ltm rule command DIAMETER avp
iRule(1) BIG-IP TMSH Manual iRule(1)
DIAMETER::avp
Provides detailed access to diameter attribute-value pairs.
SYNOPSIS
DIAMETER::avp (
( 'codes' ('index' UNSIGNED_INT)? ('source'
DIAMETER_MESSAGE)? ) |
( 'count' ('source' DIAMETER_MESSAGE)? ) |
( 'count' (AVP_NAME | AVP_CODE) ('source' DIAMETER_MESSAGE)? ) |
( 'length' (AVP_NAME | AVP_CODE)
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( 'create' (AVP_NAME | AVP_CODE) VFLAG_BINARY MFLAG_BINARY PFLAG_BINARY
VENDOR_ID AVPDATA_RAW DIAMETER_DESIRED_TYPE ) |
( 'read' (AVP_NAME | AVP_CODE)
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( 'delete' (AVP_NAME | AVP_CODE)
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( ('replace' | 'insert' | 'append') (AVP_NAME | AVP_CODE) AVPDATA_RAW
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( ('vflag' | 'mflag' | 'pflag' | 'flags' | 'vendorid')
'get' (AVP_NAME | AVP_CODE)
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( ('vflag' | 'mflag' | 'pflag') 'set' (AVP_NAME | AVP_CODE) FLAG_BINARY
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( 'flags' 'set' (AVP_NAME | AVP_CODE) FLAGS_UNSIGNEDCHAR
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( 'vendorid' 'set' (AVP_NAME | AVP_CODE) VENDOR_ID
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( 'data' 'get' (AVP_NAME | AVP_CODE)
DIAMETER_DESIRED_TYPE
('index' UNSIGNED_INT)?
('vendor-id' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? ) |
( 'data' 'set' (AVP_NAME | AVP_CODE) AVPDATA_RAW
DIAMETER_DESIRED_TYPE
('index' UNSIGNED_INT)?
('source' DIAMETER_MESSAGE)? )
)
DESCRIPTION
This iRule command gives access to set and get attribute-value pairs.
Specifics for each command are below in the syntax section.
The AVP upon which this command operates is specified in a flexible
manner. An AVP name or code (usually) must be specified, and an
optional index may be also specified. Some commands also accept a
vendor-id. When a name is specified, it is converted to a code. Names
are written as listed in RFC 3588, formatted as e.g., "HOST-IP-
ADDRESS". AVP codes are 32-bit integer quantities.
When an index is not specified, the first AVP having that code is
selected. This works exactly the same as specifying "index 0".
When an index is specified, the Nth AVP having that code is selected.
When an index and a nonzero vendor-id are specified, all of the
matching vendor-specific AVP groups are searched in order. For
example, suppose the message is structured as follows:
- Vendor-specific group AVP, vendor-ID 3375
- AVP, code 8, contents "abc"
- AVP, code 9, contents "def" - Vendor-specific group AVP, vendor-ID
32473
- AVP, code 10, contents "ghi"
- AVP, code 8, contents "jkl" - Vendor-specific group AVP, vendor-id
3375
- AVP, code 8, contents "mno"
If the iRule command reads:
DIAMETER::avp data get 8 octetstring index 1 vendor-id 3375 then the
value returned will be the bytes "mno".
Common Parameters for several commands:
avpname|code
* AVP code number or name as defined in RFC 3588.
type
get, set and create takes TCL's string data and uses "type" to
interpret and store the TCL string. The "type" is one of the following:
* octetstring - data is the same TCL string of characters
* integer32 - data is a 32-bit integer
* unsigned32 - data is an unsigned 32-bit integer
* integer64 - data is a 64-bit integer
* unsigned64 - data is an unsigned 64-bit integer
* ip4 - data is 4 bytes of an ipv4 address, i.e., 1.2.3.4 is
stored as "\0x01\0x02\0x03\0x04". The address in the AVP may
be preceded by a two-byte type tag as defined in RFC 6733
section 4.3.1; if so, the tag must be 1.
* ip6 - data is 16 bytes of an ipv6 address. The address in the
AVP may be preceded by a two-byte type tag as defined in RFC
6733 section 4.3.1; if so, the tag must be 2.
* grouped - data is non-singular, derived, or grouped/nested
AVPs, and interpreted as a raw binary string. This works with
TCL's binary format ... command. In many cases this is
equivalent to 'octetstring'.
* octet - deprecated, not an RFC3588 type
* string - deprecated, not an RFC3588 type
source
Normally, this command implicitly operates on the Diameter message
which is currently being processed.
If the 'source' argument is specified, the command will read from
the source argument instead. This value must be a Diameter message
payload, with no header. Instead of modifying the value given, a
modified copy of it will be returned as the value of the command.
Syntax
DIAMETER::avp codes [index "avp-index"] [source "source-data"]
* Return list of all AVP codes. If index is specified, return
only AVP at index.
DIAMETER::avp count [avpname|code] [source "source-data"]
* Return how many AVPs would be selected. If code is not
specified, returns count of all AVPs in the message.
