#  -*- text -*-
#
#
#  $Id: 651685abb6e85c473c0ac070a3b9331b21527fd4 $

######################################################################
#
#  = Originate CoA-Request packets
#
#  The server can originate Change of Authorization (CoA) or
#  Disconnect request packets.  These packets are used to dynamically
#  change the parameters of a users session (bandwidth, etc.), or
#  to forcibly disconnect the user.
#
#  There are some caveats.  Not all NAS vendors support this
#  functionality.  Even for the ones that do, it may be difficult to
#  find out what needs to go into a CoA-Request or Disconnect-Request
#  packet.  All we can suggest is to read the NAS documentation
#  available from the vendor.  That documentation SHOULD describe
#  what information their equipment needs to see in a CoA packet.
#
#  This information is usually a list of attributes such as:
#
#	NAS-IP-Address (or NAS-IPv6 address)
#	NAS-Identifier
#	User-Name
#	Acct-Session-Id
#
#  CoA packets can be originated when a normal Access-Request or
#  Accounting-Request packet is received.  Simply create a subrequest,
#  and call the `radius` module to send the packet.
#
#	subrequest Disconnect-Request {
#	       &User-Name = &parent.request.User-Name
#	       &Acct-Session-Id = &parent.request.Acct-Session-Id
#	       &NAS-IP-Address = &parent.NAS-IP-Address}
#	       ...
#	}
#
#  NOTE: This functionality is configured differently from v3.
#
######################################################################

#
#  This is an *example* virtual server.  It accepts `Accounting-Request`
#  packets.  It then sends a `Disconnect-Request` packet for every
#  `Accounting-Request` packet it receives.
#
#  You should NOT enable this virtual server.  Instead, use it as an
#  example, and copy the "subrequest" section to the virtual server
#  that is actually receiving `Accounting-Request` packets.
#
server originate-coa.example.com {
	namespace = radius

	#  Listen on the Accounting port.
	#
	listen {
		type = Accounting-Request
		transport = udp

		udp {
			ipaddr = *
			port = 1812
		}
	}

recv Accounting-Request {
	subrequest Disconnect-Request {
		#
		#  The subrequest begins empty, so copy all necessary
		#  attributes over.
		#
		&request.User-Name := &parent.request.User-Name
		&request.Acct-Session-Id := &parent.request.Acct-Session-Id
		&request.NAS-Identifier := &parent.request.NAS-Identifier
		&request.NAS-IP-Address := &parent.request.NAS-IP-Addres
		&request.NAS-IPv6-Address := &parent.request.NAS-IPv6-Address
		&request.NAS-Port := &parent.request.NAS-Port
		&request.Framed-IP-Address := &parent.request.Framed-IP-Address

		#
		#  Call the `radius` module to send a CoA packet.
		#
		#  Note that you MUST create an instance of the
		#  `radius` module, called "radius.coa" in order for
		#  this to work.
		#
		#  See the `radius` module for more documentation on
		#  how it works.
		#
		radius.coa

	}
}  # recv Accounting-Request

}
