DIAMETER::avp

Description

This iRules command gives access to set and get attribute-value pairs. Specifics for each command are below in the syntax section. Ordinarily, these rules operate on the current Diameter message in the message payload buffer. However, it is sometimes useful to operate on a specified data stream. This is done by passing the octet stream using the source keyword. For example, if an AVP is of type Grouped, the AVP value can be extracted using

DIAMETER::avp get

, which returns the value of the Grouped AVP. To then use

DIAMETER::avp
 commands on each of the child AVPs, the Grouped AVP value can be passed using the *source* keyword.
Common Parameters for several commands:

avpname|code

  • AVP code number or name as defined in RFC 3588. Currently supported codes are:
    • AUTH-APPLICATION-ID
    • SESSION-ID
    • ORIGIN-HOST
    • RESULT-CODE
    • DESTINATION-REALM
    • DESTINATION-HOST
    • ORIGIN-REALM
    • SUBSCRIPTION-ID
    • SUBSCRIPTION-ID-DATA
    • SUBSCRIPTION-ID-TYPE
    • USER-NAME
    • FRAMED-IP-ADDRESS
    • CLASS
    • SESSION-TIMEOUT
    • CALLING-STATION-ID
    • PROXY-STATE
    • ACCT-SESSION-ID
    • ACCT-MULTI-SESSION-ID
    • EVENT-TIMESTAMP
    • ACCT-INTERIM-INTERVAL
    • HOST-IP-ADDRESS
    • ACCT-APPLICATION-ID
    • VENDOR-SPECIFIC-APPLICATION-ID
    • REDIRECT-HOST-USAGE
    • REDIRECT-MAX-CACHE-TIME
    • SUPPORTED-VENDOR-ID
    • VENDOR-ID
    • FIRMWARE-REVISION
    • PRODUCT-NAME
    • SESSION-BINDING
    • SESSION-SERVER-FAILOVER
    • MULTI-ROUND-TIME-OUT
    • DISCONNECT-CAUSE
    • AUTH-REQUEST-TYPE
    • AUTH-GRACE-PERIOD
    • AUTH-SESSION-STATE
    • ORIGIN-STATE-ID
    • FAILED-AVP
    • PROXY-HOST
    • ERROR-MESSAGE
    • ROUTE-RECORD
    • PROXY-INFO
    • RE-AUTH-REQUEST-TYPE
    • ACCOUNTING-SUB-SESSION-ID
    • AUTHORIZATION-LIFETIME
    • REDIRECT-HOST
    • ERROR-REPORTING-HOST
    • TERMINATION-CAUSE
    • EXPERIMENTAL-RESULT
    • EXPERIMENTAL-RESULT-CODE
    • INBAND-SECURITY-ID
    • E2E-SEQUENCE
    • USER-EQUIPMENT-INFO
    • USER-EQUIPMENT-TYPE
    • USER-EQUIPMENT-VALUE
    • ACCOUNTING-RECORD-TYPE
    • ACCOUNTING-REALTIME-REQUIRED
    • ACCOUNTING-RECORD-NUMBER

type

get, set and create takes TCL’s string data and uses “type” to interpret and store the TCL string. The “type” is one of the following:

  • octetstring - data is the same TCL string of characters
  • integer32 - data is a 32-bit integer
  • unsigned32 - data is an unsigned 32-bit integer
  • integer64 - data is a 64-bit integer
  • unsigned64 - data is an unsigned 64-bit integer
  • ip4 - data is 4 bytes of an ipv4 address, ie. 1.2.3.4 is stored as \0x010x020x030x04
  • ip6 - data is 16 bytes of an ipv6 address
  • grouped - data is non-signular, derived, or grouped/nested AVPs, and interpreted as a raw binary string. This works with TCL’s binary format … command.
  • octet - deprecated since 11.3.0 as it is not an RFC3588 type
  • string - deprecated since 11.3.0 as it is not an RFC3588 type ===Syntax===

DIAMETER::avp codes [index] [source "source-data"]
DIAMETER::avp count [avpname|code] [source "source-data"]
DIAMETER::avp length "avpname|code" [index] [source "source-data"]
DIAMETER::avp vflag get "avpname|code" [index] [source "source-data"]
DIAMETER::avp vflag set "avpname|code" "new-vflag" [index] [source "source-data"]
DIAMETER::avp mflag get "avpname|code" [index] [source "source-data"]
DIAMETER::avp mflag set "avpname|code" "new-mflag" [index] [source "source-data"]
DIAMETER::avp pflag get "avpname|code" [index] [source "source-data"]
DIAMETER::avp pflag set "avpname|code" "new-pflag" [index] [source "source-data"]
DIAMETER::avp flags get "avpname|code" [index] [source "source-data"]
DIAMETER::avp flags set "avpname|code" "new-flags" [index] [source "source-data"]
DIAMETER::avp vendorid get "avpname|code" [index] [source "source-data"]
DIAMETER::avp vendorid set "avpname|code" "new-vendorid" [index] [source "source-data"][vendor-id "vendor-id"]
DIAMETER::avp data get "avpname|code" "type" [index] [source "source-data"]
DIAMETER::avp data set "avpname|code" "new-data" "type" [index] [source "source-data"]
DIAMETER::avp create "avpname|code" "v" "m" "p" "vendorid" "data" [type]
DIAMETER::avp read "avpname|code" [index] [source "source-data"]
DIAMETER::avp delete "avpname|code" [index] [source "source-data"]
DIAMETER::avp replace "avpname|code" "new-avp" [index] [source "source-data"]
DIAMETER::avp insert "avpname|code" "new-avp" [index] [source "source-data"]
DIAMETER::avp append "avpname|code" "new-avp" [index] [source "source-data"]

LTM version 11.3.0 and above:
DIAMETER::avp data get "avpname|code" "type" [index "index"] [source "source-data"] [vendor-id "vendor-id”]

DIAMETER::avp codes [index] [source “source-data”]

  • return list of all AVP codes. If index is specified, return only of AVP at index. Optional, source of data to be parsed can be specified by using source as a keyword follow by the data (as a binary octet sequence of AVP(s)).