DIAMETER::avp length "avpname|code" [index "avp-index"] [source
"source-data"]
* Return the selected AVP's length. The returned value includes
the header fields, body length, and padding.
DIAMETER::avp vflag get "avpname|code" [index "avp-index"] [source
"source-data"]
* Get vendor-specific bit
DIAMETER::avp vflag set "avpname|code" "new-vflag" [index "avp-index"]
[source "source-data"]
* Set vendor-specific bit
DIAMETER::avp mflag get "avpname|code" [index "avp-index"] [source
"source-data"]
* Get "M" bit, indicating that processing of this AVP is mandatory.
DIAMETER::avp mflag set "avpname|code" "new-mflag" [index "avp-index"]
[source "source-data"]
* Set "M" bit, indicating that processing of this AVP is mandatory.
DIAMETER::avp pflag get "avpname|code" [index "avp-index"] [source
"source-data"]
* Get "P" bit which indicates the need for encryption for end-to-end
security.
DIAMETER::avp pflag set "avpname|code" "new-pflag" [index "avp-index"]
[source "source-data"]
* Set "P" bit which indicates the need for encryption for end-to-end
security.
DIAMETER::avp flags get "avpname|code" [index "avp-index"] [source
"source-data"]
* Get flags in unsigned char which is equivalent to VMP in binary
number. For example, if all flag bits are set, this command
will return 7. This command makes iRule slightly faster when
all flags are to be retrieved.
DIAMETER::avp flags set "avpname|code" "new-flags" [index "avp-index"]
[source "source-data"]
* Set flags in unsigned char which is equivalent to VMP in binary
number.
DIAMETER::avp vendorid get "avpname|code" [index "avp-index"] [source
"source-data"]
* Get the selected AVP's vendor-id.
DIAMETER::avp vendorid set "avpname|code" "new-vendorid" [index
"avp-index"] [source "source-data"]
* Set the selected AVP's vendor-id.
DIAMETER::avp data get "avpname|code" "type" [index "avp-index"]
[source "source-data"] LTM version 11.3.0 and above: DIAMETER::avp data
get "avpname|code" "type" [index "index"] [source "source-data"]
[vendor-id "vendor-id"]
* Get the selected AVP's content and interprete it as "type".
"type" is one of the following: octetstring, integer32,
unsigned32, ip4, ip6, grouped.
DIAMETER::avp data set "avpname|code" "new-data" "type" [index
"avp-index"] [source "source-data"]
* Set the selected AVP's content to "new-data". "type" is either
one of the following: octetstring, integer32, unsigned32, ip4,
ip6, grouped.
DIAMETER::avp create "avpname|code" "v" "m" "p" "vendorid" "data"
"type"
* Create new AVP and return the whole AVP as a binary, including
the AVP header.
DIAMETER::avp read "avpname|code" [index "avp-index"] [source
"source-data"]
* Return the whole selected AVP as a binary, including the AVP
header.
DIAMETER::avp delete "avpname|code" [index "avp-index"] [source
"source-data"]
* delete the selected AVP
DIAMETER::avp replace "avpname|code" "new-avp" [index "avp-index"]
[source "source-data"]
* replace the selected AVP with "new-avp"
DIAMETER::avp insert "avpname|code" "new-avp" [index "avp-index"]
[source "source-data"]
* insert new "newavp" just before the selected AVP. If the
selected AVP does not exist, currently it will be appended at
end of all AVPs. This specific behavior should not be
considered stable.
DIAMETER::avp append "avpname|code" "new-avp" [index "avp-index"]
[source "source-data"]
* Insert new "new-avp" just after the selected AVP. If the
selected AVP does not exist, currently it will be appended at
the end of all AVPs.
RETURN VALUE
VALID DURING
DIAMETER_INGRESS, DIAMETER_EGRESS, MR_INGRESS, MR_EGRESS, MR_FAILED
EXAMPLES
when DIAMETER_EGRESS {
# Sets the flags of the AVP Product Name to 0 (for Vendor Specific, Mandatory, Protected and Reserved)
DIAMETER::avp flags set 269 0
# Checks that the flags are properly set (was a bug in 11.3, solved in 11.4)
log local0. "AVP : [DIAMETER::avp flags get 269] "
# Removes the Supported-Vendor-Id from the request
DIAMETER::avp delete 265
}
The AVP 257 ("Host-IP-Address") is defined by RFC 3588 as type
"Address", which starts the first two octets as the address type, and
the remaining as the actual ip4 4-octet or ip6 16-octet address. So to
create and insert AVP 257 with the ipv4 address of 192.168.1.254, we
can use the following TCL command:
set my_avp_data [DIAMETER::avp create 257 0 1 0 0 [binary format Sc4 1 {192 168 1 254} ] grouped]
DIAMETER::avp insert 257 $my_avp_data
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.0.0 --First introduced the command. @BIGIP-11.3.0
--Deprecated types 'octet' and 'string'. Use 'octetstring' instead.
BIG-IP 2017-01-31 iRule(1)