RADIUS

The system provides two Python objects alc.radius, instance of class alc.Radius, and alc.radius.attributes, instance if class alc.RadiusAttributes, to inspect and modify RADIUS packets.

Note

Only the pre-provided alc.radius/alc.radius.attributes object should be used in script, the class alc.Radius/alc.RadiusAttributes should not be used directly.

The alc.Radius class

Provides packet level operations.

Returns a dictionary containing the value of the RADIUS header fields:

  • code (integer)

  • id (integer)

  • len (integer)

  • authenticator (bytes)

print(alc.radius.header())
# {'code': 1, 'id': 202, 'len': 133, 'authenticator': b'\xe5C\xabM\xa1\x82(\x95\xe2\x84\xfai\xe6|\xd8\x92'}
drop()

Drops the packet.

The alc.RadiusAttributes class

Provides attribute level operations.

isSet(type, /)

Checks if a specified attribute is present.

Parameters

type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.

Return type

bool

get(type, /)

Retrieves the value of a specified attribute.

Parameters

type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.

Returns

Value of the attribute, or None if not present.

Return type

bytes

getTuple(type, /)

Retrieves all values of a specified attribute.

Parameters

type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.

Returns

All values collected in a tuple.

Return type

tuple

set(type, value, /)

Adds an attribute with the specified type and value. This overwrites previously existing values if present.

Parameters

  • type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.

  • value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.

clear(type, /)

Removes all attributes with the specified type.

Parameters

type (int|tuple) – Attribute type. If the parameter is a tuple, it should be interpreted as an attribute identifier. See Attribute identifiers.

isVSASet(vendor, vendor_type, /)

Verifies if a specified vendor-specific attribute is present.

Parameters

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

Return type

bool

getVSA(vendor, vendor_type, /)

Retrieves the value of a specified vendor-specific attribute.

Parameters

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

Returns

Value of the attribute, or None if not present.

Return type

bytes, None

getVSATuple(vendor, vendor_type, /)

Retrieves all values of a specified vendor-specific attribute.

Parameters

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

Returns

All values collected in a tuple.

Return type

tuple

setVSA(vendor, vendor_type, value, /)

Adds a vendor-specific attribute. If already present, the attribute is overwritten.

Parameters

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

  • value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.

clearVSA(vendor, vendor_type, /)

Removes all specified vendor-specific attributes.

Parameters

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

isExtSet(type, ext_type, /)

Verifies if a specified extended attribute is present.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • ext_type (int) – Extended type.

Return type

bool

getExt(type, ext_type, /)

Retrieves the value of a specified extended attribute.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • ext_type (int) – Extended type.

Returns

All values collected in a tuple.

Return type

tuple

getExtTuple(type, ext_type, /)

Retrieves all values of a specified extended attribute.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • ext_type (int) – Extended type.

Returns

All values collected in a tuple.

Return type

tuple

setExt(type, ext_type, value, /)

Adds an extended attribute. If already present, the attribute is overwritten.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • ext_type (int) – Extended type.

  • value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.

clearExt(type, ext_type, /)

Removes all specified extended attributes.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • ext_type (int) – Extended type.

isExtVSASet(type, vendor, vendor_type, /)

Verifies if a specified extended-vendor-specific attribute is present.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

Return type

bool

getExtVSA(type, vendor, vendor_type, /)

Retrieves the value of a specified extended-vendor-specific attribute.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

Returns

All values collected in a tuple.

Return type

tuple

getExtVSATuple(type, vendor, vendor_type, /)

Retrieves all values of a specified extended-vendor-specific attribute.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

Returns

All values collected in a tuple.

Return type

tuple

setExtVSA(type, vendor, vendor_type, value, /)

Adds an extended-vendor-specific attribute. If already present, the attribute is overwritten.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

  • value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.

clearExtVSA(type, vendor, vendor_type, /)

Removes all specified extended-vendor-specific attributes.

Parameters

  • type (int) – Type. Must be one of 241, 242, 243, 244, 245, 246.

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

getLongExtTuple(type, ext_type, /)

Retrieves all values of a specified long-extended attribute.

Deprecated

use getExtTuple() instead

Parameters

  • type (int) – Type. Must be one of 245, 246.

  • ext_type (int) – Extended type.

Returns

All values collected in a tuple.

Return type

tuple

setLongExt(type, ext_type, value, /)

Adds a long-extended attribute. If already present, the attribute is overwritten.

Deprecated

use setExt() instead

Parameters

  • type (int) – Type. Must be one of 245, 246.

  • ext_type (int) – Extended type.

  • value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.

getLongExtVSATuple(type, vendor, vendor_type, /)

Retrieves all values of a specified long-extended vendor-specific attribute.