DIAMETER::avp count [avpname|code] [source “source-data”]

  • return the number of all the AVP(code) present. If code is not specified, return number of all AVPs.

DIAMETER::avp length “avpname|code” [index] [source “source-data”]

  • return AVP(avpname|code)’s length. If index is not specified, return information of the first present. Otherwise, return information at the zero-based index value. Optional, source of data to be parsed can be specified by using source as a keyword follow by the data (as a binary).

DIAMETER::avp vflag get “avpname|code” [index] [source “source-data”]

  • get vendor-specific bit

DIAMETER::avp vflag set “avpname|code” “new-vflag” [index] [source “source-data”]

  • set vendor-specific bit

DIAMETER::avp mflag get “avpname|code” [index] [source “source-data”]

  • get mandatory bit

DIAMETER::avp mflag set “avpname|code” “new-mflag” [index] [source “source-data”]

  • set mandatory bit

DIAMETER::avp pflag get “avpname|code” [index] [source “source-data”]

  • get “P” bit which indicates the need for encryption for end-to-end security.

DIAMETER::avp pflag set “avpname|code” “new-pflag” [index] [source “source-data”]

  • set “P” bit which indicates the need for encryption for end-to-end security.

DIAMETER::avp flags get “avpname|code” [index] [source “source-data”]

  • get flags in unsigned char which is equivalent to VMP in binary number. For example, if all bits are set, this command will return 7. This command makes iRule slightly faster when all flags are to be retrieved

DIAMETER::avp flags set “avpname|code” “new-flags” [index] [source “source-data”]

  • set flags in unsigned char which is equivalent to VMP in binary number.

DIAMETER::avp vendorid get “avpname|code” [index] [source “source-data”]


DIAMETER::avp vendorid set “avpname|code” “new-vendorid” [index] [source “source-data”] [vendor-id “vendor-id”]

  • set AVPcode’s vendor-id. Same rule as above for code, index and source_data.

    In v14+ you can set the vendor-id attribute as well.


DIAMETER::avp data get “avpname|code” “type” [index] [source “source-data”]

  • get AVPcode’s data and interprete data as “type”. “type” is either one of the following: octet, string, integer32, unsigned32, ip4, ip6, grouped. If “type” is specified as “grouped”, data is returned as raw (or binary).

DIAMETER::avp data set “avpname|code” “new-data” “type” [index] [source “source-data”]

  • set AVPcode’s data and interprete data as “type”. “type” is either one of the following: octet, string, integer32, unsigned32, ip4, ip6, grouped. If “type” is specified as “grouped”, data is returned as raw (or binary).

DIAMETER::avp create “avpname|code” “v” “m” “p” “vendorid” “data” [type]

  • create new AVP and return the whole AVP as a binary

DIAMETER::avp read “avpname|code” [index] [source “source-data”]

  • return AVP(avpname|code) as a binary (including header and data) (at zero-based index index)

DIAMETER::avp delete “avpname|code” [index] [source “source-data”]

  • delete “avpname|code” (at zero-based index index)

DIAMETER::avp replace “avpname|code” “new-avp” [index] [source “source-data”]

  • replace existing AVP(avpname|code) at zero-based index index with “newavp”

DIAMETER::avp insert “avpname|code” “new-avp” [index] [source “source-data”]

  • insert new “newavp” at the position of “avpname/code” (at zero-based index index). if “avpname|code” does not exist, currently it will be appended at end of all AVPs. (in future, we may consider changing behavior to insert at beginning)

DIAMETER::avp append “avpname|code” “new-avp” [index] [source “source-data”]

  • append new “newavp” to “avpname/code” (at zero-based index index). if “avpname|code” does not exist, currently it will be appended at end of all AVPs

Examples

when DIAMETER_EGRESS {
     # Sets the flags of the AVP Product Name to 0 (for Vendor Specific, Mandatory, Protected and Reserved)
     DIAMETER::avp flags set 269 0
     # Checks that the flags are properly set (was a bug in 11.3, solved in 11.4
     log local0. "AVP : [DIAMETER::avp flags get 269] "
     # Removes the Supported-Vendor-Id from the request
     DIAMETER::avp delete 265
}

The AVP 257 (“Host-IP-Address”) is defined by RFC 3588 as type “Address”, which starts the first two octets as the address type, and the remaining as the actual ip4 4-octet or ip6 16-octet address. So to create and insert AVP 257 with the ipv4 address of 192.168.1.254, we can use the following TCL command:

set my_avp_data [DIAMETER::avp create 257 0 1 0 0 [binary format Sc4 1 {192 168 1 254} ] grouped]
DIAMETER::avp insert 257 $my_avp_data

The AVP 260 with Vendor-ID 0 is “Application-Specific-Vendor-Id” and is of type Grouped. To operate on the Grouped values, feed the Grouped data stream to

AVP::Diameter

with the source keyword:

when DIAMETER_INGRESS {
    set app_spec_avp [DIAMETER::avp data get 260 grouped]
    log local0. "Found ([DIAMETER::avp count source $app_spec_avp]) AVPs within Application-Specific-Vendor-Id AVP"
}