code="270" mandatory="must" protected="mustnot" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
</avp>
<avp name="Session-Server-Failover" code="271" mandatory="must" protected="mustnot" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="Refuse Service" code="0"/>
<enum name="Try Again" code="1"/>
<enum name="Allow Service" code="2"/>
<enum name="Try Again / Allow Service" code="3"/>
</avp>
<avp name="Source-Route" code="286" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="DiameterIdentity"/>
</avp>
<avp name="Supported-Vendor-Id" code="265" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="VendorId"/>
</avp>
<avp name="Termination-Cause" code="295" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="Unsigned32"/>
<enum name="Logout" code="1"/>
<enum name="Service Not Provided" code="2"/>
<enum name="Bad Answer" code="3"/>
<enum name="Administrative" code="4"/>
<enum name="Link Broken" code="5"/>
</avp>
<avp name="Vendor-Id" code="266" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<type type-name="VendorId"/>
</avp>
<avp name="Vendor-Specific-Application-Id" code="260" mandatory="must" may-encrypt="no" protected="mustnot" vendor-bit="mustnot">
<grouped>
<gavp name="Vendor-Id"/>
<gavp name="Auth-Application-Id"/>
<gavp name="Acct-Application-Id"/>
</grouped>
</avp>
<avp name="Example-AVP" code="999999" mandatory="mustnot" vendor-bit="may">
<grouped>
<gavp name="Origin-Host"/>
<gavp name="Host-IP-Address"/>
</grouped>
</avp>
<!-- ************************ END DIAMETER BASE PROTOCOL AVPS ******************* -->
</base>
&nasreq;
&mobileipv4;
&sunping;
</dictionary>
distrib
>
Mandriva
>
8.2
>
i586
>
media
>
contrib
>
by-pkgid
>
8a9a733da3e70519cb291445877ddccc
>
files
>
2