Deprecated

use getExtVSATuple() instead

Parameters

  • type (int) – Type. Must be one of 245, 246.

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

Returns

All values collected in a tuple.

Return type

tuple

setLongExtVSA(type, vendor, vendor_type, value, /)

Adds a long-extended vendor-specific attribute. If already present, the attribute is overwritten.

Deprecated

use setExtVSA() instead

Parameters

  • type (int) – Type. Must be one of 245, 246.

  • vendor (int) – Vendor.

  • vendor_type (int) – Vendor type.

  • value (bytes|tuple) – Attribute value. If it is a tuple, multiple attributes with the same type are added, one for each item in the tuple.

Note

The following RADIUS attributes or VSAs are read-only:

  • Message-Authenticator (80)

  • Alc-LI-Action (26.6527.122)

  • Alc-LI-Destination (26.6527.123)

  • Alc-LI-FC (26.6527.124)

  • Alc-LI-Direction (26.6527.125)

  • Alc-LI-Intercept-Id (26.6527.138)

  • Alc-LI-Session-Id (26.6527.139)

Warning

All methods in alc.RadiusAttributes raise appropriate TypeError or ValueError messages in cases of invalid arguments. See Breaking changes for differences with the previous version.

Attribute iteration

The class alc.RadiusAttributes acts as an iterator over the attributes, yielding a tuple (identifier, value) for each attribute present.

import alc

print(list(alc.radius.attributes))
# [((8,), b'\xc0\xa8\x01\x14'), ((26, 6527, 9), b'\x08\x08\x08\x08'), ((26, 6527, 10), b'\x08\x08\x04\x04')]
for attr, value in alc.radius.attributes:
   dotted_number = ".".join(map(str, attr))
   print("{} = {}".format(dotted_number, value))
#8 = b'\xc0\xa8\x01\x14'
#26.6527.9 = b'\x08\x08\x08\x08'
#26.6527.10 = b\x08\x08\x04\x04'

Warning

The type of object returned by the iterator has changed between the Python 2 and Python 3 version of this module. See Breaking changes.

Attribute access

Besides the methods defined for the alc.Radius class, the attributes can also be fetched, set, and cleared using the container syntax of Python. The keys by which the attributes can be reached are the identifier tuples as described in Attribute identifiers. The values are tuples of bytes.

print(alc.radius.attributes[(8,)])
#(b'\xc0\xa8\x01\x14',)
print(alc.radius.attributes[(241, 26, 6527, 4)])
#()

Checking if an attribute is present can be done via the in operator.

print((8,) in alc.radius.attributes)
#True
print((241, 26, 6527, 4) in alc.radius.attributes)
#False

Adding or overwriting an attribute can be done by assigning a value to the indexed attributes object. When setting multiple values for an attribute, the value should be a tuple of bytes. When setting a single value for an attribute, the value can be a 1-tuple of bytes or the individual bytes.

alc.radius.attributes[(8,)] = b'\xc0\xa8\x01\x14'
alc.radius.attributes[(8,)] = (b'\xc0\xa8\x01\x14',)
alc.radius.attributes[(25,)] = (b'red', b'green', b'blue')

Clearing an attribute can be performed with the del operator.

del alc.radius.attributes[(8,)]

Attribute identifiers

Attribute identifiers as described in RFC 6929#section-2.7 can be used to target a specific attribute. They are specified in Python as a tuple of integers, where each item in the tuple corresponds to a number in the “dotted number” format.

Type

Name

Identifier

Python object

Normal

NAS-IP-Address

4

(4, )

Extended

Frag-Status

241.1

(241, 1)

Vendor-Specific

Alc-Subsc-Prof-Str

26.6527.12

(26, 6527, 12)

Extended-Vendor-Specific

Alc-PPPoE-Client-Service

241.26.6527.1

(241, 26, 6527, 1)

Breaking changes

Radius attribute iteration

Warning

With Python 2 API, the result of iterating over the alc.RadiusAttributes object returns tuples of length 3: (vendor, type, value), where vendor was set to 0 for regular attributes.

With Python 3, the iterator has been changed to return tuples of length 2: (identifier, value), where the identifier is itself a tuple as specified in Attribute identifiers, which uniquely identifies an attribute.

Radius invalid arguments

Warning

With Python 2 API, all functions on the alc.RadiusAttributes object fail silently when one of the arguments (type, vendor, ext-type, or vendor-type) is invalid.

With Python 3, a TypeError or ValueError exception is raised in cases of invalid arguments.

Radius attribute not present

Warning

With Python 2 API, all functions on the alc.RadiusAttributes object returning a single attribute (not the getTuple variants) return the empty bytes if the attribute is not present.

With Python 3, None is returned when the attribute is not present.